(elasticloadbalancingv2): Update rules for alb listener to have two or more actions #12514
Comments
afsanehr
added
bug
github-actions
bot
added
the
@aws-cdk/aws-elasticloadbalancingv2
|
For me the error is different: |
|
Hey @afsanehr, Thanks for reporting this. Your error message and the way you structured makes me think this is one of two possible problems. The first possibility I see is that you are passing the lambda function incorrectly to let target = new targets.LambdaTarget(FUNCTION_GOES_HERE);The error message I attempted to reproduce, and I was unable to see your described behavior. What I did see is that in your code The other possibility is that there is a bug in our ELBv2 library. To better understand this it would be helpful to know what line specifically is throwing your exception as well as seeing the variables referenced but not shown (this.cert, this.applicationLoadBalancer, this.lambda). 😸 😷 |
NGL321
added
response-requested
|
Hi @NGL321, thanks for the quick turnaround :) I am passing the following to the lambdaTargets this.lambda = new lambda.Function(this, 'lambda', {
runtime: lambda.Runtime.PYTHON_2_7,
code: lambda.Code.fromBucket(s3Bucket, this.artifactoryKey),
handler: 'testLambda.lambda_handler',
timeout: cdk.Duration.seconds(300)
})I also updated the elb.Protocol.HTTPS to elb.ApplicationProtocol.HTTPS same result this.lambda = new lambda.Function(this, 'lambda', {
runtime: lambda.Runtime.PYTHON_2_7,
code: lambda.Code.fromBucket(s3Bucket, this.artifactoryKey),
handler: 'testLambda.lambda_handler',
timeout: cdk.Duration.seconds(300)
})
let target = new targets.LambdaTarget(this.lambda)
let applicationLoadBalancerTargetGroup = new elb.ApplicationTargetGroup(this, 'GatewayTargetGroup', {
port: 443,
vpc: this.vpc,
targets: [target]
})
this.applicationLoadBalancer = new elb.ApplicationLoadBalancer(this, 'GatewayALB', {
vpc: this.vpc,
internetFacing: false,
vpcSubnets: this.vpc.isolatedSubnets,
securityGroup: this.securityGroup
})
let applicationLoadBalancerListener = this.applicationLoadBalancer.addListener('test', {
port: 443,
protocol: elb.ApplicationProtocol.HTTPS,
certificateArns: [this.certArn],
defaultAction: elb.ListenerAction.fixedResponse(403, {
contentType: elb.ContentType.APPLICATION_JSON,
messageBody: 'Forbidden'
})
})
let applicationLoadBalancerPathListenerRule = new elb.ApplicationListenerRule(this, 'PathListenerRule', {
listener: applicationLoadBalancerListener,
priority: 1,
conditions:[
elb.ListenerCondition.httpRequestMethods(['POST']),
elb.ListenerCondition.pathPatterns(['/test'])
],
action: elb.ListenerAction.forward([applicationLoadBalancerTargetGroup])
})Another note is that the stack with the generated cloud formation template fails at GatewayTargetGroup creation with the error mentioned. When you say you couldn't replicate the issue, did the stack generation pass for you? I tried commenting everything after the ApplicationTargetGroup and the stack still fails. |
NGL321
added
investigating
|
Hi @NGL321 was wondering if there is any update on this issue? Thanks! |
|
Hey @afsanehr, Sorry for the delay. I have, as of yet, still been unable to reproduce your described behavior, despite using an identical stack. Unsure of what is causing this. I have one more thing to try, and will report if that fails to reproduce the failure. From what I can tell at the moment, this is not an issue with generating the template as |
|
Okay, I was finally able to reproduce. My initial assessment was very wrong 🤦. The problem here is that the prop The biggest problem here is that the parameter is forced into the template. If left blank, it is automatically assigned based on port: There are two possibilities here: either it is intended behavior of ELBv2 and we need to stop forcing protocol, OR it is a bug in the API. I have cut an internal ticket to the team to determine this. Unfortunately I am not aware of a workaround atm, but I will update this ticket as soon as I hear from the team. 😸 😷 |
|
Thanks for the update @NGL321, appreciate it 😄 |
NGL321
removed
the
investigating
|
@afsanehr |
|
Hi @NGL321, is there a possible workaround (in CDK) for this issue? My problem is in a NetworkTargetGroup: Protocol is either specified or default to TCP. Edit: a workaround is using cfn_target_group = target_group.node.default_child
cfn_target_group.add_property_deletion_override("Protocol")
cfn_target_group.add_property_deletion_override("Port") |
|
@afsanehr this should work as long as you don't provide port when creating your target group. I have a PR open to add some validation around this behavior. let applicationLoadBalancerTargetGroup = new elb.ApplicationTargetGroup(this, 'GatewayTargetGroup', {
vpc: this.vpc,
targets: [target]
}) |
…for lambda targets (#19043) When creating a target group with the targetType = `LAMBDA` you should not provide the port or protocol. If protocol is provided then CloudFormation will throw an error message. If you provide the port to CDK, CDK will figure out and provide the protocol as well. This PR adds validation and throws an error if either port or protocol is provided when the target type is Lambda. fixes #12514 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
|
…for lambda targets (aws#19043) When creating a target group with the targetType = `LAMBDA` you should not provide the port or protocol. If protocol is provided then CloudFormation will throw an error message. If you provide the port to CDK, CDK will figure out and provide the protocol as well. This PR adds validation and throws an error if either port or protocol is provided when the target type is Lambda. fixes aws#12514 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
helloyou must define somewhere both protocol and port when using non-lambda targets or you'll get this error
in my case i am using alb, more info on docs they tell you that:
if someone got this error with ALB
Got this error with alb listeners "80" & "443" forwarding to "ecs service" inside of an Application Target Group, then if you add redirects from 80 to 443 fine, but for elb redirect from www to non-www in 443 listener, got that error. a simple workaround is to double check the elbv2.ListenerAction.redirect parameters, try first using only host redirect then add 1 by 1 until you validate it. SNIPPET main_listener.add_action( # REDIRECT EVERYTHING WWW. TO NON-WWW
"redirectWwwToNonWwwAction",
conditions=[
elbv2.ListenerCondition.host_headers(
values=[f"www.{airflows_host}"]
)
],
action=elbv2.ListenerAction.redirect(host=airflows_host),
priority=1,
) |
Hi,
We have an application load balancer that is targeting a lambda. We want to update its listener's rule to return fixed response 403 by default and forward actions to target group (of type lambda) if path is /test and method is post.
This is doable via management console.
With cdk and cloudformation template it throws error:
Protocol cannot be specified for target groups with target type 'lambda'
In management console we have this for listener:
Reproduction Steps
What did you expect to happen?
To be able to update rules same as what is doable in management console
What actually happened?
cloudformation stack failed with: Protocol cannot be specified for target groups with target type 'lambda'
I understand according to this https://docs.aws.amazon.com/cdk/api/latest/docs/aws-elasticloadbalancingv2-readme.html#protocol-for-load-balancer-targets
seems like creating application target group is only limited to instance type or ip. If that is the case here, is there a workaround to be able to do this in cdk?
Environment
Other
This is 🐛 Bug Report
The text was updated successfully, but these errors were encountered: