https://pulumi.com logo
#general
Title
# general
b

boundless-author-24618

03/26/2019, 9:45 AM
Hi, Does anyone have an example for using Fargate behind an ALB? Thanks
Copy code
const pulumi = require('@pulumi/pulumi')
const awsx = require('@pulumi/awsx')

let cluster = new awsx.ecs.Cluster('app', {})

const loadBalancer = new awsx.elasticloadbalancingv2.ApplicationLoadBalancer(
  'primary-alb',
  {
    external: true,
  }
)

const targetGroup = loadBalancer.createTargetGroup('ip-target-group', {
  port: 3000,
  targetType: 'ip',
  protocol: 'HTTP',
})

const listener = targetGroup.createListener('http-listener', {
  port: 80,
  defaultAction: {
    type: 'forward',
    targetGroupArn: targetGroup.targetGroup.arn,
  },
})

let service = new awsx.ecs.FargateService('frontend', {
  cluster,
  desiredCount: 1,
  taskDefinitionArgs: {
    containers: {
      frontend: {
        image: awsx.ecs.Image.fromPath('frontend-image', './frontend'),
        memory: 512,
        portMappings: [targetGroup],
      },
    },
  },
})

// export just the hostname property of the container frontend
exports.hostname = pulumi.interpolate`http://${listener.endpoint.hostname}`
This is what I've got so far - it deploys fine but when I try and hit the endpoint it times out
It was a security group issue - I have tried to fix it using the following code:
Copy code
const pulumi = require('@pulumi/pulumi')
const aws = require('@pulumi/aws')
const awsx = require('@pulumi/awsx')

let cluster = new awsx.ecs.Cluster('app', {})

const albSecurityGroup = new aws.ec2.SecurityGroup('alb-sg', {})

const ingressRule = new aws.ec2.SecurityGroupRule('alb-ingress-rule', {
  securityGroupId: albSecurityGroup.id,
  type: 'ingress',
  protocol: 'tcp',
  fromPort: 80,
  toPort: 80,
  cidrBlocks: ['0.0.0.0/0'],
})

const egressRule = new aws.ec2.SecurityGroupRule('alb-egress-rule', {
  securityGroupId: albSecurityGroup.id,
  type: 'egress',
  protocol: 'all',
  fromPort: 0,
  toPort: 65535,
  cidrBlocks: ['0.0.0.0/0'],
})

const loadBalancer = new awsx.elasticloadbalancingv2.ApplicationLoadBalancer(
  'primary-alb',
  {
    external: true,
    securityGroups: [albSecurityGroup],
  }
)

const targetGroup = loadBalancer.createTargetGroup('ip-target-group', {
  port: 3000,
  targetType: 'ip',
  protocol: 'HTTP',
})

const listener = targetGroup.createListener('http-listener', {
  port: 80,
  defaultAction: {
    type: 'forward',
    targetGroupArn: targetGroup.targetGroup.arn,
  },
})

let service = new awsx.ecs.FargateService('frontend', {
  cluster,
  desiredCount: 1,
  taskDefinitionArgs: {
    containers: {
      frontend: {
        image: awsx.ecs.Image.fromPath('frontend-image', './frontend'),
        memory: 512,
        portMappings: [targetGroup],
      },
    },
  },
})

// export just the hostname property of the container frontend
exports.hostname = pulumi.interpolate`http://${listener.endpoint.hostname}`
However now I get the error: Error message:A duplicate Security Group rule was found on ... the specified rule "peer: 0.0.0.0/0, TCP, from port: 80, to port: 80, ALLOW" already exists
s

stocky-spoon-28903

03/26/2019, 3:00 PM
Aha that is a known bug, one second let me find the issue
Are you using the latest AWS package? That sounds like this: https://github.com/pulumi/pulumi-aws/issues/398
b

boundless-author-24618

03/26/2019, 9:15 PM
@stocky-spoon-28903 Yes thank you that looks like it has been fixed in version 0.18.0 but I'm not quite sure how to use an unreleased version
32 Views