Application Load Balancer with ECS Fargate
I am trying to configure load-balancing for Fargate ECS. My understanding is that there are at least two target groups. One target group gets created along with the Application Load Balancer, and one target group gets created along with the ECS service.
My containers are running their service on TCP port 5000. I want the load balancer only to expose HTTPS over the regular 443 port, and redirect HTTP to HTTPS, or if that is difficult, just drop HTTP.
I see that Listeners allows specifying a whole bunch of things. However, I am confused by the target group created with the service. It - the IP -type group, listens on port 80. Whether I select HTTP or HTTPS during the service creation/configuration.
My containers never get any traffic. I enabled load-balancer logging, it seems that the balancer does not understand what I want it to do. There "forward" "-" "-" "-" "-" "-" "-"in the log at end of every request.
I ran aws elbv2 describe-target-groups to get the definitions.
{
"TargetGroups": [
{
"TargetGroupArn": "arn:aws:elasticloadbalancing:us-east-1:505963211XXX:targetgroup/ecs-fargate-api-service-tg/1ebb89754b34d072",
"TargetGroupName": "ecs-fargate-api-service-tg",
"Protocol": "HTTPS",
"Port": 80,
"VpcId": "vpc-e623dd9b",
"HealthCheckProtocol": "HTTPS",
"HealthCheckPort": "traffic-port",
"HealthCheckEnabled": true,
"HealthCheckIntervalSeconds": 30,
"HealthCheckTimeoutSeconds": 5,
"HealthyThresholdCount": 5,
"UnhealthyThresholdCount": 2,
"HealthCheckPath": "/cookie-policy",
"Matcher": {
"HttpCode": "200"
},
"LoadBalancerArns": [
"arn:aws:elasticloadbalancing:us-east-1:505963211XXX:loadbalancer/app/node-api-lb/f5e512a2678688f5"
],
"TargetType": "ip"
},
{
"TargetGroupArn": "arn:aws:elasticloadbalancing:us-east-1:505963211XXX:targetgroup/node-api-tg/7544b53ab1720e0d",
"TargetGroupName": "node-api-tg",
"Protocol": "HTTPS",
"Port": 443,
"VpcId": "vpc-e623dd9b",
"HealthCheckProtocol": "HTTPS",
"HealthCheckPort": "traffic-port",
"HealthCheckEnabled": true,
"HealthCheckIntervalSeconds": 300,
"HealthCheckTimeoutSeconds": 5,
"HealthyThresholdCount": 5,
"UnhealthyThresholdCount": 2,
"HealthCheckPath": "/cookie-policy",
"Matcher": {
"HttpCode": "200"
},
"LoadBalancerArns": [
"arn:aws:elasticloadbalancing:us-east-1:505963211XXX:loadbalancer/app/node-api-lb/f5e512a2678688f5"
],
"TargetType": "instance"
}
]
}
What am I doing wrong? How should I go about setting up an application load-balancer for ECS Fargate to have HTTPS on the outside and route everything to the correct container PORT?
Based on the comments, the screenshots.
First create ALB
You can create your TG when you create your ALB (ALB is called dddd in my example), or beforehand. ALso, I named my target group my-tg-for-fargate. I used port 80 (you probably need 5000) as I used nginxdemos/hello as my container. Make sure to create IP target type, not instance. Fargete will not work with instance TGs, explaining why you can't see them in ECS console when creating your ECS service.
Create ECS Fargate service
When you create your Fargate service in ECS console, you will have option to choose existing ALB (in my case dddd) and existing target group (in my case called my-tg-for-fargate. You don't need to create second tg:
- Generate S3 URL in "path-style" format
- Trying to find the ARN pattern for AWS WAF regional
- AWS cognito: What's the difference between Access and Identity tokens?
- virtually isolate the network in the same AWS Cloud Account
- Can I stop a spot instance in aws just like I can stop and start an on demand ec2 instance
- Get pdftotext Python module running on Lambda
- Kubernetes: how to set VolumeMount user group and file permissions
- Invalid arn error for terraform code with kms data resource
- Unable to import module 'src.main': No module named 'dependencies' when uploading FastAPI zipped project to AWS Lambda
- Unable to update AWS AppRunner VPC connector via CDK
- Exit early from CodeBuild
- qemu-x86_64: Could not open '/lib64/ld-linux-x86-64.so.2': No such file or directory in alpine linux on M1
- In AWS API Gateway, can method level limits for a specific end point exceed stage level limit?
- How to install postgresql-client to Amazon EC2 Linux machine?
- Why does API Gateway not pass through the request path parameters in proxy mode?
- Does AWS VPC Endpoint require subnets?
- Windows authentication does not work behind AWS Application Load Balancer
- Exporting data from dynamo db to a csv file
- Amazon Web Services : Setting S3 policy to allow putObject and getObject but deny listBucket
- How to set S3 path style in Clojure using Amazonica library?
- System Manager Parameter Store Input
- Issues Sending Kafka and Zookeeper Metrics to AWS CloudWatch Using JMX and CloudWatch Agent
- How to connect to AWS Redis cluster locally?
- HTTPS connections to cloudfront / S3 using godaddy domain
- Local Job unable to find Region
- Nginx Error 413 Entity too large on AWS ELB
- How to get the ARN of an SSM Document in CloudFormation?
- Login to chrome extension via website with AWS amplify
- In total how many aws command is available
- How to upgrade AWS CLI to the latest version?