By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Adding a Cluster with the New ECS Experience Lacks the Security Groups

0

In the "New ECS Experience", when you create a new ECS Cluster, there isn't an option for adding a Security Group.

Old UI:

Enter image description here

New UI:

Enter image description here

After creating the Cluster, a Security Group is not added to the Auto Scaling Group. So, any new EC2 instances spun up by the Auto Scaling Group lack a Security Group as well. This results in the health check timing out.

Is this a bug in the new UI or am I missing something?

Topics
ContainersNetworking & Content Delivery
Tags
Amazon Elastic Container ServiceSecurity Group
Language
English
rePost-User-1523666
asked a year ago365 views
2 Answers
1

Once the ECS cluster is created on EC2, EC2 AutoScaling can be configured.
You can then set up the security group by updating it from the startup template associated with the EC2 AutoScaling configuration.
The following document describes how to update the startup template.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/manage-launch-template-versions.html

After updating the startup template, please also change the version of the startup template referenced by EC2 AutoScaling to the newer version.
Doing so will start EC2 with the new version.

profile picture
EXPERT
Riku_Kobayashi
answered a year ago
  • rePost-User-1523666
    a year ago

    That works, but it's quite annoying that you have to now do that added step. I guess another reason to use Fargate.

    Is there any way to see all of the changes between the old and new flavors of the UI at the service-level?

  • Riku_Kobayashi EXPERT
    a year ago

    At the moment, the new UI does not seem to support security group settings for EC2 startup types, so if you use EC2 startup types, it is better to create a startup template with security group settings in advance or to configure them in the old UI. Also, the only way to confirm the difference between the old and new UI seems to be to actually visually check it at this point.
    Also, the following documentation indicates that the EC2 Auto Scaling group should be configured in the old console. https://docs.aws.amazon.com/AmazonECS/latest/developerguide/create-ec2-cluster-console-v2.html#capacity-providers

    If you want to use Spot Instances in your Auto Scaling group, you must use the classic console to create the cluster. For more information, see Creating a cluster using the classic console.

0

Services can be created after the cluster has been created.
Security groups can be configured from Networking when the service is created.
You can then set up security groups in the Networking section.
The following images are in Japanese, but they are from my screen when creating a service.
The red box is the security group setting.
sg

profile picture
EXPERT
Riku_Kobayashi
answered a year ago
  • rePost-User-1523666
    a year ago

    When you change the launch type from Fargate to EC2, the Networking section disappears.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content