Hello- Working on a POC with Pulumi. I am having an issue where my stack fails on building my ECS fargate cluster. error: 1 error occurred: * creating urn😛ulumi:dev::fargate::awsx:ecs:FargateService$aws:ecs/service:Service::my_fargate_cluster_service: 1 error occurred: * error waiting for ECS service (my_arn:service/dev-fargate-cluster/my_fargate_cluster_service) to reach steady state after creation: ResourceNotReady: exceeded wait attempts I'm not sure what is missing from my FargateService that would throw this error. Any help would be greatly appreciated. I've omitted the alb etc...as those seem to come up fine.

# Build the Fargate cluster
cluster = aws.ecs.Cluster("dev-fargate-cluster")

# Define the Fargate service settings and configuration
service = awsx.ecs.FargateService("my_fargate_cluster_service",
    cluster = cluster.arn,
    network_configuration = aws.ecs.ServiceNetworkConfigurationArgs(
        subnets = vpc.private_subnet_ids,
        security_groups = [sg.id]
    ),
    task_definition_args = awsx.ecs.FargateServiceTaskDefinitionArgs(
        containers = {
            "react": awsx.ecs.TaskDefinitionContainerDefinitionArgs(
                image = img.image_uri,
                memory = 50,
                cpu = 128,
                essential = True,
                port_mappings = [awsx.ecs.TaskDefinitionPortMappingArgs(
                    container_port = 80,
                    host_port = 80,
                    protocol = "tcp",
                    target_group = alb.default_target_group
                )]
            )
        }
    )
)

you’ll likely need to debug in the AWS console there, the task is likely crashlooping

So you think my Pulumi logic looks ok?

yep, can’t see any issues with it there

Yes, I defined the NAT gw as part of my VPC resource.

# Reduces # of NatGateways to save $$$ NOT intended for production
    nat_gateways=awsx.ec2.NatGatewayConfigurationArgs(
        strategy = awsx.ec2.NatGatewayStrategy.SINGLE

Definitely look at the task running to troubleshoot. • You could set a desired count to 0 and start it manually in AWS Console first, to allow deployment to complete before troubleshooting it. • Add a deployment circuit breaker setting to make ECS roll back the deployment on failure, when you have something that is a stable version, for future deployments. Is the security open properly for ingress and egress?

Thanks @quaint-hydrogen-7228 I will try that. Ingress/Egress is open

description = "Allow web traffic for cluster",
    vpc_id = vpc.vpc_id,
    ingress = [aws.ec2.SecurityGroupIngressArgs(
        description = "Allow port 80 inbound from Internet",
        from_port = 80,
        to_port = 80,
        protocol = "tcp",
        cidr_blocks = ["0.0.0.0/0"]
    )],
    egress = [aws.ec2.SecurityGroupEgressArgs(
        description = "Allow all traffic out from cluster",
        from_port = 0,
        to_port = 0,
        protocol = "tcp",
        cidr_blocks = ["0.0.0.0/0"]
    )]