skip to Main Content

I create an ALB by Cfn, but I got the error called

Security group ‘ALB-sg’ is not valid (Service: AmazonElasticLoadBalancing; Status Code: 400; Error Code: ValidationError; Request ID: 6ec8a268-80cc-4a3e-9477-809dba8a00c7; Proxy: null)

AWSTemplateFormatVersion: 2010-09-09

Description: AWS CloudFormation Sample Template for creating LoadBalancer

Parameters:
  VPC:
    Description: VPCId of your existing Virtual Private Cloud (VPC)
    Type: String
    Default: vpc-0c9a732125ac08541
  
  PublicSubnet:
    Description: SubnetId of an existing subnet (for the primary network in your Virtual Private Cloud VPC)
    Type: String
    Default: subnet-0787f34404852ceb9

Resources:
  
  ApplicationLoadBalancer:
    Type: AWS::ElasticLoadBalancingV2::LoadBalancer
    Properties: 
      Name: MyApplicationLoadBalancer
      Type: application
      IpAddressType: ipv4
      Scheme: internet-facing
      SecurityGroups: 
        - !Ref Albsg 
      Subnets: 
        - !Ref PublicSubnet
      Tags:
        - Key: Name
          Value: ALB

  HTTPListener:
        Type: "AWS::ElasticLoadBalancingV2::Listener"
        Properties:
            LoadBalancerArn: !Ref ApplicationLoadBalancer
            Port: 80
            Protocol: "HTTP"
            DefaultActions: 
              - Type: forward
                TargetGroupArn: !Ref ALBTargetGroup
  
  
  ALBTargetGroup:
    Type: AWS::ElasticLoadBalancingV2::TargetGroup
    Properties:
      HealthCheckIntervalSeconds: 10
      HealthCheckPath: /
      HealthCheckTimeoutSeconds: 5
      HealthyThresholdCount: 2
      Matcher:
        HttpCode: 200,302
      Name: MyWebServers
      Port: 80
      Protocol: HTTP
      TargetType: instance
      UnhealthyThresholdCount: 5
      VpcId: !Ref VPC
      

  Albsg:
    Type: 'AWS::EC2::SecurityGroup'
    Properties:
      GroupName: ALB-sg
      GroupDescription: Security group for Load balancer
      SecurityGroupIngress:
        - CidrIp: 0.0.0.0/0
          FromPort: '80'
          IpProtocol: tcp
          ToPort: '80'
      Tags:
        - Key: Name 
          Value: ALB_SG

Outputs:
  TargetGroupName:
    Value: !Ref ALBTargetGroup
    Description: Name of Target ARN

I am not sure what else to try. Here is the template I am working with..

2

Answers


  1. The string ALB-sg only appears one place in your template, so that is obviously where the error is:

    GroupName: ALB-sg
    

    I’m thinking the - character is throwing it off. You should simply wrap the value in quotes:

    GroupName: "ALB-sg"
    
    Login or Signup to reply.
  2. In the SecurityGroupIngress of the Albsg, the fields FromPort and ToPort have to be integers, not strings.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search