By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

GRPC API through AWS ALB

1

Hi, I'm trying to run a netty server with GRPC API on ECS (on Fargate) behind an application load balancer for an Android GRPC client to connect to. Calls are forwarded but the server logs show an error like

io.grpc.netty.shaded.io.netty.handler.codec.http2.Http2Exception: HTTP/2 client preface string missing or corrupt. Hex dump for received bytes: 1603010102010000fe03036a5663244616ee784100b9d61c

I've read that such an error might be related to the client and server not both using SSL, which arguably is true in my case.

The server itself is not configured to use SSL (I wouldn't know which certificate to deploy it with). The ALB is equipped with an ACM public certificate though and should do SSL offloading I would expect. However, the fact that I cannot configure the load balancing target group with another protocol than HTTPS when protocol version is GRPC indicates otherwise.

Can anyone clarify this to me or have a working example? Any help would be much appreciated

This is the relevant ALB config of my cfn template:

  ApplicationLoadBalancer:
    Type: "AWS::ElasticLoadBalancingV2::LoadBalancer"
    Properties:
      Name: my-alb
      Scheme: "internet-facing"
      Type: "application"
      Subnets:
        - !Ref public-sn-1
        - !Ref public-sn-2
      SecurityGroups:
        - !Ref ALBSecurityGroup
      IpAddressType: "ipv4"

  HubListener:
    Type: "AWS::ElasticLoadBalancingV2::Listener"
    Properties:
      LoadBalancerArn: !Ref ApplicationLoadBalancer
      Port: 50051
      Protocol: HTTPS
      SslPolicy: "ELBSecurityPolicy-2016-08"
      Certificates:
        - CertificateArn: !Ref AlbCertificateArn
      DefaultActions:
        - Order: 1
          TargetGroupArn: !Ref HubTargetGroup
          Type: "forward"

  HubTargetGroup:
    Type: "AWS::ElasticLoadBalancingV2::TargetGroup"
    Properties:
      Port: 50051
      Protocol: HTTPS
      ProtocolVersion: GRPC
      HealthCheckEnabled: true
      HealthCheckPath: "/grpc.health.v1.Health/Check"
      HealthCheckPort: "traffic-port"
      HealthCheckProtocol: HTTP
      TargetType: ip
      Matcher:
        GrpcCode: 0
      VpcId: !Ref VpcId
Topics
ServerlessContainers
Tags
AWS FargateAmazon Elastic Container ServiceApplication Load Balancer
Language
English
rePost-User-1873115
asked 2 years ago4319 views
1 Answer
1
Accepted Answer

You're configuring your target group as HTTPS so this is probalbly why you're receiving this error. You can configure your target group to be HTTP and this should allow to connect succesfully :

  HubTargetGroup:
    Type: "AWS::ElasticLoadBalancingV2::TargetGroup"
    Properties:
      Port: 50051
      Protocol: HTTP #Changed from HTTPS
      ProtocolVersion: GRPC
      HealthCheckEnabled: true
      HealthCheckPath: "/grpc.health.v1.Health/Check"
      HealthCheckPort: "traffic-port"
      HealthCheckProtocol: HTTP
      TargetType: ip
      Matcher:
        GrpcCode: 0
      VpcId: !Ref VpcId

For reference, this blog post is doing pretty match the setup you describe but through the console: https://aws.amazon.com/blogs/aws/new-application-load-balancer-support-for-end-to-end-http-2-and-grpc/

AWS
MB
answered 2 years ago
  • rePost-User-1873115
    2 years ago

    Thank you, I was somehow stuck thinking it needed to be HTTPS end-to-end due to a different error message I received concerning ALB listener configuration earlier...

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content