Question 289329 in Amazon Web Sevices Question posted in
The official Amazon Web Services documentation can be found here.

Amazon web services – AWS Task Definition container port

I am using a simple Dockerfile that will create an image and run a simple node.js application in port 3000.
This is my dockerfile.

FROM node:16-alpine
WORKDIR /usr/src/app
COPY package*.json ./
RUN npm install
COPY . .
EXPOSE 3000
CMD [ "node", "app.js" ]

I can access this from my local machine on port 3000.

Now I want to access this from an AWS ECS service and I’ve already created the necessary resources for this (Cluster/Task Def/ALB/Security Groups/Listener), but I am not sure how do I access this port 3000 from within AWS.

ECSTaskDefinition:
  Type: AWS::ECS::TaskDefinition
  Properties:
    Family: !Join ["-", [!Ref ServiceName, taskdef, !Ref Environment]]
      NetworkMode: awsvpc
    RequiresCompatibilities:
      - FARGATE
    Cpu: !Ref CPU
    Memory: !Ref Memory
    ExecutionRoleArn: !GetAtt ECSTaskRole.Arn
    TaskRoleArn: !GetAtt ECSTaskRole.Arn
    ContainerDefinitions:
      - Name: !Sub
        - "${TheServiceName}-${TheEnvironment}"
        - TheServiceName: !Ref ServiceName
          TheEnvironment: !Ref Environment
    Image: !Ref Image
    Environment:
      - Name: AWS_ENV
        Value: !Ref Environment
      - Name: AWS_REGION
        Value: !Ref AWS::Region
    PortMappings:
      - ContainerPort: 80
        Protocol: tcp
    LogConfiguration:
      LogDriver: awslogs
      Options:
        awslogs-group: !Ref LogGroup
        awslogs-region: !Ref AWS::Region
        awslogs-stream-prefix: !Sub ${ServiceName}-${Environment}

ApplicationLoadBalancer:
  Type: AWS::ElasticLoadBalancingV2::LoadBalancer
  Properties:
    IpAddressType: ipv4
    Name: !Join ["-", [!Ref Environment, !Ref AppNameForResources, "server"]]
    Scheme: internal
    LoadBalancerAttributes:
    - Key: idle_timeout.timeout_seconds
      Value: '30'
    SecurityGroups:
      - !Ref SecurityGroupForALB
    Subnets:
      - Fn::ImportValue:
          !Sub
          - "${TheNetworkStackName}-PrivateAZ1-ID"
          - TheNetworkStackName: !Ref NetworkStackName
      - Fn::ImportValue:
          !Sub
          - "${TheNetworkStackName}-PrivateAZ2-ID"
          - TheNetworkStackName: !Ref NetworkStackName
      - Fn::ImportValue:
          !Sub
          - "${TheNetworkStackName}-PrivateAZ3-ID"
          - TheNetworkStackName: !Ref NetworkStackName
    Type: application

SecurityGroupForALB:
  Type: AWS::EC2::SecurityGroup
  Properties:
    GroupDescription: !Sub 'Created for ALB of ${AppNameForResources} app on ${Environment}'
    SecurityGroupIngress:
      - IpProtocol: tcp
        FromPort: '80'
        ToPort: '80'
        CidrIp: "0.0.0.0/0"
        Description: 'HTTP Traffic to SG'
    VpcId: !Ref VPC

SecurityGroupForECS:
  Type: AWS::EC2::SecurityGroup
  Properties:
    GroupDescription: !Sub 'Created for ECS ${AppNameForResources} app on ${Environment} env'
    SecurityGroupIngress:
      # Allow anything from SecurityGroupForALB
      - IpProtocol: tcp
        FromPort: '1'
        ToPort: '65535'
        SourceSecurityGroupId: !GetAtt SecurityGroupForALB.GroupId
        Description: 'Accept anything from ALB security group'
    VpcId:
      Fn::ImportValue: !Join ['-', [!Ref NetworkStackName, 'VPCID']]

ALBTargetGroup:
  Type: AWS::ElasticLoadBalancingV2::TargetGroup
  Properties:
    Name: !Sub '${Environment}-${AppNameForResources}-alb-tg-1'
    HealthCheckEnabled: true
    HealthCheckIntervalSeconds: 30
    HealthCheckPort: '80'
    HealthCheckTimeoutSeconds: 5
    HealthyThresholdCount: 2
    UnhealthyThresholdCount: 2
    Port: '80'
    Protocol: HTTP
    TargetType: ip
    VpcId:
      Fn::ImportValue: !Sub "${NetworkStackName}-VPCID"

ALBListenerForHTTP:
  Type: "AWS::ElasticLoadBalancingV2::Listener"
  Properties:
    LoadBalancerArn: !Ref ApplicationLoadBalancer
    Port: 80
    Protocol: "HTTP"
    DefaultActions:
      - Type: forward
        TargetGroupArn: !Ref ALBTargetGroup

There are Ports in these 2 security groups and also in my ALB and Target group.
How do I point my ALB to port 3000 here and where exactly in the stack should I make this change?

Any help much appreciated.

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    Sorry that was my mistake. I didn't include port ":3000" in my URL. Its now working on http://internal-dev-demo-ecs-poc-ui-server-1234567.us-east-1.elb.amazonaws.com:3000/

    Should I always have that port 3000 appended to the URL whenever I visit the URL?


  2. 0

    In the ECS Task definition change the container port to 3000:

        PortMappings:
      - ContainerPort: 3000
        Protocol: tcp

    And change the Target Group port, and health check port settings to 3000:

    ALBTargetGroup:
  Type: AWS::ElasticLoadBalancingV2::TargetGroup
  Properties:
    Name: !Sub '${Environment}-${AppNameForResources}-alb-tg-1'
    HealthCheckEnabled: true
    HealthCheckIntervalSeconds: 30
    HealthCheckPort: '3000'
    HealthCheckTimeoutSeconds: 5
    HealthyThresholdCount: 2
    UnhealthyThresholdCount: 2
    Port: '3000'

    After you make those changes, you can go to the load balancer’s DNS address in your web browser, which will use the default HTTP port of 80, and the load balancer will use the target group settings to forward the traffic to port 3000 of your ECS container.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search