- Newest
- Most votes
- Most comments
hlo,
1.ALB (Application Load Balancer): In your architecture, since your backend app communicates directly with the RDS instance through VPC peering, you might not necessarily need an ALB if your application doesn't need to be accessed publicly. ALB is typically used for routing incoming HTTP or HTTPS traffic to your containers. If your backend app doesn't need to serve HTTP requests from the internet, you might not need an ALB.However, if your backend app needs to serve HTTP requests and you want to access it from the internet, then you would need an ALB. But remember, if your containers are in private subnets, the ALB needs to be in a public subnet with a route to the internet through an internet gateway or NAT gateway.
2.ECS Service Stuck in CREATE_IN_PROGRESS State: This issue could be due to various reasons. One common reason is insufficient resources in your ECS cluster or issues with IAM permissions. Ensure that your ECS cluster has sufficient resources (CPU, memory) available and that the IAM roles used by ECS have necessary permissions to perform tasks like registering container instances.The error message you're seeing, "Unable to register as a container instance with ECS," indicates a problem with the registration of the EC2 instance as a container instance with ECS. This could be due to network issues or permission issues.
3.Network Issues: The error message mentions a timeout when trying to connect to ECS API endpoint (ecs.us-east-2.amazonaws.com). Ensure that the EC2 instance has outbound internet access, and there are no network restrictions (like firewall rules) blocking outbound connections to ECS endpoint.
4.IAM Permissions: Double-check the IAM role (ecsInstanceRole) attached to your EC2 instances. Ensure it has the necessary permissions to interact with ECS, including registering container instances. You can attach the managed policy AmazonEC2ContainerServiceforEC2Role to this role to grant the required permissions.
Hi
Here is the answers for your questions:
-
You're correct that an ALB in a private subnet isn't mandatory in this scenario. Since your backend container connects to the RDS instance in the peered VPC using the VPC peering connection, the ALB wouldn't be directly involved in routing traffic.
-
Register Issue
- Please try looking to security Groups - Ensure inbound rules on the EC2 instance's security group allow traffic on port 443 (HTTPS) from the ECS agent service.
- IAM Role - https://docs.aws.amazon.com/AmazonECS/latest/developerguide/instance_IAM_role.html
- once done above try
sudo systemctl restart ecs.
then see the logs if you have any errors again
- Service Issue:
- Ensure the instance is registred, You can see in the Infrastrucure section in ECS console , Ensure that your ASG has a minimum desired capacity of at least 1
Additional Information: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/asg-capacity-providers.html
After Fixing the Network Connectivity Issue , (turned out that I was Placing the NAT Gateway in a Private Subnet Instead of a public one) , the task still In Provisioning Status , and when I open the ecs.agent.log I see the following output repeatedly In an endless loop respectively :
Connected to TCS endpoint
Websocket connection established.
Connected to ACS endpoint
Successfully loaded ebs-csi-driver container image from tarball
"Successfully loaded Managed Daemon image
Image excluded from cleanup" image="ebs-csi-driver:latest"
TCS WebSocket connection closed for a valid reason
Reconnecting to ACS immediately without waiting
Using cached DiscoverPollEndpoint
Establishing a Websocket connection
Websocket connection established
Connected to ACS endpoint
What does It mean ?
Thanks for your help , I have deleted the entire cluster and created a new one again , and I have configured an ALB balancer and attached it to the service , I was using a t3.medium Instance which come with 2 vCPUs, 4GB Memory , I have set the Task Size to 1 vCPU and Memory to 3 GB and as I was planning to only run 1 container, In the Resource allocation limits section of the container, I set the CPU to 1 vCPU and Memory soft limit and hard limit to 1 and 3 respectively and It worked but another problem popped up.
Relevant content
- asked 2 years ago
- asked 9 months ago
- Accepted Answerasked 9 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 8 months ago
II have double checked the points you mention, but no luck so far