Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
package-authoring
pulumi-ai
pulumi-cdk
pulumi-cloud
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Title
f
fast-island-38778
09/16/2022, 6:02 AMi have this so far, i want to point the
httpsListenerconst apiCertificateArn = 'some-arn'
const httpsListener = alb.createListener('https-listener', {
port: 443,
protocol: 'HTTPS',
external: true,
certificateArn: apiCertificateArn,
});
const httpListener = alb.createListener('http-listener', {
port: 80,
protocol: 'HTTP',
external: true,
});
// Build and publish a Docker image to a private ECR registry.
const img = awsx.ecs.Image.fromPath('api-img', '.');
// Create a Fargate service task that can scale out.
const appService = new awsx.ecs.FargateService('api-service', {
cluster,
taskDefinitionArgs: {
container: {
image: img,
cpu: 2048,
memory: 1024,
portMappings: [httpListener],
environment: [{ name: 'PORT', value: '80' }],
},
},
desiredCount: 1,
});m
millions-furniture-75402
09/16/2022, 1:28 PMconst albSecurityGroup = new awsx.ec2.SecurityGroup(`${appName}-lb-sg`, {
egress: [
{
fromPort: 443,
toPort: 443,
protocol: "tcp",
cidrBlocks: ["0.0.0.0/0"],
description: `For ${appName} load balancer`,
},
],
ingress: [
{
fromPort: 443,
toPort: 443,
protocol: "tcp",
cidrBlocks: ["0.0.0.0/0"],
description: `For ${appName} load balancer`,
},
],
vpc,
});
const alb = new awsx.lb.ApplicationLoadBalancer(`${appName}-lb`, {
loadBalancer: new aws.lb.LoadBalancer(`${appName}-alb`, {
accessLogs: {
bucket: logBucketId,
enabled: true,
prefix: appName,
},
dropInvalidHeaderFields: true,
external: true,
securityGroups: [albSecurityGroup.id],
subnets: publicSubnetIds,
}),
vpc,
});
alb.createListener(`${appName}-http`, {
defaultAction: {
type: "redirect",
redirect: {
protocol: "HTTPS",
port: "443",
statusCode: "HTTP_301",
},
},
external: false,
port: 80,
protocol: "HTTP",
vpc,
});
const https = alb.createListener(`${appName}-https`, {
certificateArn,
defaultActions: [
{
fixedResponse: {
contentType: "text/plain",
messageBody: "404 Site Not Found",
statusCode: "404",
},
type: "fixed-response",
},
],
external: false,
port: 443,
protocol: "HTTPS",
sslPolicy: "ELBSecurityPolicy-TLS-1-2-Ext-2018-06",
vpc: vpc.vpc,
});
const appTargetGroup = new awsx.lb.ApplicationTargetGroup(`${appName}-tg`, {
deregistrationDelay: 0,
healthCheck: {
path: "/",
port: "443",
protocol: "HTTPS",
matcher: "200",
},
loadBalancer: alb,
port: 443,
protocol: "HTTPS",
vpc,
});
new awsx.lb.ListenerRule(`${appName}-lr`, https, {
actions: [
{
targetGroupArn: appTargetGroup.targetGroup.arn.apply(v => v),
type: "forward",
},
],
conditions: [
{
hostHeader: {
values: [`${appName}.*`],
},
},
],
priority: 1,
});
new aws.route53.Record(`${appName}-www`, {
aliases: [
{
evaluateTargetHealth: true,
name: alb.loadBalancer.dnsName,
zoneId: zoneId,
},
],
name: appName,
type: "A",
zoneId: hostedZoneId,
});portMappings: [appTargetGroup],f
fast-island-38778
09/16/2022, 1:41 PMthanks for the thorough answer
all i had to do was adding httpListener’s default target group to the httpsListener like this
const httpsListener = alb.createListener(withAppNamePrefix('https-listener'), {
port: 443,
protocol: 'HTTPS',
external: true,
certificateArn: apiCertificateArn,
targetGroup: httpListener.defaultTargetGroup,
});👍 1