3

Good afternoon, all:

I have a CloudFormation template that creates an EBS Web Environment with an internal NLB. My plan for this is to then create a VPC Link and API Gateway to proxy to the web worker, essentially keeping the VPC private. I can accomplish this through the Console, and the POC for that works great. But what I would really love to do is take the ARN of the NLB created for the EBS Web Environment, and use that as the output for the CloudFormation template, which I can then use as the input for the CF template that will create the VPC Link. The questions I have are, is this possible, and if so, how do I go about getting the ARN for the NLB in this scenario? I can accomplish the feat in a two-step process; passing the ARN manually as a parameter to the second template. But I'd really like to do it programmatically if possible.

Any links, examples or advice that you can provide on this use case would be very much appreciated.

Lennox
  • 183
  • 1
  • 8

2 Answers2

0

I want to do something similar but the problem is that the first CF stack that contains the EBS resources actually spins off second CF stack that contains the Web application resources. The NLB is in the second stack.

The second stack template is generated by EBS and you don't have control over it, which means you can't define outputs.

You can use the AWS Cli to list the second stack's resources and look for the NLB resource based on resource type, then grab the ARN. The problem with this is that you don't know the name of the second stack, so would again require the two stage deployment that you describe in your question.

Not much of an answer but I'll keep digging.

Update

This is similar How To Extract Load Balancer Name from Elastic Beanstalk Environment in CloudFormation

Community
  • 1
  • 1
Andy McCluggage
  • 37,618
  • 18
  • 59
  • 69
0

You could also create a Customization using the .ebextensions mechanism.

Recently I had to attach a WAF to an ElasticBeanstalk Application Load Balancer. If you create a .config file and place it in .ebextensions configure your environment and customize the AWS resources that it contains. If you haven't given a custom name to any of your resources you can reference it using the standard Resource names found here (https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/customize-containers-format-resources-eb.html)

NLBs, like ALBs use the same default resource name, so AWSEBV2LoadBalancer is what the doctor ordered.

My config looked like

Resources:
  PublicWAF:
    Type: AWS::WAFRegional::WebACLAssociation
    Properties:
      ResourceArn: {"Ref" : "AWSEBV2LoadBalancer" }
      WebACLId:
        Fn::GetOptionSetting:
           OptionName: waf_id

Where Ref returns the Amazon Resource Name (ARN) of the load balancer.

I imagine you could place your Cloudformation for the VPC Link in a .config file for your Elastic Beanstalk App. Fair warning I used YAML for my config, but had to use the JSON format on the Reference function to get it work in my Environment.

ResourceArn: {"Ref" : "AWSEBV2LoadBalancer" }

Beanz
  • 208
  • 3
  • 12