我正在尝试在CloudFormation中创建一个应用程序负载均衡器,其目标组将流量转发到EC2实例。这是相关的代码段,其中ELBSubnet,ECSCluster,taskdefinition和VpcId作为参数传递:

"EcsElasticLoadBalancer" : {
  "Type" : "AWS::ElasticLoadBalancingV2::LoadBalancer",
  "Properties" : {
    "Subnets" : { "Ref" : "ELBSubnets" },
    "SecurityGroups": [
      { "Ref": "ELBAccessSecurityGroup" }
    ]
  }
},
"LoadBalancerListener": {
  "Type": "AWS::ElasticLoadBalancingV2::Listener",
  "Properties": {
    "DefaultActions": [{
      "Type": "forward",
      "TargetGroupArn": { "Ref": "TargetGroup" }
    }],
    "LoadBalancerArn": { "Ref": "EcsElasticLoadBalancer" },
    "Port": 80,
    "Protocol": "HTTP"
  }
},
"TargetGroup": {
  "Type": "AWS::ElasticLoadBalancingV2::TargetGroup",
  "Properties": {
    "Name": { "Fn::Join": [ "-", [ { "Ref": "AWS::StackName" }, "TargetGroup" ] ] },
    "Port": 80,
    "Protocol": "HTTP",
    "VpcId": { "Ref": "VpcId" }
  },
  "DependsOn": [ "EcsElasticLoadBalancer" ]
},
"service": {
  "Type": "AWS::ECS::Service",
  "Properties" : {
    "Cluster": { "Ref": "ECSCluster" },
    "DesiredCount": "1",
    "LoadBalancers": [
      {
        "ContainerName": "main-app",
        "ContainerPort": 3000,
        "TargetGroupArn": { "Ref": "TargetGroup" }
      }
    ],
    "Role" : {"Ref":"ECSServiceRole"},
    "TaskDefinition" : {"Ref":"taskdefinition"}
  }
},
"ECSServiceRole": {
  "Type": "AWS::IAM::Role",
  "Properties": {
    "AssumeRolePolicyDocument": {
      "Statement": [
        {
          "Effect": "Allow",
          "Principal": {
            "Service": [
              "ecs.amazonaws.com"
            ]
          },
          "Action": [
            "sts:AssumeRole"
          ]
        }
      ]
    },
    "Path": "/",
    "Policies": [
      {
        "PolicyName": "ecs-service",
        "PolicyDocument": {
          "Statement": [
            {
              "Effect": "Allow",
              "Action": [
                "elasticloadbalancing:Describe*",
                "elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
                "elasticloadbalancing:RegisterInstancesWithLoadBalancer",
                "ec2:Describe*",
                "ec2:AuthorizeSecurityGroupIngress"
              ],
              "Resource": "*"
            }
          ]
        }
      }
    ]
  }
}

创建服务时出现以下错误:



我想念什么?在文档中,似乎没有一种为目标组指定负载均衡器的方法。

最佳答案

正常工作-问题是双重的:

  • 角色PolicyDocument中缺少以下几行:
  • "elasticloadbalancing:DeregisterTargets"
  • "elasticloadbalancing:RegisterTargets"
  • 该服务需要"DependsOn": [ "LoadBalancerListener" ]作为附加属性。

  • 更新后的模板如下所示:

    "EcsElasticLoadBalancer" : {
      "Type" : "AWS::ElasticLoadBalancingV2::LoadBalancer",
      "Properties" : {
        "Subnets" : { "Ref" : "ELBSubnets" },
        "SecurityGroups": [
          { "Ref": "ELBAccessSecurityGroup" }
        ]
      }
    },
    "LoadBalancerListener": {
      "Type": "AWS::ElasticLoadBalancingV2::Listener",
      "Properties": {
        "DefaultActions": [{
          "Type": "forward",
          "TargetGroupArn": { "Ref": "TargetGroup" }
        }],
        "LoadBalancerArn": { "Ref": "EcsElasticLoadBalancer" },
        "Port": 80,
        "Protocol": "HTTP"
      }
    },
    "TargetGroup": {
      "Type": "AWS::ElasticLoadBalancingV2::TargetGroup",
      "Properties": {
        "Name": { "Fn::Join": [ "-", [ { "Ref": "AWS::StackName" }, "TargetGroup" ] ] },
        "Port": 80,
        "Protocol": "HTTP",
        "VpcId": { "Ref": "VpcId" }
      },
      "DependsOn": [ "EcsElasticLoadBalancer" ]
    },
    "service": {
      "Type": "AWS::ECS::Service",
      "DependsOn": [ "LoadBalancerListener" ],
      "Properties" : {
        "Cluster": { "Ref": "ECSCluster" },
        "DesiredCount": "1",
        "LoadBalancers": [
          {
            "ContainerName": "main-app",
            "ContainerPort": 3000,
            "TargetGroupArn": { "Ref": "TargetGroup" }
          }
        ],
        "Role" : {"Ref":"ECSServiceRole"},
        "TaskDefinition" : {"Ref":"taskdefinition"}
      }
    },
    "ECSServiceRole": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Statement": [
            {
              "Effect": "Allow",
              "Principal": {
                "Service": [
                  "ecs.amazonaws.com"
                ]
              },
              "Action": [
                "sts:AssumeRole"
              ]
            }
          ]
        },
        "Path": "/",
        "Policies": [
          {
            "PolicyName": "ecs-service",
            "PolicyDocument": {
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "elasticloadbalancing:Describe*",
                    "elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
                    "elasticloadbalancing:RegisterInstancesWithLoadBalancer",
                    "ec2:Describe*",
                    "ec2:AuthorizeSecurityGroupIngress",
                    "elasticloadbalancing:DeregisterTargets",
                    "elasticloadbalancing:RegisterTargets"
                  ],
                  "Resource": "*"
                }
              ]
            }
          }
        ]
      }
    }
    

    08-07 13:53