This message was deleted.

Typescript example code

// code above that creates vpc + security groups

const appLb = new awsx.lb.ApplicationLoadBalancer(`${stack}-my-lb`, {
  subnetIds: vpc.publicSubnetIds,
  securityGroups: [securityGroup.id],
  defaultTargetGroup: {
    port: 80,
    protocol: 'HTTP',
    ipAddressType: 'ipv4',
    healthCheck: {
      interval: 10,
      enabled: true,
      path: '/healthcheck',
    },
  },
  listeners: [
    {
      port: 80,
      protocol: 'HTTP',
    },
    {
      port: 443,
      protocol: 'HTTPS',
      // ARN of a manually created SSL cert managed by AWS for our domain
      certificateArn:
        'ARN OF CERT HERE',
    },
  ],
});


const listeners = appLb.listeners.get();
const tlsListenerArn = listeners?.find(
  (listener) => listener.port.get() === 443
)?.arn;

//I want to add an additional cert
const otherDomainCert = new aws.lb.ListenerCertificate('different-domains-cert', {
  
  // PROBLEM HERE here is that the ARN is an Output but Really want this to be an INPUT
  listenerArn: tlsListenerArn,
  certificateArn:
    'ARN OF an additional cert',
});

// more code below

Have you tried applying the Output?

listenerArn: tlsListenerArn.apply(v => v),

It does produce an

Ouput<string | undefined>

, which causes a typing issue because it could be

undefined

if the listener was not defined. I guess my question here is does it make sense to assert that the that the previously defined resources exists in this case since it was created above?

An Output inside of an Input of another resource should resolve correctly. You may need to coerce it in some cases with opts such as

dependsOn

. In some cases, the entire resource needs to be put inside of an

apply

, but I believe that is considered bad practice because resources inside of an apply won't show up in a preview. e.g. something like:

appLb.apply(lb => {
    const listeners = lb.listeners.get();
    const tlsListenerArn = listeners?.find(
        (listener) => listener.port.get() === 443
    )?.arn;

    //I want to add an additional cert
    const otherDomainCert = new aws.lb.ListenerCertificate('different-domains-cert', {

        // PROBLEM HERE here is that the ARN is an Output but Really want this to be an INPUT
        listenerArn: tlsListenerArn,
        certificateArn:
            'ARN OF an additional cert',
    });
});

I was able to get this working, thank you @millions-furniture-75402.

Can you share your solution?

I thought I had a solution to this and just ran it today however I ran into the issue that I have been unable to cocere the boolean to be able to do the

listeners?.find(

bit. As it will always be an output and doing

.get()

for the port throws an exception (which is expected).

Error: Cannot call '.get' during update or preview.
    To manipulate the value of this Output, use '.apply' instead.

Ahh yeah, that makes sense, and that's cleaner than nesting the resource inside an apply

Yea but I still think there should be a dynamic way to get the listener for that port and that would make this code alot more robust to changes in the future.

I think that sort of behavior goes into the higher-level abstractions provider, "crosswalk", aka, "awsx".

I suspect what I would need to do around the dynamic part is instead of using “crosswalk” (

awsx

) I need to instead provision the lower level resources myself to because then I could just reference them directly from the

const resource = new aws.<resource>…..

to get ARNs.