-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
(aws_elasticloadbalancingv2): TargetGroupListenerAction.bind not called when chained with another ListenerAction #18944
Comments
Are there any workarounds? I'm still wrapping my head around the problem but it seems like connections are also missing in this case. When I added a ListenerAction.authenticateOidc in front of a forward action, I saw that my cloudformation template removed the connections to and from my target security group. |
Possibly related to #19035 |
The workaround (a dummy action) in #19035 worked around this issue as well. |
…24510) ## Summary Allow HTTPS outbound traffic for security groups attached to the Application Load Balancer if the Application Load Balancer is configured with an authentication configuration. ## Why is this PR needed? Application Load Balancer authentication requires HTTPS outbound traffic. However, the security group attached to the ApplicationLoadBalancer does not allow traffic to the outside, so the code as described in the documentation will not work by itself. <img width="593" alt="image" src="https://user-images.githubusercontent.com/49480575/223705838-a047e14c-95f5-4c8e-9003-0bbdf6b9d281.png"> This issue is also documented. https://aws.amazon.com/premiumsupport/knowledge-center/elb-configure-authentication-alb/?nc1=h_ls ## Related issues Following opened issues were fixed by #21939, but related this PR. Closes #19035 #18944. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled. |
What is the problem?
I am trying to add a default action to my Application Listener which uses OIDC authentication before forwarding to a target group. This is the code snippet copied exactly from the CDK documentation:
However, since
addAction
is not called directly with the TargetGroupListenerAction, the listener never callsbind
on the Forward action, and so the target group is not registered with the listener.bind
is only called on the action directly passed toaddAction
, and the OIDC Listener Action has the default no-op bind implementation without calling bind on the "next" action.This doesn't seem to be a problem for deploying the application listener with the expected set of actions. However, if I want to reference this target group elsewhere in my CDK, for example to create a dashboard with metrics, CDK throws an error due to no listener being registered with the target group.
Reproduction Steps
Follow example for creating OIDC default action chained with a forward action https://github.com/aws/aws-cdk/blob/master/packages/%40aws-cdk/aws-elasticloadbalancingv2/lib/alb/application-target-group.ts#L242.
Call
myTargetGroup.metric(...)
after doing so.What did you expect to happen?
Target group is registered with the Application Listener and I can use the
TargetGroup.metric
convenience method.What actually happened?
TargetGroup.metric
throws an error stating it is not bound to an application load balancer/listener.CDK CLI Version
1.139.0
Framework Version
No response
Node.js Version
12.19.0
OS
macOS
Language
Typescript
Language Version
No response
Other information
No response
The text was updated successfully, but these errors were encountered: