amazon-web-services - 带有使用 terraform 创建的 https 侦听器的 AWS 负载均衡器抛出连接被拒绝
问题描述
我正面临 terraform 创建的 AWS 负载均衡器的荒谬行为。创建目标组后,他们指向health,我创建负载均衡器,如下所示:
resource "aws_alb" "jira_elb" {
name = "${data.vault_generic_secret.atlassian_datacenter_aws_jira.data["jira_elb_name"]}"
internal = "${local.elb_internal}"
load_balancer_type = "application"
idle_timeout = 600
security_groups = ["${aws_security_group.jira_elb_sg.id}"]
subnets = "${local.elb_internal == "true" ? local.private_subnet_ids : local.public_subnet_ids}" // Set the subnets based on local variable
enable_deletion_protection = false # CHANGE!!
enable_cross_zone_load_balancing = true
access_logs {
bucket = "${data.vault_generic_secret.atlassian_datacenter_aws_jira.data["jira_elb_s3_logs_bucket"]}"
prefix = "jira-elb"
enabled = true
# interval = 20 //The publishing interval in minutes. Default: 60 minutes.
}
}
和 https 监听器:
resource "aws_alb_listener" "jira_https_elb_listener" {
load_balancer_arn = "${aws_alb.jira_elb.arn}"
port = "443"
protocol = "HTTPS"
ssl_policy = "ELBSecurityPolicy-2016-08"
certificate_arn = "${data.aws_acm_certificate.jira_ssl_certificate.arn}"
default_action {
target_group_arn = "${aws_lb_target_group.jira_target_group.arn}"
type = "forward"
}
}
创建负载均衡器并尝试通过浏览器访问它后,我检索到连接被拒绝。荒谬的部分是,如果我手动删除侦听器,并使用相同的证书、端口创建相同的侦听器,并通过浏览器转发 DNS 工作。有什么想法可能发生吗?
解决方案
带有使用 terraform 创建的 https 侦听器的 AWS 负载均衡器
resource "aws_lb" "internal_alb" {
name = "INTERNAL-ALB"
internal = true
load_balancer_type = "application"
security_groups = ["${aws_security_group.ecs_sg.id}"]
subnets = ["subxxxx", "subnet-dcxxxx", "subnet-fxxxx"]
enable_deletion_protection = false
access_logs {
bucket = "bucket_name"
enabled = true
}
tags = {
Name = "INTERNAL-ALB"
}
}
resource "aws_alb_target_group" "web_alb_target_group" {
name = "WEB-TG"
port = "80"
protocol = "HTTP"
vpc_id = "${aws_lb.internal_alb.vpc_id}"
health_check {
healthy_threshold = "5"
unhealthy_threshold = "2"
interval = "30"
matcher = "200"
path = "/heartbeat"
port = "traffic-port"
protocol = "HTTP"
timeout = "5"
}
tags = {
Name = "WEB-TG"
}
}
resource "aws_lb_listener" "internal_alb_http" {
load_balancer_arn = "${aws_lb.internal_alb.id}"
port = "80"
protocol = "HTTP"
default_action {
type = "forward"
target_group_arn = "arn:aws:elasticloadbalancing:us-east-1:48xxxxxxx:targetgroup/WEB-TG/4ad42b3dadxxxxxx66"
}
}
resource "aws_lb_listener" "internal_alb_https" {
load_balancer_arn = "${aws_lb.internal_alb.id}"
port = "443"
protocol = "HTTPS"
ssl_policy = "ELBSecurityPolicy-TLS-1-2-2017-01"
certificate_arn = "arn:aws:iam::48xxxxxxx:server-certificate/certifcate"
default_action {
type = "forward"
target_group_arn = "target_group_arn = "arn:aws:elasticloadbalancing:us-east-1:48xxxxxxx:targetgroup/WEB-TG/4ad42b3dadxxxxxx66"
}
}
resource "aws_route53_record" "node" {
zone_id = "ZSxxxxxxx"
name = "www.example.com"
type = "A"
alias {
name = "${aws_lb.internal_alb.dns_name}"
zone_id = "${aws_lb.internal_alb.zone_id}"
evaluate_target_health = true
}
}
推荐阅读
- wix - 如何检测net core 3.1 windows桌面应用运行时是否安装
- javascript - 如何在 forEach 循环中格式化重命名 json 键,该循环还检查 json 键对的值
- pandas - 在 android 上为 QPython 应用程序安装 pandas
- sql - Teradata SQL:如果满足条件,则计算运行总计
- c++ - 成员函数返回值的 C++“有损覆盖”警告
- r - 使用 R 重新分配方向(圆形)数据中的位置
- lua - 需要nodemcu http调用的代码结构建议
- simulation - AnyLogic - 如何用产品建模盒子
- css - CSS 网格布局:是否可以使项目之一在网格上 100% 宽度?
- sql - 查询未在 MS Access 中运行。(Join 和 From 语句)