Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

(elasticloadbalancingv2): Update rules for alb listener to have two or more actions

See original GitHub issue

Hi,

We have an application load balancer that is targeting a lambda. We want to update its listener’s rule to return fixed response 403 by default and forward actions to target group (of type lambda) if path is /test and method is post. This is doable via management console. With cdk and cloudformation template it throws error: Protocol cannot be specified for target groups with target type ‘lambda’

In management console we have this for listener:

Rule                condition                                              action
1                 IF: Http method is post                            THEN: Forward to target group
                      Path is /test
last              IF: Requests otherwise not routed                  THEN: Return fixed response 403

Reproduction Steps

    let target = new targets.LambdaTarget(this.lambda)
    let applicationLoadBalancerTargetGroup = new elb.ApplicationTargetGroup(this, 'GatewayTargetGroup', {
          port: 443,
          vpc: this.vpc,
          targets: [target]
     })
    let applicationLoadBalancerListener = this.applicationLoadBalancer.addListener('test', {
      port: 443,
      protocol: elb.Protocol.HTTPS,
      certificateArns: [this.cert], 
      defaultAction: elb.ListenerAction.fixedResponse(403, {
        contentType: elb.ContentType.APPLICATION_JSON,
        messageBody: 'Forbidden'
      })
    })
    let applicationLoadBalancerPathListenerRule = new elb.ApplicationListenerRule(this, 'PathListenerRule', {
      listener: applicationLoadBalancerListener,
      priority: 1,
      conditions:[
        elb.ListenerCondition.httpRequestMethods(['POST']),
        elb.ListenerCondition.pathPatterns(['/test'])
      ],
      action: elb.ListenerAction.forward([applicationLoadBalancerTargetGroup])
  })

What did you expect to happen?

To be able to update rules same as what is doable in management console

What actually happened?

cloudformation stack failed with: Protocol cannot be specified for target groups with target type ‘lambda’

I understand according to this https://docs.aws.amazon.com/cdk/api/latest/docs/aws-elasticloadbalancingv2-readme.html#protocol-for-load-balancer-targets seems like creating application target group is only limited to instance type or ip. If that is the case here, is there a workaround to be able to do this in cdk?

Environment

CDK CLI Version : 1.68.0
Node.js Version: v13.6.0
OS : macOS Mojave version 10.14.6
Language (Version): TypeScript

Other

This is 🐛 Bug Report

Issue Analytics

State:
Created 3 years ago
Reactions:3
Comments:12 (5 by maintainers)

Top GitHub Comments

2reactions

corymhallcommented, Feb 18, 2022

@afsanehr this should work as long as you don’t provide port when creating your target group. I have a PR open to add some validation around this behavior.

let applicationLoadBalancerTargetGroup = new elb.ApplicationTargetGroup(this, 'GatewayTargetGroup', {
          vpc: this.vpc,
          targets: [target]
     })

1reaction

NGL321commented, Feb 19, 2021

Okay, I was finally able to reproduce.

My initial assessment was very wrong 🤦. The problem here is that the prop protocol in ApplicationListener cannot presently be specified for Lambda function targets. The exception is being generated by the Elastic Load Balancer API rather than the CDK.

The biggest problem here is that the parameter is forced into the template. If left blank, it is automatically assigned based on port: https://github.com/aws/aws-cdk/blob/f92b65e2a158f918d8f05132ed12a4bb85228997/packages/%40aws-cdk/aws-elasticloadbalancingv2/lib/alb/application-listener.ts#L186 https://github.com/aws/aws-cdk/blob/f92b65e2a158f918d8f05132ed12a4bb85228997/packages/%40aws-cdk/aws-elasticloadbalancingv2/lib/shared/util.ts#L60

There are two possibilities here: either it is intended behavior of ELBv2 and we need to stop forcing protocol, OR it is a bug in the API.

I have cut an internal ticket to the team to determine this. Unfortunately I am not aware of a workaround atm, but I will update this ticket as soon as I hear from the team.

😸 😷

Top Results From Across the Web

Listener rules for your Application Load Balancer

Learn how to update the rules that your Application Load Balancer uses to route ... Each rule consists of a priority, one or...

ExAws.ElasticLoadBalancingV2 - HexDocs

Describes the specified rules or the rules for the specified listener ... If a resource already has a tag with the same key,...

Trying add multiple listener rules to listener via separate ...

I have a loadbalancer sitting infront of them that routes traffic based on the path. Each path needs route to a separate targetGroup...

ElasticLoadBalancingv2 — Boto3 Docs 1.26.36 documentation

This value is required for rules with multiple actions. The action with the lowest value for order is performed first. RedirectConfig (dict) --....

@aws-cdk/aws-elasticloadbalancingv2 - npm

Convenience methods and more complex Actions · Routing stickiness: use ListenerAction. · Weighted Target Groups: use ListenerAction. · Fixed Responses: use ...