AWS CloudFormation
User Guide (API Version 2010-05-15)
AWS 服务或AWS文档中描述的功能,可能因地区/位置而异。请点击 Amazon AWS 入门,可查看中国地区的具体差异

AWS::ElasticLoadBalancing::LoadBalancer

AWS::ElasticLoadBalancing::LoadBalancer 类型可创建 LoadBalancer。

注意

如果此资源具有公有 IP 地址并且还处于同一模板中定义的 VPC 内,则您必须使用 DependsOn 属性声明对 VPC 网关连接的依赖关系。有关更多信息,请参阅 DependsOn 属性

语法

要在 AWS CloudFormation 模板中声明此实体,请使用以下语法:

JSON

{ "Type": "AWS::ElasticLoadBalancing::LoadBalancer", "Properties": { "AccessLoggingPolicy" : AccessLoggingPolicy, "AppCookieStickinessPolicy" : [ AppCookieStickinessPolicy, ... ], "AvailabilityZones" : [ String, ... ], "ConnectionDrainingPolicy" : ConnectionDrainingPolicy, "ConnectionSettings" : ConnectionSettings, "CrossZone" : Boolean, "HealthCheck" : HealthCheck, "Instances" : [ String, ... ], "LBCookieStickinessPolicy" : [ LBCookieStickinessPolicy, ... ], "LoadBalancerName" : String, "Listeners" : [ Listener, ... ], "Policies" : [ ElasticLoadBalancing Policy, ... ], "Scheme" : String, "SecurityGroups" : [ Security Group, ... ], "Subnets" : [ String, ... ], "Tags" : [ Resource Tag, ... ] } }

YAML

Type: "AWS::ElasticLoadBalancing::LoadBalancer" Properties: AccessLoggingPolicy: AccessLoggingPolicy AppCookieStickinessPolicy: - AppCookieStickinessPolicy AvailabilityZones: - 字符串 ConnectionDrainingPolicy: ConnectionDrainingPolicy ConnectionSettings: ConnectionSettings CrossZone: Boolean HealthCheck: HealthCheck Instances: - 字符串 LBCookieStickinessPolicy: - LBCookieStickinessPolicy LoadBalancerName: String Listeners: - Listener Policies: - ElasticLoadBalancing Policy Scheme: String, SecurityGroups: - Security Group Subnets: - 字符串 Tags: - Resource Tag

