By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Docker compose with AWS ECS integration

1

I am using the docker compose ecs integration and found it extremely nice to be able to basically run your docker commands via ecs integration and viola behind the scenes everything you need is created for you in aws ecs.

I have 2 services in my docker compose, my spring boot web app and my postgres db. I wanted to implement ssl and redirect all traffic to https. After a lot of research and a lot of trial and error I finally got it to work by extending my compose file with x-aws-cloudformation and adding native cloudformation yaml. When doing all of this I was forced to choose an application load balancer over a network load balancer as it operates on layer 7 (http/https). However my problem is that now I have no way of reaching my postgres database and running queries against it via for example intellij. My spring boot app works fine and can read/write to my database so that works fine. Before the whole ssl implementation I didn't specify a load balancer in my compose file and so it gave me a network load balancer every time I ran my compose file. Then I could connect to my database via intellij and run queries. I have tried adding an inbound rule on my security group that basically allows all inbound traffic to my database via 5432 but that didn't help. I may not be setting the correct host when applying my connection details in intellij but I have tried using the following:

  1. dns name of load balancer
  2. ip-adress of load balancer
  3. public ip of my postgres db task (launch type: fargate)

I would just like to simply reach my database and run queries against it even though it is running inside aws ecs cluster behind an application load balancer. Is there a way of achieving what I am trying to do? Or do I have to have 2 separate load balancers (one application LB and one network LB)? I know that there is an alternative to use RDS instead of ECS for my database. However it is a lot easier to have everything in one docker compose file. If I was able to set up an RDS instance via docker compose then that would have been lovely because I wouldn't have to manually set it up or use terraform to set it up and connect to it via my ecs cluster.

Here is my docker-compose file(I have omitted a few irrelevant env variables):

version: "3.9"

x-aws-loadbalancer: arn:my-application-load-balancer

services:
  my-web-app:
    build:
      context: .
    image: hub/my-web-app
    x-aws-pull_credentials: xxxxxxxx
    container_name: my-app-name
    ports:
      - "80:80"
    networks:
      - my-app-network
    depends_on:
      - postgres
    deploy:
      replicas: 1
      resources:
        limits:
          cpus: '0.5'
          memory: 2048M
    environment:
      - SPRING_DATASOURCE_URL=jdbc:postgresql://postgres:5432/my-db?currentSchema=my-db_schema
      - SPRING_DATASOURCE_USERNAME=dbpass
      - SPRING_DATASOURCE_PASSWORD=dbpass
      - SPRING_DATASOURCE_DRIVER-CLASS-NAME=org.postgresql.Driver
      - SPRING_JPA_DATABASE_PLATFORM=org.hibernate.dialect.PostgreSQLDialect

  postgres:
    build:
      context: docker/database
    image: hub/my-db
    container_name: my-db
    networks:
      - my-app-network
    deploy:
      replicas: 1
      resources:
        limits:
          cpus: '0.5'
          memory: 2048M
    environment:
      - POSTGRES_USER=dbpass
      - POSTGRES_PASSWORD=dbpass
      - POSTGRES_DB=my-db
    volumes:
      - my-app-db-data:/var/lib/postgresql/data

volumes:
  my-app-db-data:
    name: my-app-db-volume

networks:
  my-app-network:
    name: my-app-network

x-aws-cloudformation:
  Resources:
    MyWebAppTCP80TargetGroup:
      Properties:
        HealthCheckPath: /actuator/health
        Matcher:
          HttpCode: 200-499
    MyWebAppTCP80Listener:
      Type: AWS::ElasticLoadBalancingV2::Listener
      Properties:
        Protocol: HTTP
        Port: 80
        LoadBalancerArn: xxxxx
        DefaultActions:
          - Type: redirect
            RedirectConfig:
              Port: 443
              Host: "#{host}"
              Path: "/#{path}"
              Query: "#{query}"
              Protocol: HTTPS
              StatusCode: HTTP_301
    MyWebAppTCP443Listener:
      Type: AWS::ElasticLoadBalancingV2::Listener
      Properties:
        Protocol: HTTPS
        Port: 443
        LoadBalancerArn: xxxxxxxxx
        Certificates:
          - CertificateArn: "xxxxxxxxxx"
        DefaultActions:
          - Type: forward
            ForwardConfig:
              TargetGroups:
                - TargetGroupArn:
                    Ref: MyWebAppTCP80TargetGroup
    MyWebAppTCP80RedirectRule:
      Type: AWS::ElasticLoadBalancingV2::ListenerRule
      Properties:
        ListenerArn:
          Ref: MyWebAppTCP80Listener
        Priority: 1
        Conditions:
          - Field: host-header
            HostHeaderConfig:
              Values:
                - "*.my-app.com"
                - "www.my-app.com"
                - "my-app.com"
        Actions:
          - Type: redirect
            RedirectConfig:
              Host: "#{host}"
              Path: "/#{path}"
              Query: "#{query}"
              Port: 443
              Protocol: HTTPS
              StatusCode: HTTP_301
Topics
ServerlessContainersManagement & Governance
Tags
AWS FargateAWS CloudFormationAmazon Elastic Container ServiceApplication Load BalancerAsk the Experts
Language
English
rePost-User-4439963
asked a year ago111 views
No Answers

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content