Fix AWS ALB CreateListener TargetGroupNotFound Error

Introduction

When creating an Application Load Balancer (ALB) listener using AWS CLI, CloudFormation, or Terraform, you may encounter the TargetGroupNotFound error. This error occurs when the target group specified in the listener configuration cannot be found, even though it appears to exist in your account.

The Error You'll See

AWS CLI: ```bash $ aws elbv2 create-listener \ --load-balancer-arn arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/app/my-alb/1234567890abcdef \ --protocol HTTP \ --port 80 \ --default-actions Type=forward,TargetGroupArn=arn:aws:elasticloadbalancing:us-east-1:123456789012:targetgroup/my-targets/1234567890abcdef

An error occurred (TargetGroupNotFound) when calling the CreateListener operation: One or more target groups not found ```

CloudFormation: `` Resource creation failed: One or more target groups not found (Service: AmazonElasticLoadBalancingV2; Status Code: 400; Error Code: TargetGroupNotFound)

Terraform: `` Error: error creating ELBv2 Listener: TargetGroupNotFound: One or more target groups not found

Why This Happens

1. 1.Region mismatch - Target group and load balancer are in different regions
2. 2.Account mismatch - Target group exists in a different AWS account
3. 3.Target group was deleted - Target group was deleted before listener creation completed
4. 4.ARN format error - Typo or incorrect ARN format in the target group reference
5. 5.Target group type mismatch - Using an ALB target group with an NLB, or vice versa
6. 6.Resource name confusion - Using target group name instead of ARN
7. 7.Eventual consistency - Target group was just created and not yet available

Step 1: Verify Target Group Exists

```bash # List all target groups in the region aws elbv2 describe-target-groups --region us-east-1

# Check specific target group by ARN aws elbv2 describe-target-groups \ --target-group-arns arn:aws:elasticloadbalancing:us-east-1:123456789012:targetgroup/my-targets/1234567890abcdef \ --region us-east-1

# Check by name aws elbv2 describe-target-groups \ --names my-targets \ --region us-east-1 ```

If the target group doesn't appear, it may have been deleted or is in a different region.

Step 2: Check Region Consistency

Target groups and load balancers must be in the same region:

```bash # Get load balancer details aws elbv2 describe-load-balancers \ --load-balancer-arns arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/app/my-alb/1234567890abcdef \ --query 'LoadBalancers[0].[LoadBalancerName,AvailabilityZones[0].ZoneName]'

# Get target group details aws elbv2 describe-target-groups \ --target-group-arns arn:aws:elasticloadbalancing:us-east-1:123456789012:targetgroup/my-targets/1234567890abcdef \ --query 'TargetGroups[0].[TargetGroupName,TargetType]' ```

Compare the region in both ARNs - they must match exactly.

Step 3: Verify ARN Format

The ARN format for target groups is: `` arn:aws:elasticloadbalancing:<region>:<account-id>:targetgroup/<name>/<resource-id>

```bash # Validate ARN format TARGET_GROUP_ARN="arn:aws:elasticloadbalancing:us-east-1:123456789012:targetgroup/my-targets/1234567890abcdef"

# Extract components echo "$TARGET_GROUP_ARN" | awk -F: '{print "Region: "$4"\nAccount: "$5}'

# Verify it matches your current account aws sts get-caller-identity --query 'Account' --output text ```

Common ARN mistakes: - Using arn:aws:elasticloadbalancing instead of arn:aws:elasticloadbalancing - Using target group name instead of full ARN - Copying ARN from a different account or region

Step 4: Check Target Group Type Compatibility

Target groups have types (instance, ip, lambda, alb) that must match the use case:

# Check target group type
aws elbv2 describe-target-groups \
    --target-group-arns arn:aws:elasticloadbalancing:us-east-1:123456789012:targetgroup/my-targets/1234567890abcdef \
    --query 'TargetGroups[0].[TargetGroupName,TargetType,Protocol,Port]'

Compatibility rules: - ALB listeners can forward to instance, ip, or lambda target groups - NLB listeners can forward to instance, ip, or alb target groups - Lambda target groups only work with HTTP/HTTPS listeners on ALB

Step 5: Handle Eventual Consistency

If you just created the target group, wait for it to be available:

```bash # Wait for target group to be available (usually 5-10 seconds) aws elbv2 wait target-group-exists \ --target-group-arns arn:aws:elasticloadbalancing:us-east-1:123456789012:targetgroup/my-targets/1234567890abcdef

# Then create the listener aws elbv2 create-listener \ --load-balancer-arn arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/app/my-alb/1234567890abcdef \ --protocol HTTP \ --port 80 \ --default-actions Type=forward,TargetGroupArn=arn:aws:elasticloadbalancing:us-east-1:123456789012:targetgroup/my-targets/1234567890abcdef ```

Step 6: Fix Terraform Configuration

In Terraform, use explicit dependencies or references:

```hcl # Create target group first resource "aws_lb_target_group" "main" { name = "my-targets" port = 80 protocol = "HTTP" vpc_id = aws_vpc.main.id

# Ensure it's created before listener lifecycle { create_before_destroy = true } }

# Create listener with explicit reference resource "aws_lb_listener" "http" { load_balancer_arn = aws_lb.main.arn port = 80 protocol = "HTTP"

default_action { type = "forward" target_group_arn = aws_lb_target_group.main.arn # Use reference, not hardcoded ARN }

# Explicit dependency (optional, usually not needed with references) depends_on = [aws_lb_target_group.main] } ```

Step 7: Fix CloudFormation Template

In CloudFormation, use Ref or GetAtt:

```yaml Resources: MyTargetGroup: Type: AWS::ElasticLoadBalancingV2::TargetGroup Properties: Name: my-targets Port: 80 Protocol: HTTP VpcId: !Ref VpcId

MyListener: Type: AWS::ElasticLoadBalancingV2::Listener DependsOn: MyTargetGroup # Explicit dependency Properties: DefaultActions: - Type: forward TargetGroupArn: !Ref MyTargetGroup # Use Ref, not hardcoded ARN LoadBalancerArn: !Ref MyLoadBalancer Port: 80 Protocol: HTTP ```

Step 8: Cross-Account Target Groups

If using target groups from another account:

```bash # The target group must be in the same VPC and the load balancer must have permissions # Check if the target group is shared aws ram list-resources --resource-type elasticloadbalancing:TargetGroup

# For cross-account, ensure proper permissions aws elbv2 describe-target-groups \ --target-group-arns arn:aws:elasticloadbalancing:us-east-1:999999999999:targetgroup/shared-targets/abc123 \ --region us-east-1 ```

Note: Cross-account target groups require AWS Resource Access Manager (RAM) sharing.

Verify the Fix

After resolving the issue:

```bash # Create the listener aws elbv2 create-listener \ --load-balancer-arn arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/app/my-alb/1234567890abcdef \ --protocol HTTP \ --port 80 \ --default-actions Type=forward,TargetGroupArn=arn:aws:elasticloadbalancing:us-east-1:123456789012:targetgroup/my-targets/1234567890abcdef

# Verify listener was created aws elbv2 describe-listeners \ --load-balancer-arn arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/app/my-alb/1234567890abcdef

# Test the load balancer curl -I http://my-alb-1234567890.us-east-1.elb.amazonaws.com ```

Related Issues

• [Fix AWS ALB Target Group Health Check Failure](/articles/fix-aws-alb-target-group-health-check-failure-deep)
• [Fix AWS ALB 503 Service Unavailable](/articles/aws-alb-target-group-503-service-unavailable)
• [Fix AWS ELB Listener Certificate Issues](/articles/fix-aws-elb-listener-certificate)