属性

AccessLoggingPolicy

获取对负载均衡器进行的所有请求的相关详细信息,如收到请求的时间、客户端的 IP 地址、延迟、请求路径和服务器响应。

Required: No

Type: Elastic Load Balancing AccessLoggingPolicy

更新要求无需中断

AppCookieStickinessPolicy

可生成一个或多个粘性策略,其粘性会话生命周期取决于应用程序生成的 cookie 的生命周期。这些策略只能与 HTTP/HTTPS 侦听器关联。

Required: No

Type: AppCookieStickinessPolicy 数据元列表。

更新要求无需中断

AvailabilityZones

从中创建负载均衡器的可用区。您可以指定 AvailabilityZonesSubnets,但不能两者都指定。

注意

对于位于 VPC 中的负载均衡器,请指定 Subnets 属性。

Required: No

Type: List of String values

更新要求替换 在未指定可用区并且要添加一个时,或在要删除所有可用区时。否则,更新要求无中断

ConnectionDrainingPolicy

已取消注册或运行状况不佳的实例是否可以完成所有处于飞行状态的请求。

Required: No

Type: Elastic Load Balancing ConnectionDrainingPolicy

更新要求无需中断

ConnectionSettings

指定您的负载均衡器的前端和后端连接可保持闲置状态的时长。

Required: No

Type: Elastic Load Balancing ConnectionSettings

更新要求无需中断

CrossZone

是否为负载均衡器启用跨区域负载均衡。凭借跨区域负载均衡,负载均衡器节点将流量路由到跨所有可用区的后端实例。默认情况下,CrossZone 属性是 false

Required: No

类型:布尔值

更新要求无需中断

HealthCheck

实例的应用程序运行状况检查。

Required: No

类型ElasticLoadBalancing LoadBalancer HealthCheck

更新要求替换 在未指定运行状况检查并且要添加一个时,或在要删除运行状况检查时。否则,更新要求无中断

Instances

负载均衡器的 EC2 实例 ID 列表。

Required: No

Type: List of String values

更新要求无需中断

LBCookieStickinessPolicy

生成一个粘性策略,其粘性会话生命周期由浏览器 (user-agent) 的生命周期控制,或者在指定期限后到期。此策略只能与 HTTP/HTTPS 侦听器关联。

Required: No

Type: LBCookieStickinessPolicy 数据元列表。

更新要求无需中断

LoadBalancerName

负载均衡器的名称。有关有效值的信息,请参阅 Elastic Load Balancing API 参考版本 2012-06-01CreateLoadBalancer 操作的 LoadBalancerName 参数。

如果不指定名称,则 AWS CloudFormation 生成一个唯一物理 ID 并将该 ID 用于负载均衡器。名称必须在负载均衡器组中是唯一的。有关更多信息,请参阅 名称类型

重要

如果指定一个名称,您将无法执行需要替换此资源的更新。您可以执行不需要或者只需要部分中断的更新。如果必须替换资源,请指定新名称。

必需:否

类型:字符串

更新要求替换

Listeners

适用于此负载均衡器的一个或多个侦听器。每个侦听器都必须注册一个特定端口,一个给定端口不能具有多个侦听器。

重要

如果您更新了 Listeners 属性指定的侦听器的属性值,AWS CloudFormation 将删除现有侦听器并使用更新后的属性创建一个新的侦听器。AWS CloudFormation 执行此操作期间,客户端将无法连接至负载均衡器。

Required: Yes

Type: ElasticLoadBalancing Listener 属性类型 数据元列表。

更新要求无需中断

Policies

要应用至此 Elastic Load Balancer 的弹性负载均衡策略列表。指定仅后端服务器策略。有关更多信息,请参阅 Elastic Load Balancing API 参考版本 2012-06-01中的 DescribeLoadBalancerPolicyTypes

Required: No

Type: ElasticLoadBalancing 策略数据元列表。

更新要求无需中断

Scheme

对于连接至 Amazon VPC 的负载均衡器,此参数可用于指定要使用的负载均衡器类型。指定 internal 可创建一个带可解析为私有 IP 地址的 DNS 名称的内部负载均衡器,指定 internet-facing 可创建一个带可解析为公有 IP 地址的 DNS 名称的负载均衡器。

注意

如果指定 internal,则必须指定子网与负载均衡器而不是可用区关联。

Required: No

Type: String

更新要求替换

SecurityGroups

Required: No

Type: Virtual Private Cloud (VPC) 中分配至您的负载均衡器的安全组列表。

更新要求无需中断

Subnets

Virtual Private Cloud (VPC) 中将与您的负载均衡器关联的子网 ID 列表。不要指定同一可用区内的多个子网。您可以指定 AvailabilityZonesSubnets,但不能两者都指定。

有关在 VPC 中使用 Elastic Load Balancing 的更多信息,请参阅 Elastic Load Balancing Developer Guide 中的 How Do I Use Elastic Load Balancing in Amazon VPC

Required: No

Type: List of String values

更新要求替换 在未指定子网并且要添加一个时,或在要删除所有子网时。否则,更新要求无中断。要将负载均衡器更新为使用同一可用区内的其他子网,您必须执行两次更新。首先将负载均衡器更新为使用其他可用区内的子网。更新完成后,再将负载均衡器更新为使用原来可用区内的新子网。

Tags

此负载均衡器的任意标签组(键/值对)。

Required: No

Type: AWS CloudFormation 资源标签

更新要求无需中断

返回值

Ref

当该资源的逻辑 ID 提供给 Ref内部函数时,Ref 将返回资源名称。 例如,mystack-myelb-1WQN7BJGDB5YQ

有关使用 Ref 功能的更多信息,请参阅参考

Fn::GetAtt

Fn::GetAtt 返回一个此类型指定属性的值。以下为可用属性和示例返回值。

CanonicalHostedZoneName

与负载均衡器关联的 Amazon Route 53 托管区域的名称。

重要

如果您指定 internal 作为 Elastic Load Balancing 模式,请改用 DNSName。对于 internal 模式,负载均衡器没有 CanonicalHostedZoneName 值。

