By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

ECS create service option does not provide sufficient configuration of the ALB health check

0

This is not a question but a shortcoming in the ECS that needs to be fixed. I don't pay enough to submit a bug so I post the issue here.

When creating a service in a cluster using FARSCAPE and the Application Load Balancer one has the option to create a target group. But the options do not allow the setting of the advanced fields, one critical item (at least in our case) is the specification of what an acceptable response to the health check is. The default health check is to send a '/' and expect a 200 response. However, our container will respond with 401 since the request does not contain a Cognito JWT token.

So what we are forced to do after creating the service is to navigate to the CloudFormation page as quick as possible, select resources, select the target group (which has just been created), in the target group page select the target item, and then in the details section select the health check and then select edit and then select advanced and then scroll down to the acceptable answers and change the 200 to 200,401 and save. All of this has to be done before the first health check is done during the service creation or you will get an error. This 'race against creation' is a real annoyance.

It should also be noted that all the other advanced features cannot be specified ahead of time either, but must be done using this same race against the clock. The create service-ALB page needs to be fixed to allow the user to set these parameters before one starts the creation.

Topics
ContainersNetworking & Content Delivery
Tags
Amazon Elastic Container ServiceElastic Load Balancing
Language
English
brianR
asked a year ago197 views
1 Answer
0

Hello, I don't configure these things as part of the UI, I use the ECS Compose-X which deals with setting the ALB & Target group settings for me using the x-elbv2 settings. In there you can configure the expected answer codes to report the application as healthy. Some of the things that Compose-X does for you though is do a lot of validation, i.e. check the ports on your service is open when declaring it on your Target Group, automatically adjust settings if two options are not compatible. Or at least, fail early to report that 2 options can't work together.

You can configure all this with CloudFormation anyways, which is what Compose-X does anyways (generate the CFN templates for you). As it seems you already are using CloudFormation, hopefully that's an easy retro-fit or swap to your existing stack.

The property you are looking for in your Target Group is otherwise this: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-targetgroup-matcher.html

Hope this helps,

profile picture
JohnPreston
answered 10 months ago
  • brianR
    10 months ago

    This will take a little while to try. After three weeks of frustration with the ECS UI shortcomings and documentation (far beyond just this item) I am willing to try almost anything. Our need is really very basic - we have a single task consisting of a container containing our web service and a container containing a mongo db. Our container service is accessed on port 8080 but we want the remote client to access it using https:443. We don't want to use Fargate since it is a long running application and Fargate is very expensive for that.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content