2

I'm trying to run a lambda function to call a Fargate service that is located in a private subnet.

The lambda is triggered when I insert a file in a S3 bucket.

I made a Network Load Balancer (AWS::ElasticLoadBalancingV2::LoadBalancer) that listen on the port 80 and has as a target group the fargate one:

LoadBalancerLRS:
  Type: AWS::ElasticLoadBalancingV2::LoadBalancer
  Properties:
    Scheme: internal
    Subnets:
      - !ImportValue SubnetPrivate1
      - !ImportValue SubnetPrivate2
    Type: network
LoadBalancerListener:
    Type: AWS::ElasticLoadBalancingV2::Listener
    Properties:
      DefaultActions:
        - TargetGroupArn: !Ref TargetGroupService
          Type: forward
      LoadBalancerArn: !Ref LoadBalancerLRS
      Port: 80
      Protocol: TCP

I call the Network Load Balancer and keep getting this error: Error: connect ECONNREFUSED 127.0.0.1:80

My VPC has DNS options enabled and I configured the DHCP options like this:

DHCPOptions:
  Type: AWS::EC2::DHCPOptions
  Properties:
    DomainName:
      Fn::If:
      - WEuropeRegionCondition
      - ec2.internal
      - Fn::Join:
        - ''
        - - !Ref AWS::Region
          - ".compute.internal"
    DomainNameServers:
    - AmazonProvidedDNS

VPCDHCPOptionsAssociation:
  Type: AWS::EC2::VPCDHCPOptionsAssociation
  Properties:
    VpcId: !Ref myVPC
    DhcpOptionsId: !Ref DHCPOptions

My lambda execution role is like this:

LambdaExecutionRole:
  Type: 'AWS::IAM::Role'
  Properties:
    AssumeRolePolicyDocument:
      Version: 2012-10-17
      Statement:
        - Effect: Allow
          Principal:
            Service:
              - lambda.amazonaws.com
          Action:
            - 'sts:AssumeRole'
    Path: /
    ManagedPolicyArns:
      - 'arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole'
    Policies:
      - PolicyName: S3Policy
        PolicyDocument:
          Version: 2012-10-17
          Statement:
            - Effect: Allow
              Action:
                - 's3:PutObject'
                - 'S3:DeleteObject'
              Resource: !Sub 'arn:aws:s3:::*'
            - Effect: Allow
              Action:
                - "logs:CreateLogGroup"
                - "logs:CreateLogStream"
                - "logs:PutLogEvents"
              Resource: !Sub 'arn:aws:logs:::*'
            - Effect: Allow
              Action:
                - "ec2:CreateNetworkInterface"
                - "ec2:DescribeNetworkInterfaces"
                - "ec2:DeleteNetworkInterface"
                - "ec2:DescribeSecurityGroups"
                - "ec2:DescribeSubnets"
              Resource: !Sub '*'

I'm using the axios npm library to make a call to the DNS name that the Network Load Balancer generates.

The Security Group of the lambda function and fargate are the same and they are "All Open".

The service is working, and the health checks are ok.

So any clue why I'm not able to reach the network load balancer?

DavidCG
  • 141
  • 1
  • 1
  • 10

0 Answers0