To follow up, the task definition looks correct.

"portMappings": [
                {
                    "containerPort": 80,
                    "hostPort": 80,
                    "protocol": "tcp"
                },
                {
                    "containerPort": 443,
                    "hostPort": 443,
                    "protocol": "tcp"
                }
            ],

It's just that it does not register both entries into a target group

took me a while to get this right, but how we do it is like this:

const alb = new awsx.lb.ApplicationLoadBalancer(`${PROJECT_NAME}-lb`, {
    name: `${PROJECT_NAME}-lb`,
    external: true,
    vpc
  })  

const targetGroup = alb.createTargetGroup(`${PROJECT_NAME}-tg`, {
    vpc,
    port: 80
  })

  alb.createListener(`${PROJECT_NAME}-http`, {
    port: 80,
    vpc,
    targetGroup,
  })

  const albCert = aws.acm.getCertificate({
    domain: targetDomain,
  })

  alb.createListener(`${PROJECT_NAME}-https`, {
    port: 443,
    sslPolicy: 'ELBSecurityPolicy-2016-08',
    certificateArn: albCert.then(cert => cert.arn),
    vpc,
    targetGroup,
  })

And then in the ECS definition, simply pass in the target groups:

portMappings: [...alb.targetGroups],

This is forwarding both http & https traffic for us