elb-NetworkListener: Error: Resolution error: Resolution error: Trying to resolve() a Construct at /Resources/${Token[June20Stack.HttpsListener.Resource.LogicalID.232]}/Properties/certificates/0/node/_actualNode. #8665
Trying to create an ECS with NLB thaat has both TCP and TLS port. For TLS we need of Certificate to be attached in the network listner. When i try to do this i am getting the below error.
Error: Resolution error: Resolution error: Trying to resolve() a Construct at /Resources/${Token[June20Stack.HttpsListener.Resource.LogicalID.232]}/Properties/certificates/0/node/_actualNode.
Code:
let vpc: ec2.IVpc;
const hostedZone = HostedZone.fromHostedZoneAttributes(
this,
hostedZoneName,
{
zoneName: this.node.tryGetContext("hostedZone"),
hostedZoneId: hostedZoneId
}
);
const certificate = new DnsValidatedCertificate(this, "pdftron-certificate", {
domainName: domainName,
hostedZone: hostedZone
});
// Set up network
if (vpcId === "") {
vpc = new ec2.Vpc(this, "PdfTronVpc", {
cidr: "10.0.0.0/16",
enableDnsSupport: true,
enableDnsHostnames: true
});
new CfnOutput(this, "VpcId", {
value: vpc.vpcId,
description: "The VPC ID for the PDFTron Web Server",
exportName: awsPrefixName + "-pdftron-vpc-id"
});
} else {
vpc = ec2.Vpc.fromLookup(this, "vpc", {
vpcId: vpcId
});
}
//const vpc = new Vpc(this, vpcName);
//console.log(vpc)
const apiRole = new iam.Role(this, taskDefRole, {
roleName: awsPrefixName + task,
assumedBy: new iam.ServicePrincipal(
this.node.tryGetContext("ecsServiceURL")
),
managedPolicies: [iam.ManagedPolicy.fromManagedPolicyArn(this,
ecsPolicyName,
ecsPolicyArn)]
});
const cluster = new Cluster(this, clusterName, {
vpc: vpc,
clusterName: awsPrefixName + clusterName
});
const taskDefn = new FargateTaskDefinition(this, fargateTaskDefn, {
cpu: this.node.tryGetContext("pdfTronTaskCpuUnit"),
memoryLimitMiB: this.node.tryGetContext("pdfTronTaskMemory")
});
// TaskDefn.taskRole.addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName("service-role/AmazonECSTaskExecutionRolePolicy"))
// taskDefn.taskRole.roleArn = apiRole.roleArn;
const logDriver = new AwsLogDriver({
streamPrefix: pdftronlogName
});
const container = taskDefn.addContainer(containerResource, {
image: ContainerImage.fromRegistry(this.node.tryGetContext("pdfTronImage")),
environment: {
INCLUDE_DEMO: "true"
},
logging: logDriver,
});
// Define the port mappings between the container, and the pdftron.
const portMappings = this.node.tryGetContext("pdfTronEcsPortMappings");
for (const map of portMappings) {
container.addPortMappings({
containerPort: map.containerPort,
});
}
var subnetIds: string[] = [];
vpc.privateSubnets.forEach(subnet => {
subnetIds.push(subnet.subnetId);
});
const pdftronSecurityGroup = new SecurityGroup(this, pdfTronSGName, {
vpc: Vpc.fromLookup(this, "pdftronsgVpc", {
vpcId: vpcId
}),
allowAllOutbound: true,
description: "Security group for pdftron service",
securityGroupName: awsPrefixName + "-pdftron-sg"
});
Tag.add(pdftronSecurityGroup, "name", awsPrefixName + "-pdftron-sg");
pdftronSecurityGroup.addIngressRule(Peer.anyIpv4(), Port.tcp(80), "TCP port");
pdftronSecurityGroup.addIngressRule(Peer.anyIpv4(), Port.tcp(8090), "PDF Tron port");
const service = new FargateService(this, fargateService, {
taskDefinition: taskDefn,
cluster: cluster,
serviceName: awsPrefixName + fargateService,
securityGroup: pdftronSecurityGroup,
desiredCount: 1,
assignPublicIp: false,
vpcSubnets: {
subnetType: SubnetType.PRIVATE
}
});
// ELB - NLB
const loadBalancer = new elb.NetworkLoadBalancer(this, "PDFTronLoadBalancer", {
loadBalancerName: awsPrefixName + "-pdftron-elb",
internetFacing: true,
vpcSubnets: {
subnetType: SubnetType.PUBLIC
},
vpc: vpc,
deletionProtection: true
});
//Target Group
const targetGroup = new elb.NetworkTargetGroup(this, "JenkinsTargetGroup", {
targetGroupName: awsPrefixName + "-pdftron-tg",
port: 80,
targets: [service],
vpc: vpc,
targetType: TargetType.IP
});
targetGroup.configureHealthCheck({
path: this.node.tryGetContext("pdftronHealthCheckPath"),
port: this.node.tryGetContext("pdftronHealthCheckPort"),
protocol: this.node.tryGetContext("pdftronHealthCheckProtocol") as Protocol,
healthyThresholdCount: this.node.tryGetContext("pdftronHealthCheckHealthyThresholdCount"),
timeout: Duration.seconds(this.node.tryGetContext("pdftronHealthCheckTimeout")),
interval: Duration.seconds(this.node.tryGetContext("pdftronHealthCheckInterval")),
healthyHttpCodes: this.node.tryGetContext("pdftronHealthCheckHealthyHttpCodes"),
});
//Listeners -- issue in the certificates section
const httpsli = new elb.NetworkListener(this, "HttpsListener", {
certificates: [
certificate
],
loadBalancer: loadBalancer,
port: 443,
protocol: Protocol.TLS,
defaultTargetGroups: [targetGroup],
sslPolicy: elb.SslPolicy.RECOMMENDED
});
new elb.NetworkListener(this, "HttpListener", {
loadBalancer: loadBalancer,
protocol: Protocol.TCP,
port: 80,
defaultTargetGroups: [targetGroup]
});
// AutoScaling
const scaling = service.autoScaleTaskCount({
maxCapacity: 10,
minCapacity: 1
});
scaling.scaleOnCpuUtilization("CpuScaling", {
targetUtilizationPercent: 60,
scaleInCooldown: Duration.seconds(60),
scaleOutCooldown: Duration.seconds(60)
})
scaling.scaleOnMemoryUtilization("MemoryScaling", {
targetUtilizationPercent: 60,
scaleInCooldown: Duration.seconds(60),
scaleOutCooldown: Duration.seconds(60)
})
// ARecord for having DNS
new CfnRecordSet(this, recordSetName, {
name: recordName + this.node.tryGetContext("hostedZone"),
type: "A",
hostedZoneId: hostedZone.hostedZoneId,
aliasTarget: {
dnsName: loadBalancer.loadBalancerDnsName,
hostedZoneId: loadBalancer.loadBalancerCanonicalHostedZoneId
}
});
new CfnOutput(this, "Load Balancer DNS", {
value: loadBalancer.loadBalancerDnsName
});
:question: General Issue
The Question
Trying to create an ECS with NLB thaat has both TCP and TLS port. For TLS we need of Certificate to be attached in the network listner. When i try to do this i am getting the below error. Error: Resolution error: Resolution error: Trying to resolve() a Construct at /Resources/${Token[June20Stack.HttpsListener.Resource.LogicalID.232]}/Properties/certificates/0/node/_actualNode.
Code:
let vpc: ec2.IVpc;
Environment
Other information