AWS CloudFormation
User Guide (Version )

AWS::ElasticLoadBalancingV2::TargetGroup

Specifies a target group for an Application Load Balancer or Network Load Balancer.

Before you register a Lambda function as a target, you must create a AWS::Lambda::Permission resource that grants the Elastic Load Balancing service principal permission to invoke the Lambda function.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::ElasticLoadBalancingV2::TargetGroup", "Properties" : { "HealthCheckEnabled" : Boolean, "HealthCheckIntervalSeconds" : Integer, "HealthCheckPath" : String, "HealthCheckPort" : String, "HealthCheckProtocol" : String, "HealthCheckTimeoutSeconds" : Integer, "HealthyThresholdCount" : Integer, "Matcher" : Matcher, "Name" : String, "Port" : Integer, "Protocol" : String, "Tags" : [ Tag, ... ], "TargetGroupAttributes" : [ TargetGroupAttribute, ... ], "TargetType" : String, "Targets" : [ TargetDescription, ... ], "UnhealthyThresholdCount" : Integer, "VpcId" : String } }

YAML

Type: AWS::ElasticLoadBalancingV2::TargetGroup Properties: HealthCheckEnabled: Boolean HealthCheckIntervalSeconds: Integer HealthCheckPath: String HealthCheckPort: String HealthCheckProtocol: String HealthCheckTimeoutSeconds: Integer HealthyThresholdCount: Integer Matcher: Matcher Name: String Port: Integer Protocol: String Tags: - Tag TargetGroupAttributes: - TargetGroupAttribute TargetType: String Targets: - TargetDescription UnhealthyThresholdCount: Integer VpcId: String

Properties

HealthCheckEnabled

Indicates whether health checks are enabled. If the target type is lambda, health checks are disabled by default but can be enabled. If the target type is instance or ip, health checks are always enabled and cannot be disabled.

Required: No

Type: Boolean

Update requires: No interruption

HealthCheckIntervalSeconds

The approximate amount of time, in seconds, between health checks of an individual target. For HTTP and HTTPS health checks, the range is 5–300 seconds. For TCP health checks, the supported values are 10 and 30 seconds. If the target type is instance or ip, the default is 30 seconds. If the target type is lambda, the default is 35 seconds.

Required: No

Type: Integer

Minimum: 5

Maximum: 300

Update requires: No interruption

HealthCheckPath

[HTTP/HTTPS health checks] The ping path that is the destination on the targets for health checks. The default is /.

Required: No

Type: String

Minimum: 1

Maximum: 1024

Update requires: No interruption

HealthCheckPort

The port the load balancer uses when performing health checks on targets. The default is traffic-port, which is the port on which each target receives traffic from the load balancer.

Required: No

Type: String

Update requires: No interruption

HealthCheckProtocol

The protocol the load balancer uses when performing health checks on targets. For Application Load Balancers, the default is HTTP. For Network Load Balancers, the default is TCP. The TCP protocol is supported for health checks only if the protocol of the target group is TCP or TLS. The TLS protocol is not supported for health checks.

Required: No

Type: String

Allowed Values: HTTP | HTTPS | TCP | TLS

Update requires: No interruption

HealthCheckTimeoutSeconds

The amount of time, in seconds, during which no response from a target means a failed health check. For target groups with a protocol of HTTP or HTTPS, the default is 5 seconds. For target groups with a protocol of TCP or TLS, this value must be 6 seconds for HTTP health checks and 10 seconds for TCP and HTTPS health checks. If the target type is lambda, the default is 30 seconds.

Required: No

Type: Integer

Minimum: 2

Maximum: 120

Update requires: No interruption

HealthyThresholdCount

The number of consecutive health checks successes required before considering an unhealthy target healthy. For target groups with a protocol of HTTP or HTTPS, the default is 5. For target groups with a protocol of TCP or TLS, the default is 3. If the target type is lambda, the default is 5.

Required: No

Type: Integer

Minimum: 2

Maximum: 10

Update requires: No interruption

Matcher

[HTTP/HTTPS health checks] The HTTP codes to use when checking for a successful response from a target.

