Terraform 将负载均衡器侦听器附加到 Elastic Beanstalk 负载均衡器。不是有效的负载均衡器 ARN
我正在尝试将 SSL 证书附加到通过 terraform 创建并在启动时附加的 Elastic Beanstalk 负载均衡器。正在启动的 EBS 环境将是一个 Web api,这就是为什么我需要将 https ssl 证书附加到环境中,因为我想根据命令向上/向下旋转它,而不必每次都手动将其附加到服务。
我所做的是下面的代码,但我不断收到错误:
Error: error creating ELBv2 Listener (arn:aws:elasticloadbalancing:us-east-1:profile:loadbalancer/name: ValidationError: 'arn:aws:elasticloadbalancing:us-east-1:profile:loadbalancer/name' is not a valid load balancer ARN
status code: 400, request id: xxxxxxxxxxxxxxxxxxx
我最初尝试过: load_balancer_arn = "${aws_elastic_beanstalk_environment.ebs-env.load_balancers[0].arn}" 但 aws_elastic_beanstalk_environment.ebs-env.load_balancers[0] 返回名称,因此我不能只执行 .arn,这导致我通过为 arn 编写自定义字符串并使用从给出的名称来完成此操作EBS 环境负载均衡器并将其附加到 ARN 上。
EBS 创建了一个经典的负载均衡器,我在 AWS 网站上找到的 ARN 如下,以及我格式化所有内容的方式,我进行了四次检查,但仍然收到错误,表明它不是有效的 ARN。
我已经检查过 EBS 名称是 AWS 控制台中负载均衡器的实际名称,并且它是在启动时使用 terraform 创建的名称。因此,它是负载均衡器的有效名称,但即使我手动验证该名称是否正确,我仍然出现上述错误。 AWS 文档引导我使用: arn:分区:服务:区域:帐户 ID:资源 ID 对于 arn 自定义名称,发现: arn:aws:elasticloadbalancing:region:account-id:loadbalancer/name 是我正在使用的负载均衡器的正确 ARN。
这是我用来启动/关闭此基础设施的 terraform 代码:
provider "aws" {
region = "us-east-1"
}
resource "aws_elastic_beanstalk_application" "ebaTest" {
name = "EBA-test"
description = "Development test EBS system"
}
resource "aws_elastic_beanstalk_environment" "ebs-env" {
name = "ebs-env"
application = aws_elastic_beanstalk_application.ebaTest.name
solution_stack_name = "64bit Amazon Linux 2 v2.2.10 running .NET Core"
cname_prefix = "ebsp-env"
setting {
namespace = "aws:autoscaling:launchconfiguration"
name = "IamInstanceProfile"
value = "aws-elasticbeanstalk-ec2-role"
}
setting {
namespace = "aws:autoscaling:launchconfiguration"
name = "InstanceType"
value = "t3a.micro"
}
}
resource "aws_lb_listener" "cert-listener" {
load_balancer_arn = "arn:aws:elasticloadbalancing:us-east-1:aws-id:loadbalancer/${aws_elastic_beanstalk_environment.ebs-env.load_balancers[0]}"
port = "443"
protocol = "HTTPS"
certificate_arn = "arn:aws:acm:us-east-1:aws-id:certificate/cert-id"
default_action {
type = "fixed-response"
}
}
如果您有任何其他澄清问题/对某些事情感到困惑,我会尽快回复。
I am trying to attach a SSL certificate to Elastic Beanstalk load balancer that is created via terraform and attaches on spin up. The EBS Environment being spun up is going to be a web api, which is why I need to attach the https ssl certificate to the environment because I want to spin it up/down on command without having to manually attach it to the service every time.
What I have done is the code below, but I keep getting the error:
Error: error creating ELBv2 Listener (arn:aws:elasticloadbalancing:us-east-1:profile:loadbalancer/name: ValidationError: 'arn:aws:elasticloadbalancing:us-east-1:profile:loadbalancer/name' is not a valid load balancer ARN
status code: 400, request id: xxxxxxxxxxxxxxxxxxx
I originally tried:load_balancer_arn = "${aws_elastic_beanstalk_environment.ebs-env.load_balancers[0].arn}"
but aws_elastic_beanstalk_environment.ebs-env.load_balancers[0] returns the name so I couldn't just do .arn which led me to doing it by writing a custom string for the arn and having the name given from the EBS environments load balancer and appending that onto the ARN.
EBS creates a classic load balancer, and the ARN on AWSs website that I found is below, and the way I am formatting everything I quadruple checked and I am still get that error that it's not a valid ARN.
I've checked that the EBS name is the actual name of the load balancer in the AWS console and it is with the terraform made name on the spin up. So it is a valid name for the load balancer, but the error I keep getting described above still shows up even though I validated manually that the name is correct.
The AWS documentation led me to using:arn:partition:service:region:account-id:resource-id
for the arn custom name, and finding that:arn:aws:elasticloadbalancing:region:account-id:loadbalancer/name
is the correct ARN for a load balancer which is what I am using.
Here is my terraform code that I am using to spin up/down this infrastructure:
provider "aws" {
region = "us-east-1"
}
resource "aws_elastic_beanstalk_application" "ebaTest" {
name = "EBA-test"
description = "Development test EBS system"
}
resource "aws_elastic_beanstalk_environment" "ebs-env" {
name = "ebs-env"
application = aws_elastic_beanstalk_application.ebaTest.name
solution_stack_name = "64bit Amazon Linux 2 v2.2.10 running .NET Core"
cname_prefix = "ebsp-env"
setting {
namespace = "aws:autoscaling:launchconfiguration"
name = "IamInstanceProfile"
value = "aws-elasticbeanstalk-ec2-role"
}
setting {
namespace = "aws:autoscaling:launchconfiguration"
name = "InstanceType"
value = "t3a.micro"
}
}
resource "aws_lb_listener" "cert-listener" {
load_balancer_arn = "arn:aws:elasticloadbalancing:us-east-1:aws-id:loadbalancer/${aws_elastic_beanstalk_environment.ebs-env.load_balancers[0]}"
port = "443"
protocol = "HTTPS"
certificate_arn = "arn:aws:acm:us-east-1:aws-id:certificate/cert-id"
default_action {
type = "fixed-response"
}
}
If you have any other clarifying questions/confused about something I will reply as fast as I can.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
aws_lb_listener是 AWS ELBv2 的一部分,仅适用于应用程序负载均衡器和网络负载均衡器。您说过您正在创建一个经典的负载均衡器。如果 Terraform 本身不管理负载均衡器,我认为您无法通过 Terraform 更新 CLB 的证书。您使用 CLB 而不是较新的 ALB 有什么原因吗?无论哪种方式,执行此操作的正确方法 是将 SSL 证书的 ARN 直接传递到 Elastic Beanstalk 资源,作为设置:
aws_lb_listeneris part of AWS ELBv2, which is only for Application Load Balancers and Network Load Balancers. You stated you are creating a classic load balancer. I don't think you can update the certificate of a CLB through Terraform if Terraform itself is not managing the load balancer.Is there any reason you are using a CLB instead of the newer ALB? Either way, the correct method to do this is by passing the ARN of the SSL certificate directly to the Elastic Beanstalk resource, as a setting: