(aws_elasticloadbalancingv2): TargetGroupListenerAction.bind not called when chained with another ListenerAction #18944
Labels
@aws-cdk/aws-elasticloadbalancingv2
Related to Amazon Elastic Load Balancing V2
bug
This issue is a bug.
p3
Comments
franswah
added
bug
github-actions
bot
added
the
@aws-cdk/aws-elasticloadbalancingv2
NGL321
added
p2
and removed
needs-triage
|
Are there any workarounds? I'm still wrapping my head around the problem but it seems like connections are also missing in this case. When I added a ListenerAction.authenticateOidc in front of a forward action, I saw that my cloudformation template removed the connections to and from my target security group. |
|
Possibly related to #19035 |
|
The workaround (a dummy action) in #19035 worked around this issue as well. |
mergify bot
pushed a commit
that referenced
this issue
May 5, 2023
…24510) ## Summary Allow HTTPS outbound traffic for security groups attached to the Application Load Balancer if the Application Load Balancer is configured with an authentication configuration. ## Why is this PR needed? Application Load Balancer authentication requires HTTPS outbound traffic. However, the security group attached to the ApplicationLoadBalancer does not allow traffic to the outside, so the code as described in the documentation will not work by itself. <img width="593" alt="image" src="https://user-images.githubusercontent.com/49480575/223705838-a047e14c-95f5-4c8e-9003-0bbdf6b9d281.png"> This issue is also documented. https://aws.amazon.com/premiumsupport/knowledge-center/elb-configure-authentication-alb/?nc1=h_ls ## Related issues Following opened issues were fixed by #21939, but related this PR. Closes #19035 #18944. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
ashishdhingra
added
the
response-requested
|
This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled. |
github-actions
bot
added
the
closing-soon
pahud
added
p3
and removed
p2
closing-soon
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What is the problem?
I am trying to add a default action to my Application Listener which uses OIDC authentication before forwarding to a target group. This is the code snippet copied exactly from the CDK documentation:
However, since
addActionis not called directly with the TargetGroupListenerAction, the listener never callsbindon the Forward action, and so the target group is not registered with the listener.bindis only called on the action directly passed toaddAction, and the OIDC Listener Action has the default no-op bind implementation without calling bind on the "next" action.This doesn't seem to be a problem for deploying the application listener with the expected set of actions. However, if I want to reference this target group elsewhere in my CDK, for example to create a dashboard with metrics, CDK throws an error due to no listener being registered with the target group.
Reproduction Steps
Follow example for creating OIDC default action chained with a forward action https://github.com/aws/aws-cdk/blob/master/packages/%40aws-cdk/aws-elasticloadbalancingv2/lib/alb/application-target-group.ts#L242.
Call
myTargetGroup.metric(...)after doing so.What did you expect to happen?
Target group is registered with the Application Listener and I can use the
TargetGroup.metricconvenience method.What actually happened?
TargetGroup.metricthrows an error stating it is not bound to an application load balancer/listener.CDK CLI Version
1.139.0
Framework Version
No response
Node.js Version
12.19.0
OS
macOS
Language
Typescript
Language Version
No response
Other information
No response
The text was updated successfully, but these errors were encountered: