Search code examples
amazon-web-servicesterraformamazon-ecsterraform-provider-awsaws-application-load-balancer

link ECS Service with existing Load Balancer

When creating an ECS service using the UI, there's an option to select an existing Load Balancer and Target group as described here: https://aws-solutions-library-samples.github.io/advertising-marketing/using-google-tag-manager-for-server-side-website-analytics-on-aws.html

I am using terrafrom to create a load balancer and target group. Now, I want to use this load balancer with my ECS Service. But how do I link them both in terraform? I see one "load_balancer" parameter but it only asks for the target_group_arn which is again not linked to the LoadBalancer yet.

resource "aws_lb" "PrimaryServerSideLoadBalancer" {
  name               = "PrimaryServerSideLoadBalancer"
  internal           = false
  load_balancer_type = "application"
  security_groups    = ["sg-0111"]
  subnets            = ["subnet-0111", "subnet-0111"]

  enable_deletion_protection = true
}

resource "aws_lb_target_group" "PrimaryServerSideTarget" {
  name     = "PrimaryServerSideTarget"
  port     = 80
  protocol = "HTTP"
  path     = "/healthz"
  vpc_id   = aws_vpc.my-vpc.id
}

resource "aws_lb_listener" "primarylistener" {
  load_balancer_arn = aws_lb.PrimaryServerSideLoadBalancer.arn
  port              = "443"
  protocol          = "HTTPS"
  ssl_policy        = "ELBSecurityPolicy-2016-08"
  certificate_arn   = "arn:aws:acm:eu-central-1:1222:certificate/xxx"

  default_action {
    type             = "forward"
    target_group_arn = aws_lb_target_group.PrimaryServerSideTarget.arn
  }
}

resource "aws_ecs_service" "PrimaryServerSideService" {
  name             = "PrimaryServerSideService"
  cluster          = aws_ecs_cluster.cluster.id
  task_definition  = aws_ecs_task_definition.PrimaryServerSideContainer.id
  desired_count    = 1
  launch_type      = "FARGATE"
  platform_version = "LATEST"

  scheduling_strategy = "REPLICA"
  assign_public_ip = true
  desired_count = 2

  network_configuration {
    assign_public_ip = true
    security_groups  = ["sg-011"]
    subnets          = ["subnet-0111", "subnet-011"]
  }

  load_balancer {
    target_group_arn = aws_lb_target_group.primarytarget.arn
    container_name   = "PrimaryServerSideContainer"
    container_port   = 8080
  }

  lifecycle {
    ignore_changes = [task_definition]
  }
}
Solution

  • I see one "load_balancer" parameter but it only asks for the target_group_arn which is again not linked to the LoadBalancer yet.

    You have to have a Target Group configured on the load balancer. The load balancer can't connect to an ECS Service without a Target Group.

    Your statement that the target group is not "linked to the load balancer yet" is not true. Looking at your code, you have a load balancer configured with a listener, and that listener is configured to forward traffic to the target group. Thus the target group is "linked" to the load balancer.

    Looking at your Terraform code, it appears that you have already done everything needed to configure ECS to register your service tasks with the load balancer.