示例:mystack-myelb-15HMABG9ZCN57-1013119603.us-east-2.elb.amazonaws.com

CanonicalHostedZoneNameID

与负载均衡器关联的 Amazon Route 53 托管区域名称的 ID。

示例:Z3DZXE0Q79N41H

DNSName

负载均衡器的 DNS 名称。

示例:mystack-myelb-15HMABG9ZCN57-1013119603.us-east-2.elb.amazonaws.com

SourceSecurityGroup.GroupName

您可以将其作为负载均衡器后端 Amazon EC2 应用程序实例入站规则的一部分使用的安全组。

示例:amazon-elb

SourceSecurityGroup.OwnerAlias

源安全组的所有者。

示例:amazon-elb-sg

有关使用 Fn::GetAtt 的更多信息,请参见 Fn::GetAtt

示例

具有运行状况检查和访问日志的负载均衡器

JSON

"ElasticLoadBalancer" : { "Type" : "AWS::ElasticLoadBalancing::LoadBalancer", "Properties" : { "AvailabilityZones" : { "Fn::GetAZs" : "" }, "Instances" : [ { "Ref" : "Ec2Instance1" },{ "Ref" : "Ec2Instance2" } ], "Listeners" : [ { "LoadBalancerPort" : "80", "InstancePort" : { "Ref" : "WebServerPort" }, "Protocol" : "HTTP" } ], "HealthCheck" : { "Target" : { "Fn::Join" : [ "", [ "HTTP:", { "Ref" : "WebServerPort" }, "/" ] ] }, "HealthyThreshold" : "3", "UnhealthyThreshold" : "5", "Interval" : "30", "Timeout" : "5" }, "AccessLoggingPolicy": { "S3BucketName": { "Ref": "S3LoggingBucket" }, "S3BucketPrefix": "MyELBLogs", "Enabled": "true", "EmitInterval" : "60" }, "DependsOn": "S3LoggingBucketPolicy" } }

YAML

ElasticLoadBalancer: Type: AWS::ElasticLoadBalancing::LoadBalancer Properties: AvailabilityZones: Fn::GetAZs: '' Instances: - Ref: Ec2Instance1 - Ref: Ec2Instance2 Listeners: - LoadBalancerPort: '80' InstancePort: Ref: WebServerPort Protocol: HTTP HealthCheck: Target: Fn::Join: - '' - - 'HTTP:' - Ref: WebServerPort - "/" HealthyThreshold: '3' UnhealthyThreshold: '5' Interval: '30' Timeout: '5' AccessLoggingPolicy: S3BucketName: Ref: S3LoggingBucket S3BucketPrefix: MyELBLogs Enabled: 'true' EmitInterval: '60' DependsOn: S3LoggingBucketPolicy

启用了访问日志记录的负载均衡器

以下示例代码段创建具有一个存储桶策略的 Amazon S3 存储桶,该策略允许负载均衡器在 Logs/AWSLogs/AWS account number/ 文件夹中存储信息。负载均衡器还包括对存储桶策略的显式依赖关系,需要先建立这种依赖关系,然后负载均衡器才能写入存储桶。

JSON

"S3LoggingBucket": { "Type": "AWS::S3::Bucket" }, "S3LoggingBucketPolicy": { "Type": "AWS::S3::BucketPolicy", "Properties": { "Bucket": { "Ref": "S3LoggingBucket" }, "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Sid": "ELBAccessLogs20130930", "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:aws:s3:::", { "Ref": "S3LoggingBucket" }, "/", "Logs", "/AWSLogs/", { "Ref": "AWS::AccountId" }, "/*" ] ] }, "Principal": { "Ref": "ElasticLoadBalancingAccountID" }, "Action": [ "s3:PutObject" ] } ] } } }, "ElasticLoadBalancer": { "Type": "AWS::ElasticLoadBalancing::LoadBalancer", "Properties": { "AvailabilityZones": { "Fn::GetAZs": "" }, "Listeners": [{ "LoadBalancerPort": "80", "InstancePort": "80", "Protocol": "HTTP" }], "HealthCheck": { "Target": "HTTP:80/", "HealthyThreshold": "3", "UnhealthyThreshold": "5", "Interval": "30", "Timeout": "5" }, "AccessLoggingPolicy": { "S3BucketName": { "Ref": "S3LoggingBucket" }, "S3BucketPrefix": "Logs", "Enabled": "true", "EmitInterval" : "60" } }, "DependsOn": "S3LoggingBucketPolicy" }

YAML

S3LoggingBucket: Type: AWS::S3::Bucket S3LoggingBucketPolicy: Type: AWS::S3::BucketPolicy Properties: Bucket: Ref: S3LoggingBucket PolicyDocument: Version: '2012-10-17' Statement: - Sid: ELBAccessLogs20130930 Effect: Allow Resource: Fn::Join: - '' - - 'arn:aws:s3:::' - Ref: S3LoggingBucket - "/" - Logs - "/AWSLogs/" - Ref: AWS::AccountId - "/*" Principal: Ref: ElasticLoadBalancingAccountID Action: - s3:PutObject ElasticLoadBalancer: Type: AWS::ElasticLoadBalancing::LoadBalancer Properties: AvailabilityZones: Fn::GetAZs: '' Listeners: - LoadBalancerPort: '80' InstancePort: '80' Protocol: HTTP HealthCheck: Target: HTTP:80/ HealthyThreshold: '3' UnhealthyThreshold: '5' Interval: '30' Timeout: '5' AccessLoggingPolicy: S3BucketName: Ref: S3LoggingBucket S3BucketPrefix: Logs Enabled: 'true' EmitInterval: '60' DependsOn: S3LoggingBucketPolicy

具有连接耗尽策略的负载均衡器

以下代码段启用一个连接耗尽策略,该策略在 60 秒之后结束与取消注册或运行状况不佳的实例的连接。

JSON

"ElasticLoadBalancer" : { "Type" : "AWS::ElasticLoadBalancing::LoadBalancer", "Properties" : { "AvailabilityZones" : { "Fn::GetAZs" : "" }, "Instances" : [ { "Ref" : "Ec2Instance1" },{ "Ref" : "Ec2Instance2" } ], "Listeners": [{ "LoadBalancerPort": "80", "InstancePort": "80", "Protocol": "HTTP" }], "HealthCheck": { "Target": "HTTP:80/", "HealthyThreshold": "3", "UnhealthyThreshold": "5", "Interval": "30", "Timeout": "5" }, "ConnectionDrainingPolicy": { "Enabled" : "true", "Timeout" : "60" } } }

YAML

ElasticLoadBalancer: Type: AWS::ElasticLoadBalancing::LoadBalancer Properties: AvailabilityZones: Fn::GetAZs: '' Instances: - Ref: Ec2Instance1 - Ref: Ec2Instance2 Listeners: - LoadBalancerPort: '80' InstancePort: '80' Protocol: HTTP HealthCheck: Target: HTTP:80/ HealthyThreshold: '3' UnhealthyThreshold: '5' Interval: '30' Timeout: '5' ConnectionDrainingPolicy: Enabled: 'true' Timeout: '60'

具有多个策略的负载均衡器

下面的代码段创建一个带有侦听器(侦听端口 80 和 443)的负载均衡器。此代码段在端口 80 上应用一个代理,并在端口 443 上应用一个后端服务器身份验证策略。

