A lambda function to automatically register the private IP-addresses of an ALB in a target group e.g. for use to set an ALB as a target for a NLB
Configure a access policy like:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"cloudwatch:PutMetricData",
"ec2:DescribeNetworkInterfaces",
"elasticloadbalancing:DescribeTargetHealth"
],
"Resource": "*"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"logs:CreateLogStream",
"logs:CreateLogGroup"
],
"Resource": [
"<log arn>"
]
},
{
"Sid": "VisualEditor2",
"Effect": "Allow",
"Action": [
"elasticloadbalancing:RegisterTargets",
"elasticloadbalancing:DeregisterTargets"
],
"Resource": [
"<Target group arn>"
]
}
]
}and assign it to the execution role of the lambda
Add a CloudWatch Events trigger to the lambda using the pattern rate(1 minute)
set the handler to be populate_NLB_TG_with_ALB.lambda_handler
Configure these environment variables in your Lambda environment
- ALB_NAME - The name of the Application Load Balancer (format app//)
- ALB_LISTENER - The traffic listener port of the Application Load Balancer
- NLB_TG_ARN - The ARN of the Network Load Balancer's target group
- CW_METRIC_FLAG_IP_COUNT - The controller flag that enables CloudWatch metric of IP count