I am trying to deploy bitnami/openldap container in ECS using AWS Copilot as a backend service with a internal NLB (Couldn't go with ALB since bitnami/openldap does not have a http healthcheck endpoint).
I have the following config in Copilot service manifest.
name: ldap2023
type: Backend Service
nlb:
port: 1389/tcp
healthcheck:
healthy_threshold: 3
unhealthy_threshold: 10
grace_period: 120s
interval: 15s
timeout: 10s
network:
vpc:
placement: private
But when I deploy the service a NLB is not created. R53 dns record is directly pointing to the ECS task ip.
Is it not possible to use NLB with backend service?
Can't find it in docs but it is not mentioned that it is not possible as well. For Load balanced web service it has examples for both ALB and NLB!
With the current AWS Copilot capability it is not possible to create a internal NLB with backend service.
Possible workaround:
# copilot/<service>/manifest.yml
name: <service name>
type: Load Balanced Web Service
nlb:
port: 80/tcp
# copilot/<service>/overrides/cfn.patches.yml
# Change the NLB to internal
- op: replace
path: /Resources/PublicNetworkLoadBalancer/Properties/Scheme
value: internal
# Add a Name to the NLB (otherwise the automatically generated name will contain 'public', which is confusing)
- op: add
path: /Resources/PublicNetworkLoadBalancer/Properties/Name
value: !Sub "${AppName}-${EnvName}-${WorkloadName}-NLB"
Hopefully there will be a feature/option in the future!