By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Error when create a stack on CloudFormation using a yaml file : Resource handler returned message: "If the target type is ALB, the target must have at least one listener that matches the target group

0

Hi team, I'm trying to use a yaml file to create resources on my aws instance. When creating stack using attached yaml file, i receive this error : Resource handler returned message: "If the target type is ALB, the target must have at least one listener that matches the target group port or any specified port overrides (Service: ElasticLoadBalancingV2, Status Code: 400, Request ID: 503838d2-e0c0-4a46-9174-da5e2565890f)" (RequestToken: ec35aaf5-3986-da2a-1e66-c3d71310c68b, HandlerErrorCode: GeneralServiceException)

Logical ID= SFPrvConnectNLBTgtGrp

yaml file:

*AWSTemplateFormatVersion: 2010-09-09

Parameters:

vpc ID

CustomerVPCId: Type: String Description: 'Enter the VPC Id to create resources in.'

Private subnets to host resources

PrivateSubnetId1: Type: String Description: 'Enter the first private subnet Id' PrivateSubnetId2: Type: String Description: 'Enter the second private subnet Id'

SF IAM Prinicpal ARN

SFSrcArn: Type: String Description: Enter the Salesforce IAM ARN.

Resources:

#VPC endpoint service permissions SFPrvConnectVPCEPerms: Type: AWS::EC2::VPCEndpointServicePermissions Properties: AllowedPrincipals: - !Ref SFSrcArn ServiceId: !Ref SFPrvConnectVPCE DependsOn: SFPrvConnectVPCE

#SecurityGroup-ingress rules SFPrvConnectALBSecGrpIngressRules: Type: AWS::EC2::SecurityGroupIngress Properties: GroupId: !Ref SFPrvConnectALBSecGrp CidrIp: '0.0.0.0/0' Description: 'Allow inbound http traffic from IP any' FromPort: 80 IpProtocol: 'tcp' ToPort: 80 DependsOn: SFPrvConnectALBSecGrp

#SecurityGroup-egress rules SFPrvConnectALBSecGrpEgressRules: Type: AWS::EC2::SecurityGroupEgress Properties: GroupId: !Ref SFPrvConnectALBSecGrp CidrIp: '0.0.0.0/0' Description: 'Allows all outbound traffic' FromPort: 1 IpProtocol: '-1' ToPort: 65535 DependsOn: SFPrvConnectALBSecGrp

#SecurityGroup-for ALB SFPrvConnectALBSecGrp: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: 'SG attached to private connect ALB. allows http traffic.' GroupName: 'prvConnect-alb-sg' VpcId: !Ref CustomerVPCId

#ALB listener on port 80 forwarding to ALB target grp SFPrvConnectALBListener: Type: AWS::ElasticLoadBalancingV2::Listener Properties: DefaultActions: - TargetGroupArn: !Ref SFPrvConnectALBTgtGrp Type: 'forward' LoadBalancerArn: !Ref SFPrvConnectEC2ALB Port: 80 Protocol: 'HTTP' DependsOn: SFPrvConnectALBTgtGrp

#NLB listener on port 80 forwarding to NLB target grp SFPrvConnectNLBListener: Type: AWS::ElasticLoadBalancingV2::Listener Properties: DefaultActions: - TargetGroupArn: !Ref SFPrvConnectNLBTgtGrp Type: 'forward' LoadBalancerArn: !Ref SFPrvConnectNLB Port: 80 Protocol: 'TCP' DependsOn: SFPrvConnectNLBTgtGrp

#ALB-TargetGroup - routes traffic to EC2 SFPrvConnectALBTgtGrp: Type: AWS::ElasticLoadBalancingV2::TargetGroup Properties: HealthCheckEnabled: 'true' IpAddressType: 'ipv4' Name: 'SFPrvConnectALBTgtGrp' Port: 80 Protocol: 'HTTP' TargetType: 'ip' VpcId: !Ref CustomerVPCId DependsOn: SFPrvConnectEC2ALB

#NLB-TargetGroup - routes traffic to an ALB SFPrvConnectNLBTgtGrp: Type: AWS::ElasticLoadBalancingV2::TargetGroup Properties: IpAddressType: 'ipv4' Name: 'SFPrvConnectNLBTgtGrp' Port: 80 Protocol: 'TCP' Targets: - Id: !Ref SFPrvConnectEC2ALB Port: 80 TargetType: 'alb' VpcId: !Ref CustomerVPCId DependsOn: SFPrvConnectNLB

#NLB SFPrvConnectNLB: Type: AWS::ElasticLoadBalancingV2::LoadBalancer Properties: IpAddressType: 'ipv4' LoadBalancerAttributes: - Key: load_balancing.cross_zone.enabled Value: 'true' Name: 'SFPrivateConnect-demo-nlb' Scheme: 'internal' Subnets: - !Ref PrivateSubnetId1 - !Ref PrivateSubnetId2 Type: 'network'

#ALB-EC2 SFPrvConnectEC2ALB: Type: AWS::ElasticLoadBalancingV2::LoadBalancer Properties: IpAddressType: 'ipv4' SecurityGroups: - Fn::GetAtt: SFPrvConnectALBSecGrp.GroupId Name: 'SFPrivateConnect-demo-alb' Scheme: 'internal' Subnets: - !Ref PrivateSubnetId1 - !Ref PrivateSubnetId2 Type: 'application' DependsOn: SFPrvConnectALBSecGrp

#VPC-Endpoint SFPrvConnectVPCE: Type: AWS::EC2::VPCEndpointService Properties: AcceptanceRequired: 'false' NetworkLoadBalancerArns: - !Ref SFPrvConnectNLB DependsOn: SFPrvConnectNLB

Outputs:

SFVPCEndpointID: Description: "The privateLink VPC endpoint service ID" Value: !Ref SFPrvConnectVPCE

SFNLBDNSName: Description: 'URL for the Network Load Balancer assigned to the VPC endpoint.' Value: !GetAtt SFPrvConnectNLB.DNSName*

  • Andrii S EXPERT
    6 months ago

    Hello. Could you please clarify what you are trying to do if I understand you are trying to connect nlb with alb?

Topics
Management & Governance
Tags
AWS CloudFormation
Language
English
Salva
asked 6 months ago350 views
3 Answers
0
Accepted Answer

That's great ! Thanks, it is the solution.

Salva
answered 6 months ago
0

yes this is want I want to do

Salva
answered 6 months ago
0

The error might be since the NLB Target Group(SFPrvConnectNLBTgtGrp) is getting created before ALB Listener (SFPrvConnectALBListener) gets created on the stack. When this happens NLB Target Group creation fails, since there is no ALB Listener available yet.

To avoid this add a DependsOn on the SFPrvConnectNLBTgtGrp Resource, so that it waits for SFPrvConnectALBListener to get created successfully and only then starts creation of SFPrvConnectNLBTgtGrp.

Adding the DependsOn would look like this:

  # NLB-TargetGroup - routes traffic to an ALB
  SFPrvConnectNLBTgtGrp:
    DependsOn: 
     - SFPrvConnectALBListener
     - SFPrvConnectNLB
    Type: AWS::ElasticLoadBalancingV2::TargetGroup
    Properties:
      IpAddressType: 'ipv4'
      Name: 'SFPrvConnectNLBTgtGrp'
......
......

Hope this helps.

AWS
SUPPORT ENGINEER
Ruchir_S
answered 6 months ago
profile picture
EXPERT
Sedat Salman
reviewed 6 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content