Deploying docker image on ECS using Fargate instance

0

We have pushed the docker image to ECR (private repo) and need to deploy it on ECS. We have written CloudFormation template, it's creating the cluster, task definition, service and task. But it's not creating loadbalancer and target groups. I tried manually via ui but the task is keep on draining. Can anyone please look into my template and provide me an appropriate solution?

AWSTemplateFormatVersion: 2010-09-09
Description: CloudFormation template for deploying an app using Fargate with EBS storage.

Parameters:
  VPC:
    Type: AWS::EC2::VPC::Id
    Default: vpc-0e7fa5b1456919151
  SubnetA:
    Type: AWS::EC2::Subnet::Id
    Default: subnet-0468bc81339a8e324
  SubnetB:
    Type: AWS::EC2::Subnet::Id
    Default: subnet-00e833287b978988c
  SecurityGroup:
    Type: AWS::EC2::SecurityGroup::Id
    Default: sg-03b50fd0ea26b5343
  Image:
    Type: String
    Default: 360252553571.dkr.ecr.us-east-1.amazonaws.com/cloudops:munlq
  ServiceName:
    Type: String
    Default: MyService
  ContainerPort:
    Type: Number
    Default: 8080

Resources:
  Cluster:
    Type: AWS::ECS::Cluster
    Properties:
      ClusterName: !Join ['', [!Ref ServiceName, Cluster]]

  TaskDefinition:
    Type: AWS::ECS::TaskDefinition
    Properties:
      NetworkMode: awsvpc
      RequiresCompatibilities:
        - FARGATE
      Cpu: '4096'
      Memory: '16384'

      ExecutionRoleArn: !GetAtt ExecutionRole.Arn
      TaskRoleArn: !GetAtt TaskRole.Arn
      ContainerDefinitions:
        - Name: !Ref ServiceName
          Image: !Ref Image
          PortMappings:
            - ContainerPort: !Ref ContainerPort
          Essential: true
      EphemeralStorage:
        SizeInGiB: 150

  ExecutionRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: !Join ['', [!Ref ServiceName, ExecutionRole]]
      AssumeRolePolicyDocument:
        Statement:
          - Effect: Allow
            Principal:
              Service: ecs-tasks.amazonaws.com
            Action: 'sts:AssumeRole'
      ManagedPolicyArns:
        - 'arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy'

  TaskRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: !Join ['', [!Ref ServiceName, TaskRole]]
      AssumeRolePolicyDocument:
        Statement:
          - Effect: Allow
            Principal:
              Service: ecs-tasks.amazonaws.com
            Action: 'sts:AssumeRole'
  
  FargateService:
    Type: AWS::ECS::Service
    Properties:
      Cluster: !Ref Cluster
      LaunchType: FARGATE
      ServiceName: munlq-service
      DesiredCount: 1
      TaskDefinition: !Ref TaskDefinition
      NetworkConfiguration:
        AwsvpcConfiguration:
          AssignPublicIp: ENABLED
          SecurityGroups:
            - !Ref SecurityGroup
          Subnets:
            - !Ref SubnetA
            - !Ref SubnetB
      DeploymentConfiguration:
        MaximumPercent: 200
        MinimumHealthyPercent: 100
        DeploymentCircuitBreaker:
          Enable: true
          Rollback: true
  
  LoadBalancer:
    Type: AWS::ElasticLoadBalancingV2::LoadBalancer
    Properties:
      Name: !Join ['', [!Ref ServiceName, LoadBalancer]]
      Scheme: internet-facing
      Subnets:
        - !Ref SubnetA
        - !Ref SubnetB
      SecurityGroups:
        - !Ref SecurityGroup
      # Type: application
      # IpAddressType: ipv4
      # LoadBalancerAttributes:
      #   - Key: idle_timeout.timeout_seconds
      #     Value: '60'

  TargetGroup:
      Type: AWS::ElasticLoadBalancingV2::TargetGroup
      Properties:
        Name: !Join ['', [!Ref ServiceName, TargetGroup]]
        Port: !Ref ContainerPort
        Protocol: HTTP
        VpcId: !Ref VPC
        TargetType: ip

  Listener:
    Type: AWS::ElasticLoadBalancingV2::Listener
    Properties:
      DefaultActions:
        - Type: fixed-response
          FixedResponseConfig:
            ContentType: text/plain
            MessageBody: 'Hello from muNLQ'
            StatusCode: '200'
      LoadBalancerArn: !Ref LoadBalancer
      Port: 80
      Protocol: HTTP
      
  ListenerRule:
    Type: AWS::ElasticLoadBalancingV2::ListenerRule
    Properties:
      Actions:
        - Type: forward
          TargetGroupArn: !Ref TargetGroup
      Conditions:
        - Field: path-pattern
          Values: ['/']
      ListenerArn: !Ref Listener
      Priority: 1

1 Answer
0

Hi,

You are missing a list of Targets in your AWS::ElasticLoadBalancingV2::TargetGroup

See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-targetgroup.html#cfn-elasticloadbalancingv2-targetgroup-targets and https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-targetgroup-targetdescription.html

Since you chose TargetType: ip, you should link to the ip addresses (see links above) of your containers in your Targets to be added

Best

Didier

profile pictureAWS
EXPERT
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions