CloudFormationでELBへSSL証明書の設置
Q&A
Closed
解決したいこと
AWSのCloudFormationでALBでHTTPS接続
・ELBとEC2インスタンス複数
・ELB配下にEC2インスタンスを配置
・WebはHTTP/HTTPSで公開
・EC2は複数AZに配置
・SSL証明書はELBに配置
発生している問題・エラー
[/Resources/ALBListener/Type/RedirectConfig] 'null' values are not allowed in templates
または、問題・エラーが起きている画像をここにドラッグアンドドロップ
該当するソースコード
AWSTemplateFormatVersion: "2010-09-09"
Description: Create EC2 Instance
Mappings:
prd:
VPC: { ID: vpc-06434cd584110fde7 }
PublicSubnet1a: { ID: subnet-07849cec75ce8a401 }
PublicSubnet1c: { ID: subnet-009ec067236924d17 }
Certificate: { ARN: 'arn:aws:acm:ap-northeast-1:777676111815:certificate/124a416b-7e0f-4628-9f23-297d83278982' }
Parameters:
#InternetALB
InternetALBName:
Type: String
Default: "web"
#EC2Instance
InstanceType:
Description: WebServer EC2 instance type
Type: String
Default: t2.micro
ConstraintDescription: must be a valid EC2 instance type
KeyName:
Description : Name of an existing EC2 KeyPair.
Type: AWS::EC2::KeyPair::KeyName
ConstraintDescription : Can contain only ASCII characters.
SSHLocation:
Description: IP address range that can be used to SSH to the EC2 instances
Type: String
MinLength: '9'
MaxLength: '18'
Default: 0.0.0.0/0
AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})
ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
Description: Create EC2 Instance
Resources:
# ------------------------------------------------------------#
# EC2Instance AZ:A
# ------------------------------------------------------------#
EC2Instance01:
Type: AWS::EC2::Instance
Properties:
ImageId: ami-0cf82fdd8185cd8a7
InstanceType: t2.micro
BlockDeviceMappings:
- DeviceName: /dev/xvda
Ebs:
VolumeType: gp2
VolumeSize: 8
Tags:
- Key: Name
Value: EC2-1a
KeyName: !Ref KeyName
NetworkInterfaces:
- AssociatePublicIpAddress: "true"
DeviceIndex: "0"
SubnetId: subnet-07849cec75ce8a401
GroupSet:
- sg-06e72707ee67e6480
# ------------------------------------------------------------#
# EC2Instance AZ:C
# ------------------------------------------------------------#
EC2Instance02:
Type: AWS::EC2::Instance
Properties:
ImageId: ami-0f3bd3c64e6d00035
InstanceType: t2.micro
BlockDeviceMappings:
- DeviceName: /dev/xvda
Ebs:
VolumeType: gp2
VolumeSize: 8
Tags:
- Key: Name
Value: EC2-1c
KeyName: !Ref KeyName
NetworkInterfaces:
- AssociatePublicIpAddress: "true"
DeviceIndex: "0"
SubnetId: subnet-009ec067236924d17
GroupSet:
- sg-06e72707ee67e6480
# ------------------------------------------------------------#
# SecurityGroup for Managed
# ------------------------------------------------------------#
InstanceSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: connect with ssh
VpcId: vpc-06434cd584110fde7
SecurityGroupIngress:
-
IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: !Ref SSHLocation
-
IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: "0.0.0.0/0"
-
IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: "0.0.0.0/0"
# ------------------------------------------------------------#
# SecurityGroup for ALB
# ------------------------------------------------------------#
ALBSecurityGroup:
Type: "AWS::EC2::SecurityGroup"
Properties:
VpcId: vpc-06434cd584110fde7
GroupName: "alb-sg"
GroupDescription: "-"
Tags:
- Key: "Name"
Value: "alb-sg"
# Rule
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: "0.0.0.0/0"
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: "0.0.0.0/0"
# ------------------------------------------------------------#
# Internet ALB
# ------------------------------------------------------------#
ApplicationLoadBalancer:
Name: test-alb
Scheme: internet-facing
IpAddressType: ipv4
SecurityGroups:
- !Ref ALBSecurityGroup
Subnets:
- subnet-07849cec75ce8a401
- subnet-009ec067236924d17
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
ApplicationLoadBalancerListenerHTTP:
Type: AWS::ElasticLoadBalancingV2::Listener
Port: 80
Protocol: HTTP
DefaultActions:
- RedirectConfig:
Host: '#{host}'
Path: '/#{path}'
Port: 443
Protocol: HTTPS
Query: '#{query}'
StatusCode: HTTP_301
Type: redirect
LoadBalancerArn: !Ref ApplicationLoadBalancer
ApplicationLoadBalancerListenerHTTPS:
Type: AWS::ElasticLoadBalancingV2::Listener
Port: 443
Protocol: HTTPS
Certificates:
- CertificateArn: !FindInMap [ !Ref Environment, Certificate, ARN ]
DefaultActions:
- TargetGroupArn: !Ref AlbTargetGroup
Type: forward
LoadBalancerArn: !Ref ApplicationLoadBalancer
# ------------------------------------------------------------#
# Target Group
# ------------------------------------------------------------#
TargetGroup:
Type: "AWS::ElasticLoadBalancingV2::TargetGroup"
VpcId: vpc-06434cd584110fde7
Name: "ALB-tg"
Protocol: HTTP
Port: 80
HealthCheckProtocol: HTTP
HealthCheckPath: "/"
HealthCheckPort: "traffic-port"
HealthyThresholdCount: 2
UnhealthyThresholdCount: 2
HealthCheckTimeoutSeconds: 5
HealthCheckIntervalSeconds: 10
Matcher:
HttpCode: 200
Tags:
- Key: Name
Value: "ALB-tg"
TargetGroupAttributes:
- Key: "deregistration_delay.timeout_seconds"
Value: 300
- Key: "stickiness.enabled"
Value: false
- Key: "stickiness.type"
Value: lb_cookie
- Key: "stickiness.lb_cookie.duration_seconds"
Value: 86400
Targets:
- Id: !Ref EC2Instance01
- Id: !Ref EC2Instance02
Port: 80
AWS初学者でCloudFormationの学習をしております。
EC2の設置とELBの設置はできたのですが、
SSL証明書の設定とHTTPSでの接続が分からず行き詰っております。
ご教授頂きたく存じます。
よろしくお願い致します。
0