hi all happy to be here i m trying to get crosswalk with ECS Pulumi Community #general

hi all. happy to be here. i'm trying to get crossw...

thankful-coat-47937

03/09/2022, 11:05 PM

hi all. happy to be here. i'm trying to get crosswalk with ECS working but i can't quite get the port mappings right. i want two listeners on my ALB: 80 and 443, and I want 80 to redirect. got that part right. now i want 443 to be forwarded to a target group ON PORT 80 (not 443). however, i can't quite figure out how to do this without manually declaring the target group. it's currently forwarding everything to port 443 on the target group, which is not what i want. is this possible? code:

Copy code

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";

// Create an ECS cluster explicitly, and give it a name tag.

const vpc = awsx.ec2.Vpc.getDefault();
const cluster = new awsx.ecs.Cluster("cluster", {
  vpc,
});

const zone = aws.route53.getZone({ name: "zone." });

// Create a load balancer on port 80 and spin up two instances of Nginx.
const lb = new awsx.lb.ApplicationLoadBalancer("alb");
const httpListener = lb.createListener("http", {
  port: 80,
  protocol: "HTTP",
  defaultAction: {
    type: "redirect",
    redirect: { protocol: "HTTPS", port: "443", statusCode: "HTTP_301" },
  },
});

const httpsListener = lb.createListener("https", {
  port: 443,
  protocol: "HTTPS",
  certificateArn,
});

const record = new aws.route53.Record("api-route", {
  zoneId: zone.then((zone) => zone.id),
  name,
  type: "A",
  aliases: [
    {
      name: lb.loadBalancer.dnsName,
      zoneId: lb.loadBalancer.zoneId,
      evaluateTargetHealth: false,
    },
  ],
});

const app = new awsx.ecs.FargateService("service", {
  cluster,
  taskDefinitionArgs: {
    containers: {
      nginx: {
        image: "nginx",
        portMappings: [httpsListener]
      },
    },
  },
  desiredCount: 2,
});

this makes all the requests go to the target group on port 443, but the target group is a service listening on port 80, so it 502s

clever-sunset-76585

03/11/2022, 1:27 AM

I think the problem is that your application's container port is not specified anywhere. So the AWSX library is deriving the port based on the protocol (HTTPS) for the target group. You might try creating a target group first and then create a listener from that target group. That is,

Copy code

const targetGroup = lb.createTargetGroup("...", {..., port: <your container port>});
const httpsListener = targetGroup.createListener("...", {protocol: "HTTPS"});

18 Views

Open in Slack

Previous Next