Adding BucketModule to the Alb in php-basic example

Rapid Docker on AWS
#1

Hi, I am working through the php-basic example in the Rapid Docker on AWS book. The book is excellent and I have deployed php-basic to ECR and Fargate, and the stack runs fine.

As a learning exercise, I decided to add access logging via S3 to the Application Load Balancer by updating the template.yml file. After using npm to install the s3-bucket module, I added a Resource called AccessLogging:

Resources:
  [...]
  AccessLogging:
    Type: 'AWS::CloudFormation::Stack'
    Properties:
      Parameters:
        BucketName: 'docker-on-aws-php-basic-access-logs-ghassett'
      TemplateURL: './node_modules/@cfn-modules/s3-bucket/module.yml'

I re-packaged the template, and re-deployed – all went well, and I can use the AWS Console to confirm that the bucket itself (docker-on-aws-php-basic-access-logs-ghassett) was successfully created.

Next I went to add this bucket as the ALB’s BucketModule by adding one line to the Alb resource:

  Alb:
    Type: 'AWS::CloudFormation::Stack'
    Properties:
      Parameters:
        VpcModule: !GetAtt 'Vpc.Outputs.StackName'
        AlertingModule: !GetAtt 'Alerting.Outputs.StackName'
        BucketModule: !GetAtt 'AccessLogging.Outputs.StackName'  # <-- here is my change
      TemplateURL: './node_modules/@cfn-modules/alb/module.yml'

I can now re-package, but when I re-deploy, the Alb does not get created – I get an error stating that the embedded stack for the LoadBalancer was not created successfully:

       {
            "StackId": "arn:aws:cloudformation:us-east-1:342777679393:stack/php-basic/24c74560-6536-11ea-91b1-0e23aa861d3d", 
            "EventId": "Alb-UPDATE_FAILED-2020-03-13T15:27:55.284Z", 
            "ResourceStatus": "UPDATE_FAILED", 
            "ResourceType": "AWS::CloudFormation::Stack", 
            "Timestamp": "2020-03-13T15:27:55.284Z", 
            "ResourceStatusReason": "Embedded stack arn:aws:cloudformation:us-east-1:342777679393:stack/php-basic-Alb-7OCQO92HSNU8/81356160-6536-11ea-a9b6-121b03ae900d was not successfully
 updated. Currently in UPDATE_ROLLBACK_IN_PROGRESS with reason: The following resource(s) failed to update: [LoadBalancer]. ", 
            "StackName": "php-basic", 
            "ResourceProperties": "{\"TemplateURL\":\"https://s3.amazonaws.com/docker-on-aws-ghassett/019c64cd88283500bd1046f6667fd3da.template\",\"Parameters\":{\"AlertingModule\":\"php-b
asic-Alerting-TLPXCSSNVYLY\",\"BucketModule\":\"php-basic-AccessLogging-1QJ21VUH3KT86\",\"VpcModule\":\"php-basic-Vpc-1DXAU00NJO4WG\"}}", 
            "PhysicalResourceId": "arn:aws:cloudformation:us-east-1:342777679393:stack/php-basic-Alb-7OCQO92HSNU8/81356160-6536-11ea-a9b6-121b03ae900d", 
            "LogicalResourceId": "Alb"
        },

I’ve eyballed the code but cannot figure out what I am doing wrong – I think that I am linking the BucketModule parameter of the Alb resource correctly to the output of the AccessLogging resource, which is a (successfully created) instance of the s3-bucket module.

Thanks so much for any help you could provide . . . Greg

#2

Hi Greg,

I’m happy to hear that you have a) succeeded to deploy the php-basic example and b) have come up with an additional learning exercise. Kudos!

Most likely, the problem is a missing bucket policy. Set Access to ElbAccessLogWrite for the S3 module to allow the ALB to write access log files to the S3 bucket.

Resources:
  [...]
  AccessLogging:
    Type: 'AWS::CloudFormation::Stack'
    Properties:
      Parameters:
        BucketName: 'docker-on-aws-php-basic-access-logs-ghassett'
        Access: 'ElbAccessLogWrite'
      TemplateURL: './node_modules/@cfn-modules/s3-bucket/module.yml'

Please let me know, wether that did the trick.

#3

Hi Andreas – thanks for the assist. I actually ended up figuring this one out on my own and was coming back to post the solution but you beat me to it. Great work, thank you!

#4