I have an ECS Cluster with an ECS Service (Fargate) that specifies a Service Discovery Endpoint. I also have a Cloud Map Service setup with a domain and service name that matches the Service Discovery details entered for the ECS Service. Finally, there is an Application Load Balancer with a Target Group setup for IP targets and initially has no Registered Targets (see full details below).
When I start a Task for the above ECS Service, the Task is automatically registered in the 'Registered Targets' for Target Group described above.
My question is how does AWS know that I want the Tasks from the ECS Service to be automatically added to my ALB's Target Group? I don't see anything in the Target Group that connects it to the ECS Service or to the Cloud Map Service? Is there some other configuration that's achieving this?
What I am trying to do is create a new ALB with a new Target Group and I would like to route traffic from this ALB to the same ECS Service, however this does not enjoy the automatically addition of the ECS Tasks to Registered Targets for the Target Group. Is this possible to achieve?
ECS Cluster: MyCluster
ECS Service (Fargate):
Name: MyService
Service Discovery endpoint name: namespace.service-discovery-name
Application Load Balancer:
Name: my-alb
Listener: port 443 (SSL)
Rules: (1) if host = test.domain.com then forward to 'my-target-group'
(2)...
Target Group:
Name: my-target-group
Type: IP
Targets: (initially no registered targets specified. Eventually when a task is started for the above ECS Service a target is automatically registered here.)
Cloud Map:
Domain Name: namespace
Service Name: service-discovery-name
DNS Routing Policy: Multivalue answer routing
Record Type: A
Route 53:
Domain: namespace (Cloud Map Records)
Domain:
Name: mydomain.com
Record: task.mydomain.com -> ALB configured above
This is actually defined and managed within the ECS service when you create it, this service will ensure that the hosts that are created as part of the service will be assigned to the target group of your service.
Looking at the documentation there does not appear to be anyway to replace the target group, in fact looking at the CloudFormation documentation for load balancers it appears that any change would replace the service.
Therefore to apply the service to the new load balancer you would need to create a new service, you can of course use the same task definition though which significantly reduces the amount of work to do. This new service would use your new target group instead.
Related
I created an NLB and a fargate service.
Then i create a target group with "ip" of my ecs instance.
When i now add a fargate ip to my target group, it works, but how does the scaling work? Suppose ecs has to scale out, i will have to register another ip, but i want it to scale automatically.
Let us say one task is added. How does the network load balancer the new task ip without me manually adding it?
I do not get, how the link is between the nlb and the service of ecs. Does amazon does add targets implicitly?
Instead of manually registering the IP of your Fargate task with the target group, you are supposed to configure the ECS service with knowledge of the load balancer you want to use. The ECS service will then automatically register every task that it creates as part of deployments and auto-scaling.
Background
Current State: I currently have a nlb that routes to an nginx server running on an ec2 instance.
Goal
I am trying to replace the nginx ec2 instance with a fargate service that runs nginx.
I would like to keep the current nlb and set the fargate cluster as the target group for the existing nlb.
Problem
according to aws documentation, aws ecs fargate cluster service supports loadbalancing with nlb or alb: https://docs.aws.amazon.com/AmazonECS/latest/userguide/service-load-balancing.html
when I try to deploy the nginx task, in the load balancing section,
there is only an option to select an existing alb or create a new
alb.
I tried changing the task protocol to TCP and UDP--regardless of
the protocol, when I try to deploy the task as a service, the only
load balancer option is still application load balancer.
Question
How do I load balance to a fargate cluster service task using an nlb? Am I missing a specific setting somewhere?
If you cannot set the fargate cluster as a target group for an nlb directly, would it be reasonable to route traffic from an nlb to an alb and then set the alb target group as a fargate cluster?
You can absolutely use an NLB with an ECS Fargate service. I've done this before many times. My guess is you are simply encountering a bug in the AWS web UI. I've always used Terraform to deploy this sort of thing. I just checked in the ECS web UI, and on the 2nd step of creating a new ECS service I get the option of using a Network Load Balancer:
If your view doesn't look like that, try switching from the "New ECS Experience" in the UI which is still fairly beta and missing a lot of features.
I just went back and checked, and in the new ECS UI they are currently missing the option to select an NLB, so you have to continue using the old version of the UI for now until they fix that. I suggest continuing to use the old UI until they phase it out, because the new ECS UI is still missing a lot of features.
I've got a web application running as an AWS ECS Fargate task. The task consists of 2 Docker containers - nginx exposing port 80, running as reverse proxy, forwarding queries to an asp.net core web application exposing port 5000. The url configured in nginx.conf for upstream server is 127.0.0.1:5000, and the task is setup with container networking (awsvpc).
The ECS Service is defined as an autoscaling group of 1 task. When I run the service, AWS sets up an elastic ENI with a public and private ip. I can hit that public ip in a browser and get back a response from my web app, so it seems the ECS part is setup properly.
Next - I've defined an ALB with an http port 80 listener forwarding to a target group for the ECS Service. The target group shows the private ip for the task ENI, so it appears to be setup correctly. Health checks are configured as simple "/", and the task as well as ALB target group report them to be healthy.
However - when I navigate to the DNS name for the LB, I'm unable to get a response.
Additionally - this is running in a non-default VPC. Route table includes an IGW.
Not sure what else I should be checking, so would appreciate some help in troubleshooting further.
I have service in AWS ECS and service discovery maintains domain records like web.local that points to tasks in that service.
I would like Network Load Balancer to point at domain web.local instead of IP or Instance.
I know when I create service I specify Load Balancer and it magically setups everything for me. I can't find where web.local is specified or service discovery.
I checked target group, etc.
There is an option to use service discovery, If you want to enable it you may do it while you are creating the ECS service.
The namespace name is the keyword after the dot(.), in our case it will be .local.
There is also an option to add the Service discovery name* this is the keyword before the dot(.).
Ref: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-discovery.html
Update: You don't need it to point it to NLB if you are using service discovery option of ECS. There will be absolutely no role of the target group with it. ECS service will directly point a DNS name to your containers. If you want to use Load balancer bases service discovery then it's a different story altogether, Then you have to create a private hosted zone yourself and point it to your load balancer. But in the end, you can only choose one.
I'm new to ECS & ALB in AWS's universe, and i'd like to know how can i point my App in the front end to a specific ECS service.
Should I give it maybe the :port or /service_name ?
and if i'd like to use Host-Based Routing, and i use my own DNS subdomains.
For Example :
<service>.hostname.com ,
How can i point each service to it's corresponding one in the ECS cluster through the Application Load Balancer ?
With Amazon's Application Load Balancer, you associate your services with Target Groups. You can then create rules on your listeners that say which traffic to send to which Target Group. Application Load Balancer supports two different rule types: Host (eg: service1.hostname.com) and Path (eg: /service1).
So the basic things you need to do are:
Create a target group for each service
Create a rule sending the hosts/paths you want to the target group
Associate each service with its associated target group