使用AWS re:Post即您表示您同意 AWS re:Post 使用条款
AWS re:Postre:Post

Error when create a stack on CloudFormation using a yaml file : Resource handler returned message: "If the target type is ALB, the target must have at least one listener that matches the target group

0

Hi team, I'm trying to use a yaml file to create resources on my aws instance. When creating stack using attached yaml file, i receive this error : Resource handler returned message: "If the target type is ALB, the target must have at least one listener that matches the target group port or any specified port overrides (Service: ElasticLoadBalancingV2, Status Code: 400, Request ID: 503838d2-e0c0-4a46-9174-da5e2565890f)" (RequestToken: ec35aaf5-3986-da2a-1e66-c3d71310c68b, HandlerErrorCode: GeneralServiceException)

Logical ID= SFPrvConnectNLBTgtGrp

yaml file:

*AWSTemplateFormatVersion: 2010-09-09

Parameters:

vpc ID

CustomerVPCId: Type: String Description: 'Enter the VPC Id to create resources in.'

Private subnets to host resources

PrivateSubnetId1: Type: String Description: 'Enter the first private subnet Id' PrivateSubnetId2: Type: String Description: 'Enter the second private subnet Id'

SF IAM Prinicpal ARN

SFSrcArn: Type: String Description: Enter the Salesforce IAM ARN.

Resources:

#VPC endpoint service permissions SFPrvConnectVPCEPerms: Type: AWS::EC2::VPCEndpointServicePermissions Properties: AllowedPrincipals: - !Ref SFSrcArn ServiceId: !Ref SFPrvConnectVPCE DependsOn: SFPrvConnectVPCE

#SecurityGroup-ingress rules SFPrvConnectALBSecGrpIngressRules: Type: AWS::EC2::SecurityGroupIngress Properties: GroupId: !Ref SFPrvConnectALBSecGrp CidrIp: '0.0.0.0/0' Description: 'Allow inbound http traffic from IP any' FromPort: 80 IpProtocol: 'tcp' ToPort: 80 DependsOn: SFPrvConnectALBSecGrp

#SecurityGroup-egress rules SFPrvConnectALBSecGrpEgressRules: Type: AWS::EC2::SecurityGroupEgress Properties: GroupId: !Ref SFPrvConnectALBSecGrp CidrIp: '0.0.0.0/0' Description: 'Allows all outbound traffic' FromPort: 1 IpProtocol: '-1' ToPort: 65535 DependsOn: SFPrvConnectALBSecGrp

#SecurityGroup-for ALB SFPrvConnectALBSecGrp: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: 'SG attached to private connect ALB. allows http traffic.' GroupName: 'prvConnect-alb-sg' VpcId: !Ref CustomerVPCId

#ALB listener on port 80 forwarding to ALB target grp SFPrvConnectALBListener: Type: AWS::ElasticLoadBalancingV2::Listener Properties: DefaultActions: - TargetGroupArn: !Ref SFPrvConnectALBTgtGrp Type: 'forward' LoadBalancerArn: !Ref SFPrvConnectEC2ALB Port: 80 Protocol: 'HTTP' DependsOn: SFPrvConnectALBTgtGrp

#NLB listener on port 80 forwarding to NLB target grp SFPrvConnectNLBListener: Type: AWS::ElasticLoadBalancingV2::Listener Properties: DefaultActions: - TargetGroupArn: !Ref SFPrvConnectNLBTgtGrp Type: 'forward' LoadBalancerArn: !Ref SFPrvConnectNLB Port: 80 Protocol: 'TCP' DependsOn: SFPrvConnectNLBTgtGrp

#ALB-TargetGroup - routes traffic to EC2 SFPrvConnectALBTgtGrp: Type: AWS::ElasticLoadBalancingV2::TargetGroup Properties: HealthCheckEnabled: 'true' IpAddressType: 'ipv4' Name: 'SFPrvConnectALBTgtGrp' Port: 80 Protocol: 'HTTP' TargetType: 'ip' VpcId: !Ref CustomerVPCId DependsOn: SFPrvConnectEC2ALB

#NLB-TargetGroup - routes traffic to an ALB SFPrvConnectNLBTgtGrp: Type: AWS::ElasticLoadBalancingV2::TargetGroup Properties: IpAddressType: 'ipv4' Name: 'SFPrvConnectNLBTgtGrp' Port: 80 Protocol: 'TCP' Targets: - Id: !Ref SFPrvConnectEC2ALB Port: 80 TargetType: 'alb' VpcId: !Ref CustomerVPCId DependsOn: SFPrvConnectNLB

#NLB SFPrvConnectNLB: Type: AWS::ElasticLoadBalancingV2::LoadBalancer Properties: IpAddressType: 'ipv4' LoadBalancerAttributes: - Key: load_balancing.cross_zone.enabled Value: 'true' Name: 'SFPrivateConnect-demo-nlb' Scheme: 'internal' Subnets: - !Ref PrivateSubnetId1 - !Ref PrivateSubnetId2 Type: 'network'

#ALB-EC2 SFPrvConnectEC2ALB: Type: AWS::ElasticLoadBalancingV2::LoadBalancer Properties: IpAddressType: 'ipv4' SecurityGroups: - Fn::GetAtt: SFPrvConnectALBSecGrp.GroupId Name: 'SFPrivateConnect-demo-alb' Scheme: 'internal' Subnets: - !Ref PrivateSubnetId1 - !Ref PrivateSubnetId2 Type: 'application' DependsOn: SFPrvConnectALBSecGrp

#VPC-Endpoint SFPrvConnectVPCE: Type: AWS::EC2::VPCEndpointService Properties: AcceptanceRequired: 'false' NetworkLoadBalancerArns: - !Ref SFPrvConnectNLB DependsOn: SFPrvConnectNLB

Outputs:

SFVPCEndpointID: Description: "The privateLink VPC endpoint service ID" Value: !Ref SFPrvConnectVPCE

SFNLBDNSName: Description: 'URL for the Network Load Balancer assigned to the VPC endpoint.' Value: !GetAtt SFPrvConnectNLB.DNSName*

  • Andrii S 专家
    7 个月前

    Hello. Could you please clarify what you are trying to do if I understand you are trying to connect nlb with alb?

主题
管理与治理
标签
AWS CloudFormation
语言
English
Salva
已提问 7 个月前387 查看次数
3 回答
0
已接受的回答

That's great ! Thanks, it is the solution.

Salva
已回答 7 个月前
0

yes this is want I want to do

Salva
已回答 7 个月前
0

The error might be since the NLB Target Group(SFPrvConnectNLBTgtGrp) is getting created before ALB Listener (SFPrvConnectALBListener) gets created on the stack. When this happens NLB Target Group creation fails, since there is no ALB Listener available yet.

To avoid this add a DependsOn on the SFPrvConnectNLBTgtGrp Resource, so that it waits for SFPrvConnectALBListener to get created successfully and only then starts creation of SFPrvConnectNLBTgtGrp.

Adding the DependsOn would look like this:

  # NLB-TargetGroup - routes traffic to an ALB
  SFPrvConnectNLBTgtGrp:
    DependsOn: 
     - SFPrvConnectALBListener
     - SFPrvConnectNLB
    Type: AWS::ElasticLoadBalancingV2::TargetGroup
    Properties:
      IpAddressType: 'ipv4'
      Name: 'SFPrvConnectNLBTgtGrp'
......
......

Hope this helps.

AWS
支持工程师
Ruchir_S
已回答 7 个月前
profile picture
专家
Sedat Salman
已审核 7 个月前

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则

相关内容