JSON

"ElasticLoadBalancer": { "Type": "AWS::ElasticLoadBalancing::LoadBalancer", "Properties": { "SecurityGroups" : { "Ref" : "SecurityGroups" }, "Scheme" : "internet-facing", "AvailabilityZones": { "Fn::GetAZs": "" }, "Listeners": [ { "LoadBalancerPort": "80", "InstancePort": "80", "Protocol": "TCP", "InstanceProtocol" : "TCP" }, { "LoadBalancerPort": "443", "InstancePort": "443", "Protocol": "HTTPS", "SSLCertificateId" : { "Ref" : "CertARN" }, "PolicyNames" : ["MySSLNegotiationPolicy", "MyAppCookieStickinessPolicy"] } ], "Policies" : [ { "PolicyName" : "MySSLNegotiationPolicy", "PolicyType" : "SSLNegotiationPolicyType", "Attributes" : [ { "Name" : "Protocol-TLSv1", "Value" : "true" }, { "Name" : "Protocol-SSLv2", "Value" : "true" }, { "Name" : "Protocol-SSLv3", "Value" : "false" }, { "Name" : "DHE-RSA-AES256-SHA", "Value" : "true" } ] }, { "PolicyName" : "MyAppCookieStickinessPolicy", "PolicyType" : "AppCookieStickinessPolicyType", "Attributes" : [ { "Name" : "CookieName", "Value" : "MyCookie" } ] }, { "PolicyName" : "MyPublicKeyPolicy", "PolicyType" : "PublicKeyPolicyType", "Attributes" : [ { "Name" : "PublicKey", "Value" : { "Fn::Join" : [ "\n", [ "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDh/51Aohx5VrpmlfGHZCzciMBa", "fkHve+MQYYJcxmNUKMdsWnz9WtVfKxxWUU7Cfor4lorYmENGCG8FWqCoLDMFs7pN", "yGEtpsrlKhzZWtgY1d7eGrUrBil03bI90E2KW0j4qAwGYAC8xixOkNClicojeEz4", "f4rr3sUf+ZBSsuMEuwIDAQAB" ] ] } } ] }, { "PolicyName" : "MyBackendServerAuthenticationPolicy", "PolicyType" : "BackendServerAuthenticationPolicyType", "Attributes" : [ { "Name" : "PublicKeyPolicyName", "Value" : "MyPublicKeyPolicy" } ], "InstancePorts" : [ "443" ] }, { "PolicyName" : "EnableProxyProtocol", "PolicyType" : "ProxyProtocolPolicyType", "Attributes" : [ { "Name" : "ProxyProtocol", "Value" : "true" } ], "InstancePorts" : ["80"] } ] } }

YAML

ElasticLoadBalancer: Type: AWS::ElasticLoadBalancing::LoadBalancer Properties: SecurityGroups: Ref: SecurityGroups Scheme: internet-facing AvailabilityZones: Fn::GetAZs: '' Listeners: - LoadBalancerPort: '80' InstancePort: '80' Protocol: TCP InstanceProtocol: TCP - LoadBalancerPort: '443' InstancePort: '443' Protocol: HTTPS SSLCertificateId: Ref: CertARN PolicyNames: - MySSLNegotiationPolicy - MyAppCookieStickinessPolicy Policies: - PolicyName: MySSLNegotiationPolicy PolicyType: SSLNegotiationPolicyType Attributes: - Name: Protocol-TLSv1 Value: 'true' - Name: Protocol-SSLv2 Value: 'true' - Name: Protocol-SSLv3 Value: 'false' - Name: DHE-RSA-AES256-SHA Value: 'true' - PolicyName: MyAppCookieStickinessPolicy PolicyType: AppCookieStickinessPolicyType Attributes: - Name: CookieName Value: MyCookie - PolicyName: MyPublicKeyPolicy PolicyType: PublicKeyPolicyType Attributes: - Name: PublicKey Value: Fn::Join: - "\n" - - MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDh/51Aohx5VrpmlfGHZCzciMBa - fkHve+MQYYJcxmNUKMdsWnz9WtVfKxxWUU7Cfor4lorYmENGCG8FWqCoLDMFs7pN - yGEtpsrlKhzZWtgY1d7eGrUrBil03bI90E2KW0j4qAwGYAC8xixOkNClicojeEz4 - f4rr3sUf+ZBSsuMEuwIDAQAB - PolicyName: MyBackendServerAuthenticationPolicy PolicyType: BackendServerAuthenticationPolicyType Attributes: - Name: PublicKeyPolicyName Value: MyPublicKeyPolicy InstancePorts: - '443' - PolicyName: EnableProxyProtocol PolicyType: ProxyProtocolPolicyType Attributes: - Name: ProxyProtocol Value: 'true' InstancePorts: - '80'

其他示例

您可以在 AWS CloudFormation 示例模板集合中查看更多示例:示例模板

本页内容: