fast-island-38778
09/16/2022, 6:02 AMhttpsListener
to the task target group, but i am not sure how to do that (i tried putting it in portMappings but it didn’t work)
const apiCertificateArn = 'some-arn'
const httpsListener = alb.createListener('https-listener', {
port: 443,
protocol: 'HTTPS',
external: true,
certificateArn: apiCertificateArn,
});
const httpListener = alb.createListener('http-listener', {
port: 80,
protocol: 'HTTP',
external: true,
});
// Build and publish a Docker image to a private ECR registry.
const img = awsx.ecs.Image.fromPath('api-img', '.');
// Create a Fargate service task that can scale out.
const appService = new awsx.ecs.FargateService('api-service', {
cluster,
taskDefinitionArgs: {
container: {
image: img,
cpu: 2048,
memory: 1024,
portMappings: [httpListener],
environment: [{ name: 'PORT', value: '80' }],
},
},
desiredCount: 1,
});
millions-furniture-75402
09/16/2022, 1:28 PMconst albSecurityGroup = new awsx.ec2.SecurityGroup(`${appName}-lb-sg`, {
egress: [
{
fromPort: 443,
toPort: 443,
protocol: "tcp",
cidrBlocks: ["0.0.0.0/0"],
description: `For ${appName} load balancer`,
},
],
ingress: [
{
fromPort: 443,
toPort: 443,
protocol: "tcp",
cidrBlocks: ["0.0.0.0/0"],
description: `For ${appName} load balancer`,
},
],
vpc,
});
const alb = new awsx.lb.ApplicationLoadBalancer(`${appName}-lb`, {
loadBalancer: new aws.lb.LoadBalancer(`${appName}-alb`, {
accessLogs: {
bucket: logBucketId,
enabled: true,
prefix: appName,
},
dropInvalidHeaderFields: true,
external: true,
securityGroups: [albSecurityGroup.id],
subnets: publicSubnetIds,
}),
vpc,
});
alb.createListener(`${appName}-http`, {
defaultAction: {
type: "redirect",
redirect: {
protocol: "HTTPS",
port: "443",
statusCode: "HTTP_301",
},
},
external: false,
port: 80,
protocol: "HTTP",
vpc,
});
const https = alb.createListener(`${appName}-https`, {
certificateArn,
defaultActions: [
{
fixedResponse: {
contentType: "text/plain",
messageBody: "404 Site Not Found",
statusCode: "404",
},
type: "fixed-response",
},
],
external: false,
port: 443,
protocol: "HTTPS",
sslPolicy: "ELBSecurityPolicy-TLS-1-2-Ext-2018-06",
vpc: vpc.vpc,
});
const appTargetGroup = new awsx.lb.ApplicationTargetGroup(`${appName}-tg`, {
deregistrationDelay: 0,
healthCheck: {
path: "/",
port: "443",
protocol: "HTTPS",
matcher: "200",
},
loadBalancer: alb,
port: 443,
protocol: "HTTPS",
vpc,
});
new awsx.lb.ListenerRule(`${appName}-lr`, https, {
actions: [
{
targetGroupArn: appTargetGroup.targetGroup.arn.apply(v => v),
type: "forward",
},
],
conditions: [
{
hostHeader: {
values: [`${appName}.*`],
},
},
],
priority: 1,
});
new aws.route53.Record(`${appName}-www`, {
aliases: [
{
evaluateTargetHealth: true,
name: alb.loadBalancer.dnsName,
zoneId: zoneId,
},
],
name: appName,
type: "A",
zoneId: hostedZoneId,
});
And the service has:
portMappings: [appTargetGroup],
fast-island-38778
09/16/2022, 1:41 PMconst httpsListener = alb.createListener(withAppNamePrefix('https-listener'), {
port: 443,
protocol: 'HTTPS',
external: true,
certificateArn: apiCertificateArn,
targetGroup: httpListener.defaultTargetGroup,
});