05/01/2023, 11:25 PM
It is quite the struggle to use current
crosswalk given that many samples, docs, blogs don't match current package code. Properties are missing, renamed, some examples use a mix of
others don't (but are outdated), and security groups fail to contain the correct ingress rules even if you find some combination that works. It feels like the minute you try to use a listener, or add a few certs, the whole thing fails to work and produce the correct output. If you follow patterns in docs, you get the lovely duplicate security group error even if you are not manually doing anything with groups to cause a conflict. The docs are not versioned nor have indication of which version are they for. Exmaples are updated to some current versions but then the code isn't workable for customization. Docs also show odd things without explanations, for example setting the ALB security groups to be the same as the ECS cluster security groups. Is this really the state of Cross Walk? confused docs and un-working code? Try: • create a ECS cluster + ECR repository • create a docker image with something on port 3000 • create an ALB with listener on HTTPS/443, target group on port 3000 w/healthcheck settings • create a fargate service with a task for your container mapping to port 3000 And see if: • it will even run and "up" • ECS cluster security group isn't allowing ALL ingress • ALB security group is actually 443 only • service security group is allowing ingress from ALB to port 3000 • services actually don't endlessly loop and never start (probably due to target and healthcheck failing due to SG problems) So do you: • create ALB, then from that the target group, then from that the listener? as some samples show (nope, dupe sg ingress error) • create ALB with defaultListener, adn defaultTarget group? nope, the security groups are then with incorrect values • create a cluster with sg group, set that to ingress only from ALB? that works, but then no other security groups are correct after • ... If you full setup an ALB how you want, the interaction with ECS services fails to work. There is no combination I can find to get it all working right at same time. is there a CURRENT sample with up to date versions of Pulumi that is more than trivial that works? Listener, target that isn't port 80 or 443 (such as container on 3000), ssl certificates, security goups not wide open, etc.