nice-policeman-63970
10/08/2020, 9:46 PMawsx.ecs.FargateService
, with a container listening on port 8080
• a <http://awsx.lb|awsx.lb>.ApplicationTargetGroup
for port 8080 HTTP with the right healthcheck configured. This is connected to the container/service via portMappings
• a <http://awsx.lb|awsx.lb>.ApplicationListener
for port 443 HTTPS, connected to the targetGroup
• ... a bunch of route53/ACM stuff that seems to be working by now
The problem is that the health checks that the Target Group performs are failing with this setup, but succeeding with a listener on port 8080 HTTP (using the same targetGroup
!)
I have narrowed the problem down to the awsx:x:ec2:IngressSecurityGroupRule
(+egress) named listener-id-external-0-ingress
awsx creates. This only includes port 443. If I add port 8080 via the console, everything works. I would have expected that this rule is only applied to the external load balancer, not to the container, but maybe not? What can I do to fix this, without fully rewriting from awsx to aws components?
(happy to post typescript snippets as well if they are helpful)billowy-army-68599
quick-finland-93793
10/09/2020, 7:17 AMsg-<someID>
your service should contain an ingress rule on port 8080 with Source of the ALB SecurityGroupnice-policeman-63970
10/09/2020, 8:28 AM