How to add Application Load Balancer Fixed Response to AWS Elastic Beanstalk with .ebextensions

1
votes

In Order to Whitelist my API Endpoints Served on AWS ElasticBeanstalk:

I would like to return a fixed response from an Application Load Balancer (ALB) in my Elastic Beanstalk environment when it receives unexpected requests.

I need to do this in a reproducible and automated way. Currently I configure my Elastic Beanstalk apps with CloudFormation templates and .ebextensions.

I know how to do configure the fixed response manually in the console by adding a listener rule:

Something like this...

I haven't been able to find a combination of option settings that support this in .ebextensions.

Also, unless I am missing something, CloudFormation appears to expose the same options as .ebextensions through OptionSettings on the environment here.

Is it possible to configure a fixed response in either .ebextensions or CloudFormation?

If not, is there another automation-friendly approach to accomplish the same? Perhaps through an AWS API?

1
amazon-web-servicesamazon-cloudformationamazon-elastic-beanstalkamazon-elb
docs.aws.amazon.com/en_us/AWSCloudFormation/latest/UserGuide/… - Passatizhi

1 Answers

1
votes

ElasticBeanstalk lets you use CloudFormation using the Resources tag in an .ebextensions config file.

EB deploys your app using CloudFormation. The Resources tag lets you add to this CloudFormation template. It also allows you to refer to the EB template's output Resources.

AWS Documentation

To configure an application load balancer to send 404 requests for bad URLs without touching application servers, add application load balancer listener rules to:

  1. High Priority Rule: Listen for expected request URLs and forward requests to the app servers (TargetGroupArn)
  2. Low Priority Rule: Catch all other request URLs and send a 404 fixed response.

Here is the YAML.

Saved it in .ebextensions/X.config and run 'eb deploy'. The AWS machinery takes care of updating the environment with the new listeners.

Resources:
  validAPIRequestListenerRule:
    Type: AWS::ElasticLoadBalancingV2::ListenerRule
    Properties: 
      Actions: 
        -   Type: forward
            TargetGroupArn: { "Ref" : "AWSEBV2LoadBalancerTargetGroup" }
      Conditions: 
        -   Field: path-pattern
            PathPatternConfig:
              Values:
                - "/api/*"
       ListenerArn: { "Ref" : "AWSEBV2LoadBalancerListener443" }
       Priority: 10001

  defaultListenerRejectingInvalidUrls:
    Type: AWS::ElasticLoadBalancingV2::ListenerRule
    Properties: 
      Actions: 
        -   Type: fixed-response
            FixedResponseConfig:
              StatusCode: 404
              ContentType: "application/json"
              MessageBody: "Fixed"
      Conditions: 
        -   Field: path-pattern
            PathPatternConfig:
              Values: 
                - "*"
      ListenerArn: { "Ref" : "AWSEBV2LoadBalancerListener443" }
      Priority: 40000

Notes

  1. Take care with priorities, they go from 1-50,000, lower numbers win. The listeners in this snippet handle all requests before the default EB listener rule (which forwards unmatched requests to your target group)
  2. The Logical IDs available for Ref/Fn::GetAtt tags noted in the AWS documentation are incomplete. If you get an error like this, open up CloudFormation in your console, take a look at the Resources tab corresponding to your EB deployment and see what logical IDs are available.

Service:AmazonCloudFormation, Message:Template format error: Unresolved resource dependencies [AWSEBV2LoadBalancerListener] in the Resources block of the template