Thread
#aws
    f

    fast-island-38778

    1 week ago
    i have this so far, i want to point the
    httpsListener
    to the task target group, but i am not sure how to do that (i tried putting it in portMappings but it didn’t work)
    const apiCertificateArn = 'some-arn'
    
    const httpsListener = alb.createListener('https-listener', {
      port: 443,
      protocol: 'HTTPS',
      external: true,
      certificateArn: apiCertificateArn,
    });
    
    const httpListener = alb.createListener('http-listener', {
      port: 80,
      protocol: 'HTTP',
      external: true,
    });
    
    // Build and publish a Docker image to a private ECR registry.
    const img = awsx.ecs.Image.fromPath('api-img', '.');
    
    // Create a Fargate service task that can scale out.
    const appService = new awsx.ecs.FargateService('api-service', {
      cluster,
      taskDefinitionArgs: {
        container: {
          image: img,
          cpu: 2048,
          memory: 1024,
          portMappings: [httpListener],
          environment: [{ name: 'PORT', value: '80' }],
        },
      },
      desiredCount: 1,
    });
    m

    millions-furniture-75402

    1 week ago
    const albSecurityGroup = new awsx.ec2.SecurityGroup(`${appName}-lb-sg`, {
      egress: [
        {
          fromPort: 443,
          toPort: 443,
          protocol: "tcp",
          cidrBlocks: ["0.0.0.0/0"],
          description: `For ${appName} load balancer`,
        },
      ],
      ingress: [
        {
          fromPort: 443,
          toPort: 443,
          protocol: "tcp",
          cidrBlocks: ["0.0.0.0/0"],
          description: `For ${appName} load balancer`,
        },
      ],
      vpc,
    });
    
    const alb = new awsx.lb.ApplicationLoadBalancer(`${appName}-lb`, {
      loadBalancer: new aws.lb.LoadBalancer(`${appName}-alb`, {
        accessLogs: {
          bucket: logBucketId,
          enabled: true,
          prefix: appName,
        },
        dropInvalidHeaderFields: true,
        external: true,
        securityGroups: [albSecurityGroup.id],
        subnets: publicSubnetIds,
      }),
      vpc,
    });
    
    alb.createListener(`${appName}-http`, {
      defaultAction: {
        type: "redirect",
        redirect: {
          protocol: "HTTPS",
          port: "443",
          statusCode: "HTTP_301",
        },
      },
      external: false,
      port: 80,
      protocol: "HTTP",
      vpc,
    });
    
    const https = alb.createListener(`${appName}-https`, {
      certificateArn,
      defaultActions: [
        {
          fixedResponse: {
            contentType: "text/plain",
            messageBody: "404 Site Not Found",
            statusCode: "404",
          },
          type: "fixed-response",
        },
      ],
      external: false,
      port: 443,
      protocol: "HTTPS",
      sslPolicy: "ELBSecurityPolicy-TLS-1-2-Ext-2018-06",
      vpc: vpc.vpc,
    });
    
    const appTargetGroup = new awsx.lb.ApplicationTargetGroup(`${appName}-tg`, {
      deregistrationDelay: 0,
      healthCheck: {
        path: "/",
        port: "443",
        protocol: "HTTPS",
        matcher: "200",
      },
      loadBalancer: alb,
      port: 443,
      protocol: "HTTPS",
      vpc,
    });
    
    new awsx.lb.ListenerRule(`${appName}-lr`, https, {
      actions: [
        {
          targetGroupArn: appTargetGroup.targetGroup.arn.apply(v => v),
          type: "forward",
        },
      ],
      conditions: [
        {
          hostHeader: {
            values: [`${appName}.*`],
          },
        },
      ],
      priority: 1,
    });
    
    new aws.route53.Record(`${appName}-www`, {
      aliases: [
        {
          evaluateTargetHealth: true,
          name: alb.loadBalancer.dnsName,
          zoneId: zoneId,
        },
      ],
      name: appName,
      type: "A",
      zoneId: hostedZoneId,
    });
    And the service has:
    portMappings: [appTargetGroup],
    f

    fast-island-38778

    1 week ago
    thanks for the thorough answer
    all i had to do was adding httpListener’s default target group to the httpsListener like this
    const httpsListener = alb.createListener(withAppNamePrefix('https-listener'), {
      port: 443,
      protocol: 'HTTPS',
      external: true,
      certificateArn: apiCertificateArn,
      targetGroup: httpListener.defaultTargetGroup,
    });