Required: No

Type: Matcher

Update requires: No interruption

Name

The name of the target group.

This name must be unique per region per account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, and must not begin or end with a hyphen.

Required: No

Type: String

Update requires: Replacement

Port

The port on which the targets receive traffic. This port is used unless you specify a port override when registering the target. If the target is a Lambda function, this parameter does not apply.

Required: No

Type: Integer

Minimum: 1

Maximum: 65535

Update requires: Replacement

Protocol

The protocol to use for routing traffic to the targets. For Application Load Balancers, the supported protocols are HTTP and HTTPS. For Network Load Balancers, the supported protocols are TCP and TLS. If the target is a Lambda function, this parameter does not apply.

Required: No

Type: String

Allowed Values: HTTP | HTTPS | TCP | TLS

Update requires: Replacement

Tags

The tags. Each resource can have a maximum of 10 tags.

Required: No

Type: List of Tag

Update requires: No interruption

TargetGroupAttributes

The attributes.

Required: No

Type: List of TargetGroupAttribute

Update requires: No interruption

TargetType

The type of target that you must specify when registering targets with this target group. You can't specify targets for a target group using more than one target type.

  • instance - Targets are specified by instance ID. This is the default value.

  • ip - Targets are specified by IP address. You can specify IP addresses from the subnets of the virtual private cloud (VPC) for the target group, the RFC 1918 range (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16), and the RFC 6598 range (100.64.0.0/10). You can't specify publicly routable IP addresses.

  • lambda - The target groups contains a single Lambda function.

Required: No

Type: String

Allowed Values: instance | ip | lambda

Update requires: Replacement

Targets

The targets.

Required: No

Type: List of TargetDescription

Update requires: No interruption

UnhealthyThresholdCount

The number of consecutive health check failures required before considering a target unhealthy. For target groups with a protocol of HTTP or HTTPS, the default is 2. For target groups with a protocol of TCP or TLS, this value must be the same as the healthy threshold count. If the target type is lambda, the default is 2.

Required: No

Type: Integer

Minimum: 2

Maximum: 10

Update requires: No interruption

VpcId

The identifier of the virtual private cloud (VPC). If the target is a Lambda function, this parameter does not apply.

Required: No

Type: String

Update requires: Replacement

Return Values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the Amazon Resource Name (ARN) of the target group.

For more information about using the Ref function, see Ref.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

LoadBalancerArns

The Amazon Resource Names (ARNs) of the load balancers that route traffic to this target group.

TargetGroupFullName

The full name of the target group. For example, targetgroup/my-target-group/cbf133c568e0d028.

TargetGroupName

The name of the target group. For example, my-target-group.

Examples

The following example creates a target group where the target is a Lambda function.

YAML

Resources: MyLambdaInvokePermission: Type: AWS::Lambda::Permission Properties: FunctionName: !GetAtt - MyLambdaFunction - Arn Action: 'lambda:InvokeFunction' Principal: elasticloadbalancing.amazonaws.com MyTargetGroup: Type: AWS::ElasticLoadBalancingV2::TargetGroup Properties: HealthCheckEnabled: false Name: MyTargets TargetType: lambda Targets: - Id: !GetAtt [ MyLambdaFunction, Arn ] MyLambdaFunction: Type: "AWS::Lambda::Function" Properties: Handler: "index.handler" Role: !GetAtt [ LambdaExecutionRole, Arn ] Code: ZipFile: !Sub | import json def handler(event, context): response = { "statusCode": 200, "statusDescription": "200 OK", "isBase64Encoded": False, "headers": { "Content-Type": "text/html; charset=utf-8" } } response['body'] = """<html> <head> <title>Hello World!</title> <style> html, body { margin: 0; padding: 0; font-family: arial; font-weight: 700; font-size: 3em; text-align: center; } </style> </head> <body> <p>Hello World from Lambda</p> </body> </html>""" return response Runtime: "python3.6" Timeout: "25" LambdaExecutionRole: Type: "AWS::IAM::Role" Properties: AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Principal: Service: lambda.amazonaws.com Action: "sts:AssumeRole"

See Also