https://pulumi.com
Join Slack
Hi community, I'm setting up Pulumi for our IaC and been having issues with creating an ECS service ...
# aws
d
Hi community, I'm setting up Pulumi for our IaC and been having issues with creating an ECS service behind an ALB. What I'm getting is an endless "creating" state in pulumi CLI for the 
aws:ecs:Service
resource. I can't find clues of what's wrong neither in AWS or Pulumi's dashboard. The resource is just stuck for 400+ seconds with no feedback. I tried creating a service with the same configurations clicking around AWS Console, and it does work. This manually created service was attached to everything that was created via Pulumi before (Load balancer, listener, security group, subnets, execution roles, etc, so that I could isolate the problem in 
aws:ecs:Service
)... I was able to extract a minimal reproduction, attached as a file below. Any ideas on how to troubleshoot this problem - as in where can I look for error messages - is much appreciated.
ecs.ts
b
Endless creating for ECS usually means that the container is not launching properly and reaching a stable state. If you view your ECS service in the AWS console and go to the events tab it will have a log, you will want it to say 
service xyz has reached a steady state.
and will otherwise show you launching errors. This does make Pulumi stall a long time unfortunately.
c
I can't see any vpc configuration in your service definition, which is required for awsvpc network mode (which fargate uses). so that would be my first guess. you need to place it in a subnet that has access to the internet and a security group which allows egress to docker hub at least, so the task can get the image from the repository
but as Andrew says u should be able to see why it's failing by looking in the aws console first to see what the actual error is
d
Thanks for the help folks. In between some back and forth of VPC configuration and IAM role setup I got it working in the end. Most of it was just trial and error as I still could not get any error message, incl. from AWS console. The ECS service never got to the point where I could drilldown into the task run and look at errors, because it was never shown on the cluster in the first place. I'm not positive, but I think that was two separate issues with my setup above: assigning 
iamRole
to ecs.Service when awsvpc was being used (which shouldn't be done), and improper VPC/subnet configuration. After that was figured out, Pulumi was still hanging but at least the service was showing under ECS, which I could then work through several other errors (internet connectivity, IP assignment, logger configuration, etc.) Wish there was better messaging for that... happy to share my final setup for anyone else facing the same. Thanks for the help Andrew & James 🙏. Cheers
👏 1
h
Copy code
new aws.ecs.Service(`app-${appName}`, {
  cluster: cluster.arn,
  desiredCount: replicas,
  taskDefinition: taskDefinition.urn,
  launchType: 'FARGATE',
  platformVersion: 'LATEST',
  deploymentController: { type: 'ECS' },
  deploymentCircuitBreaker: { enable: true, rollback: true },
  iamRole: taskExecutionRole.arn,
});
IMO taskRole is missing here instead of iamRole.
2 Views
Open in Slack
PreviousNext
Powered by

Pulumi Community

No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Powered by