you’ll likely need to debug in the AWS console there, the task is likely crashlooping
j
jolly-fall-57688
11/16/2022, 3:58 PM
So you think my Pulumi logic looks ok?
b
billowy-army-68599
11/16/2022, 4:00 PM
yep, can’t see any issues with it there
billowy-army-68599
11/16/2022, 4:00 PM
one thing to check: you’ve defined a privaye subnet somwhere. Does that have NAT gateway? can the task pull the image correctly?
j
jolly-fall-57688
11/16/2022, 4:03 PM
Yes, I defined the NAT gw as part of my VPC resource.
Copy code
# Reduces # of NatGateways to save $$$ NOT intended for production
nat_gateways=awsx.ec2.NatGatewayConfigurationArgs(
strategy = awsx.ec2.NatGatewayStrategy.SINGLE
q
quaint-hydrogen-7228
11/16/2022, 4:40 PM
Definitely look at the task running to troubleshoot.
• You could set a desired count to 0 and start it manually in AWS Console first, to allow deployment to complete before troubleshooting it.
• Add a deployment circuit breaker setting to make ECS roll back the deployment on failure, when you have something that is a stable version, for future deployments.
Is the security open properly for ingress and egress?
j
jolly-fall-57688
11/16/2022, 4:50 PM
Thanks @quaint-hydrogen-7228 I will try that. Ingress/Egress is open
Copy code
description = "Allow web traffic for cluster",
vpc_id = vpc.vpc_id,
ingress = [aws.ec2.SecurityGroupIngressArgs(
description = "Allow port 80 inbound from Internet",
from_port = 80,
to_port = 80,
protocol = "tcp",
cidr_blocks = ["0.0.0.0/0"]
)],
egress = [aws.ec2.SecurityGroupEgressArgs(
description = "Allow all traffic out from cluster",
from_port = 0,
to_port = 0,
protocol = "tcp",
cidr_blocks = ["0.0.0.0/0"]
)]
No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.