https://pulumi.com logo
Title
j

jolly-fall-57688

11/16/2022, 3:55 PM
Hello- Working on a POC with Pulumi. I am having an issue where my stack fails on building my ECS fargate cluster. error: 1 error occurred: * creating urn😛ulumi:dev::fargate::awsx:ecs:FargateService$aws:ecs/service:Service::my_fargate_cluster_service: 1 error occurred: * error waiting for ECS service (my_arn:service/dev-fargate-cluster/my_fargate_cluster_service) to reach steady state after creation: ResourceNotReady: exceeded wait attempts I'm not sure what is missing from my FargateService that would throw this error. Any help would be greatly appreciated. I've omitted the alb etc...as those seem to come up fine.
# Build the Fargate cluster
cluster = aws.ecs.Cluster("dev-fargate-cluster")

# Define the Fargate service settings and configuration
service = awsx.ecs.FargateService("my_fargate_cluster_service",
    cluster = cluster.arn,
    network_configuration = aws.ecs.ServiceNetworkConfigurationArgs(
        subnets = vpc.private_subnet_ids,
        security_groups = [sg.id]
    ),
    task_definition_args = awsx.ecs.FargateServiceTaskDefinitionArgs(
        containers = {
            "react": awsx.ecs.TaskDefinitionContainerDefinitionArgs(
                image = img.image_uri,
                memory = 50,
                cpu = 128,
                essential = True,
                port_mappings = [awsx.ecs.TaskDefinitionPortMappingArgs(
                    container_port = 80,
                    host_port = 80,
                    protocol = "tcp",
                    target_group = alb.default_target_group
                )]
            )
        }
    )
)
b

billowy-army-68599

11/16/2022, 3:57 PM
you’ll likely need to debug in the AWS console there, the task is likely crashlooping
j

jolly-fall-57688

11/16/2022, 3:58 PM
So you think my Pulumi logic looks ok?
b

billowy-army-68599

11/16/2022, 4:00 PM
yep, can’t see any issues with it there
one thing to check: you’ve defined a privaye subnet somwhere. Does that have NAT gateway? can the task pull the image correctly?
j

jolly-fall-57688

11/16/2022, 4:03 PM
Yes, I defined the NAT gw as part of my VPC resource.
# Reduces # of NatGateways to save $$$ NOT intended for production
    nat_gateways=awsx.ec2.NatGatewayConfigurationArgs(
        strategy = awsx.ec2.NatGatewayStrategy.SINGLE
q

quaint-hydrogen-7228

11/16/2022, 4:40 PM
Definitely look at the task running to troubleshoot. • You could set a desired count to 0 and start it manually in AWS Console first, to allow deployment to complete before troubleshooting it. • Add a deployment circuit breaker setting to make ECS roll back the deployment on failure, when you have something that is a stable version, for future deployments. Is the security open properly for ingress and egress?
j

jolly-fall-57688

11/16/2022, 4:50 PM
Thanks @quaint-hydrogen-7228 I will try that. Ingress/Egress is open
description = "Allow web traffic for cluster",
    vpc_id = vpc.vpc_id,
    ingress = [aws.ec2.SecurityGroupIngressArgs(
        description = "Allow port 80 inbound from Internet",
        from_port = 80,
        to_port = 80,
        protocol = "tcp",
        cidr_blocks = ["0.0.0.0/0"]
    )],
    egress = [aws.ec2.SecurityGroupEgressArgs(
        description = "Allow all traffic out from cluster",
        from_port = 0,
        to_port = 0,
        protocol = "tcp",
        cidr_blocks = ["0.0.0.0/0"]
    )]