This message was deleted.
# general
s
This message was deleted.
b
I followed the same route as you. Although, I use host-based routing so I only need a single ALB (not sure how NLB works)
v
How does connecting multiple services to single load-balancer work, and handling the proper routing?
c
If you running multiple services behind say *.test.com or *.app.test.com your certificate would be for *.test.com and a SAN *.app.test.com
or if your running multiple domains you need a cert for each domain. *.test.com, *.staging.com etc.
v
Ahh okay makes sense @chilly-hairdresser-56259, thank you. So in this scenario, if I had two services, let's say
api
and
frontend
, and two environments,
staging
and
production
. I would create one Application Load Balancer (not NLB), and in Pulumi I would attach them all to this single ALB. And then in my Pulumi handler, I could do something like:
Copy code
type StackEnvironment = "staging" | "production"
const stack = pulumi.getStack() as StackEnvironment

const config = new pulumi.Config()
const domain = config.require("domain") // IE: <http://mysite.com|mysite.com>

// Create certificate for "<http://mysite.com|mysite.com>" with "subjectAlternativeNames: ['*.${domain}']"
// Create ALB here for "<http://mysite.com|mysite.com>"

// Create Fargate API service attached to ALB with Route53 Domain at "api.${stack}.${domain}"
// Create Fargate Frontend service attached to ALB with Route53 Domain at "frontend.${stack}.${domain}"
And this would handle attaching
<http://api.staging.mysite.com|api.staging.mysite.com>
and
<http://api.production.mysite.com|api.production.mysite.com>
etc all to the same ALB + single Certificate right? Based on Pulumi stack
c
When creating your ACM certificates that would attach on the Listener you would have 2 ACM Certificate Resources. But you would have a Request for each, an approval Email DNS, CNAME Route53 Record,, an SSL Attachment to the ALB, a new route to a new target group, and a new A Record in Route53 for your app pointed to your ALB DNS name.
v
Holy smokes. Appreciate the response a ton but I think I need to study DevOps a bit more to interpret that answer haha. 🙏
😄 1
b
@victorious-xylophone-55816, here's some pseudo-code to show what I have done. I'm pretty new to this stuff, so please don't trust this completely.
Copy code
const alb = new awsx.lb.ApplicationLoadBalancer(...)
const listener = alb.createListener(...) // one listener for my case
const cert = new aws.alb.ListenerCertificate(...) // repeat for each domain, or you could use a single wildcard
const targetGroup = alb.createTargetGroup(...) // repeat for each domain
const listenerRule = listener.addListenerRule(...) // repeat for each domain
const service = new awsx.ecs.FargateService(...) // repeat for each host, use loadBalancers to register service with targetGroup
🙌 1