Aws-cdk: NLB: cannot configure TLS protocol

Created on 25 Dec 2019  路  3Comments  路  Source: aws/aws-cdk

the protocol type when creating a NetworkTargetGroup is hard coded to use 'Protocol.TCP'
and can not be override
https://github.com/aws/aws-cdk/blob/0f0e2055cab08551bc6e5dfb8a1b6219368263c5/packages/%40aws-cdk/aws-elasticloadbalancingv2/lib/nlb/network-target-group.ts#L60

Use Case

I want to create an SSL connection between my LB and my target and need to set the Protocol to TLS

Proposed Solution


## Add the following to the NetworkTargetGroupProps

    /**
     * The protocol to use.
     */
    readonly protocol?: Protocol;

## In the constructor for NetworkTargetGroup

  constructor(scope: cdk.Construct, id: string, props: NetworkTargetGroupProps) {
    super(scope, id, props, {
      protocol: props.protocol != null ? props.protocol : Protocol.TCP,
      port: props.port,
    });
@aws-cdaws-elasticloadbalancing bug efformedium efforsmall p1
Source
picture dsshamou
👍3

Most helpful comment

Workaround, hope this useful for others

    const targetGroup = new CfnTargetGroup(this, "custom-group", {
      protocol : "TLS",
      port : 443,
      targets : [
        { 
          id: config.ips[0],
          port: 443
        },{
          id: config.ips[1],
          port: 443
        }
      ],
      targetType: "ip",
      vpcId : config.vpcId,      
    });

    const networkTargetGroup = NetworkTargetGroup.fromTargetGroupAttributes(this, "network-target-group", {
      targetGroupArn: targetGroup.ref      
    });

    const listener = internalNlb.addListener('tls-listener', {
      port: 443,
      protocol: Protocol.TLS, 
      certificates: [ ListenerCertificate.fromCertificateManager(certification) ],
      defaultTargetGroups: [networkTargetGroup]
    });
picture hepoiko on 27 Mar 2020
👍3 🚀1

All 3 comments

Vote. I also need this feature. Thanks.

hepoiko picture hepoiko on 27 Mar 2020

Workaround, hope this useful for others

    const targetGroup = new CfnTargetGroup(this, "custom-group", {
      protocol : "TLS",
      port : 443,
      targets : [
        { 
          id: config.ips[0],
          port: 443
        },{
          id: config.ips[1],
          port: 443
        }
      ],
      targetType: "ip",
      vpcId : config.vpcId,      
    });

    const networkTargetGroup = NetworkTargetGroup.fromTargetGroupAttributes(this, "network-target-group", {
      targetGroupArn: targetGroup.ref      
    });

    const listener = internalNlb.addListener('tls-listener', {
      port: 443,
      protocol: Protocol.TLS, 
      certificates: [ ListenerCertificate.fromCertificateManager(certification) ],
      defaultTargetGroups: [networkTargetGroup]
    });
hepoiko picture hepoiko on 27 Mar 2020
👍3 🚀1

Closed via #8525.

njlynch picture njlynch on 24 Aug 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

ababra picture ababra  路  3Comments
schof picture schof  路  3Comments
vgribok picture vgribok  路  3Comments
artyom-melnikov picture artyom-melnikov  路  3Comments
kawamoto picture kawamoto  路  3Comments