Hi, i'm new to pulumi and also mostly new to AWS. I'm trying to deploy a service in fargate using the awsx package. Unlike the basic examples of this in the docs, I want to expose the service via HTTPS on a custom domain. I have almost figured it out, but I'm running into a weird issue I can't figure out with security rules and health checks. My basic setup is this: • a

awsx.ecs.FargateService

, with a container listening on port 8080 • a

<http://awsx.lb|awsx.lb>.ApplicationTargetGroup

for port 8080 HTTP with the right healthcheck configured. This is connected to the container/service via

portMappings

• a

<http://awsx.lb|awsx.lb>.ApplicationListener

for port 443 HTTPS, connected to the targetGroup • ... a bunch of route53/ACM stuff that seems to be working by now The problem is that the health checks that the Target Group performs are failing with this setup, but succeeding with a listener on port 8080 HTTP (using the same

targetGroup

!) I have narrowed the problem down to the

awsx:x:ec2:IngressSecurityGroupRule

(+egress) named

listener-id-external-0-ingress

awsx creates. This only includes port 443. If I add port 8080 via the console, everything works. I would have expected that this rule is only applied to the external load balancer, not to the container, but maybe not? What can I do to fix this, without fully rewriting from awsx to aws components? (happy to post typescript snippets as well if they are helpful)

hey Karl. Sorry for the delay in responding. Can you share the code you're using to deploy? it'll really help with debugging

Your service (Target of your TargetGroup) gets assigned with a security group - this group determines which resources/IPs/etc... are allowed to access your service. As the TargetGroup performs Healtchecks at Port 8080 your SecurityGroup has to allow an ingress on port 8080. Ideally you want to allow ingress on Port 8080 for the resources of the ALB securityGroup.

here's the relevant part of the code: https://gist.github.com/karlsander/7b257ab62a2add111e40e39b86ab48ad