目标组的创建失败,因为它与LoadBalancer无关。但我明确地使用参数传递它......这可能是一个政策问题吗?
AWSTemplateFormatVersion: 2010-09-09
Description: CF template for Service.
Parameters:
ClusterArn:
Type: String
Description: The Cluster ARN in which to launch the service.
VPCId:
Type: AWS::EC2::VPC::Id
Description: The VPC Id in which the service will be launched.
FrontEndALBHTTPListenerArn:
Type: String
Description: The listener Arn for the back-end service type.
ALBHostedZoneId:
Type: String
Description: The HZ to add the DNS Record.
LoadBalancerDNSName:
Type: String
Description: Load balancer DNS Name.
Resources:
CustomerHTTPListerRule:
Type: AWS::ElasticLoadBalancingV2::ListenerRule
Properties:
Actions:
- Type: forward
TargetGroupArn:
!Ref FrontEndBackEndHTTPTargetGroup
Conditions:
- Field: host-header
Values:
- customer.services.company.com
Priority: 5
ListenerArn: !Ref FrontEndALBHTTPListenerArn
# Task Definition
FrontEndTaskDefinition:
Type: AWS::ECS::TaskDefinition
Properties:
NetworkMode: bridge
Family: front-end
ContainerDefinitions:
-
Name: front-end
Image: 'xxx.xxx.ecr.xxx.amazonaws.com/frontend'
Memory: 128
PortMappings:
-
ContainerPort: 80
HostPort: 0
Essential: true
Environment:
- Name: ENVIRONMENT
Value: test
# Service Definition
FrontEndServiceDefinition:
Type: AWS::ECS::Service
Properties:
Cluster: !Ref ClusterArn
DeploymentConfiguration:
MinimumHealthyPercent: 50
MaximumPercent: 200
DesiredCount: 1
HealthCheckGracePeriodSeconds: 30
LaunchType: EC2
TaskDefinition: !Ref FrontEndTaskDefinition
ServiceName: Customer
PlacementStrategies:
- Type: spread
Field: instanceId
LoadBalancers:
-
ContainerName: front-end
ContainerPort: 80
TargetGroupArn: !Ref FrontendHTTPTargetGroup
DependsOn: FrontendHTTPTargetGroup
# front-end Target Group
FrontendBackEndHTTPTargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
HealthCheckIntervalSeconds: 5
HealthCheckPath: '/health'
HealthCheckProtocol: HTTP
HealthCheckTimeoutSeconds: 3
HealthyThresholdCount: 3
UnhealthyThresholdCount: 2
Matcher:
HttpCode: 200
Name: front-end
Port: 80
Protocol: HTTP
Tags:
- Key: Name
Value: front-end
TargetGroupAttributes:
- Key: deregistration_delay.timeout_seconds
Value: 10
TargetType: instance
VpcId: !Ref VPCId
这是附加到堆栈的策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action":
"ec2:DescribeInstances",
"ec2:DescribeAddresses",
"ec2:DescribeRegions",
"ec2:DescribeSnapshots",
"ecs:DescribeTaskDefinition",
"ecs:DeregisterTaskDefinition",
"ecs:CreateService",
"ec2:DescribeVolumeStatus",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeNetworkInterfaceAttribute",
"ecs:RegisterTaskDefinition",
"ec2:DescribeVolumes",
"ecs:DescribeServices",
"ec2:DescribeNetworkInterfacePermissions",
"ec2:DescribeKeyPairs",
"ec2:DescribeNetworkAcls",
"ec2:DescribeRouteTables",
"ec2:DescribeCustomerGateways",
"ec2:DescribeVpcEndpointConnectionNotifications",
"ec2:DescribeSecurityGroups",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets",
"ec2:DescribeVpc*",
"route53:ListHostedZones",
"route53:ChangeResourceRecordSets",
"route53:ListResourceRecordSets",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:CreateListener",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:CreateRule",
"elasticloadbalancing:DeleteRule",
"elasticloadbalancing:ModifyTargetGroupAttributes",
"elasticloadbalancing:CreateTargetGroup",
"elasticloadbalancing:ModifyTargetGroup",
"elasticloadbalancing:ModifyRule",
"elasticloadbalancing:AddTags",
"elasticloadbalancing:DescribeTargetHealth",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeLoadBalancerAttributes",
"elasticloadbalancing:DeleteTargetGroup",
"elasticloadbalancing:DescribeTargetGroupAttributes"
"elasticloadbalancing:DeregisterTargets",
"elasticloadbalancing:RegisterTargets",
"elasticloadbalancing:ModifyListener"
],
"Resource": "*"
}
]
}
拥有完全管理员权限,它可以毫无问题地创建堆栈。
我错过了一项政策,依赖吗?
这可能与Creating an ALB Target Group in CloudFormation有关,但我没有在此堆栈中定义ALB。
我在您的CloudFormation模板中看不到任何将目标组链接到负载均衡器的内容。
在查看AWS::ElasticLoadBalancingV2::TargetGroup - AWS CloudFormation时,看起来TargetGroup通过Listener
链接到Load Balancer:
ALBListener:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
DefaultActions:
Type: forward
TargetGroupArn:
Ref: ALBTargetGroup <--- Here!
LoadBalancerArn:
Ref: ApplicationLoadBalancer <--- Here!
Port: 80
Protocol: HTTP
问题是监听器和服务创建之间的竞争条件:在监听器仍在进行或刚刚创建时创建了服务。在服务上添加dependson
指令解决了该问题。