ECSとアプリケーションロードバランサは、テラフォームを使用してエフェメラルポートを登録していません

Question

ECSのDockerを使用してアプリケーションを作成しています。

resource "aws_ecs_cluster" "my-cluster" { 
 
    name = "my-cluster" 
 
} 
 

 
resource "aws_launch_configuration" "ecs" { 
 
    name = "ECS Cluster" 
 
    image_id = "ami-1c002379" 
 
    instance_type = "m4.xlarge" 
 
    security_groups = ["sg-4218de2a"] 
 
    iam_instance_profile = "${aws_iam_instance_profile.ecs.name}" 
 
    # TODO: is there a good way to make the key configurable sanely? 
 
    key_name = "my-key" 
 
    associate_public_ip_address = true 
 
    user_data = "#!/bin/bash\necho ECS_CLUSTER='${aws_ecs_cluster.my-cluster.name}' > /etc/ecs/ecs.config" 
 
} 
 

 
resource "aws_iam_role" "ecs_host_role" { 
 
    name = "ecs_host_role" 
 
    assume_role_policy = "${file("policies/ecs-role.json")}" 
 
} 
 

 
resource "aws_iam_role_policy" "ecs_instance_role_policy" { 
 
    name = "ecs_instance_role_policy" 
 
    policy = "${file("policies/ecs-instance-role-policy.json")}" 
 
    role = "${aws_iam_role.ecs_host_role.id}" 
 
} 
 

 
resource "aws_iam_policy_attachment" "ecs_for_ec2" { 
 
    name = "ecs-for-ec2" 
 
    roles = ["${aws_iam_role.ecs_host_role.id}"] 
 
    policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role" 
 
} 
 

 
resource "aws_iam_role" "ecs_service_role" { 
 
    name = "ecs_service_role" 
 
    assume_role_policy = "${file("policies/ecs-role.json")}" 
 
} 
 

 
resource "aws_iam_role_policy" "ecs_service_role_policy" { 
 
    name = "ecs_service_role_policy" 
 
    policy = "${file("policies/ecs-service-role-policy.json")}" 
 
    role = "${aws_iam_role.ecs_service_role.id}" 
 
} 
 

 
resource "aws_iam_instance_profile" "ecs" { 
 
    name = "ecs-instance-profile" 
 
    path = "/" 
 
    role = "${aws_iam_role.ecs_host_role.name}" 
 
} 
 

 
resource "aws_autoscaling_group" "ecs-cluster" { 
 
    availability_zones = ["us-east-2a", "us-east-2b"] 
 
    name = "ECS ${aws_ecs_cluster.my-cluster.name}" 
 
    min_size = "1" 
 
    max_size = "2" 
 
    desired_capacity = "1" 
 
    health_check_type = "EC2" 
 
    launch_configuration = "${aws_launch_configuration.ecs.name}" 
 
    vpc_zone_identifier = ["subnet-8e9abce7"] 
 
} 
 

 
resource "aws_alb" "front-end" { 
 
    name   = "alb" 
 
    internal  = false 
 
    security_groups = ["sg-4218de2a"] 
 
    subnets   = ["subnet-8e9abce7", "subnet-e11d779a"] 
 

 
    enable_deletion_protection = true 
 
} 
 

 
resource "aws_alb_listener" "front_end" { 
 
    load_balancer_arn = "${aws_alb.front-end.arn}" 
 
    port    = "80" 
 
    protocol   = "HTTP" 
 

 
    default_action { 
 
    target_group_arn = "${aws_alb_target_group.fe-tg.arn}" 
 
    type    = "forward" 
 
    } 
 
} 
 

 
resource "aws_alb_target_group" "fe-tg" { 
 
    name  = "fe-tg" 
 
    port  = 8080 
 
    protocol = "HTTP" 
 
    vpc_id = "vpc-22eeb84b" 
 
    health_check { 
 
    path = "/poc/healthy.html" 
 
    } 
 
} 
 

 

 
resource "aws_autoscaling_attachment" "asg_attachment_bar" { 
 
    autoscaling_group_name = "${aws_autoscaling_group.ecs-cluster.name}" 
 
    alb_target_group_arn = "${aws_alb_target_group.fe-tg.arn}" 
 
} 
 

 
resource "template_file" "task_container_definition" { 
 
    template = "${file("container-defintion.json.tpl")}" 
 

 
    vars { 
 
    aws_region = "${var.region}" 
 
    aws_account = "${var.account}" 
 
    image = "${var.image}" 
 
    tag = "${var.tag}" 
 
    } 
 
} 
 

 

 
resource "aws_ecs_task_definition" "my-td" { 
 
    family = "my-task" 
 
    container_definitions = "${template_file.task_container_definition.rendered}" 
 
} 
 

 
resource "aws_ecs_service" "poc" { 
 
    name   = "poc-v4" 
 
    cluster   = "${aws_ecs_cluster.my-cluster.name}" 
 
    task_definition = "${aws_ecs_task_definition.my-td.arn}" 
 
    desired_count = 3 
 
    iam_role  = "${aws_iam_role.ecs_service_role.arn}" 
 

 
    depends_on = ["aws_iam_role_policy.ecs_service_role_policy", "aws_alb_listener.front_end"] 
 

 
    deployment_maximum_percent = 200 
 
    deployment_minimum_healthy_percent = 51 
 

 
    load_balancer { 
 
    target_group_arn = "${aws_alb_target_group.fe-tg.id}" 
 
    container_name = "greeter" 
 
    container_port = 0 
 
    } 
 

 
    placement_constraints { 
 
    type  = "memberOf" 
 
    expression = "attribute:ecs.availability-zone in [us-east-2a, us-east-2b]" 
 
    } 
 

 
    placement_strategy { 
 
    type = "binpack" 
 
    field = "cpu" 
 
    } 
 
}

タスク定義テンプレート：

[{ 
 
    "environment": [], 
 
"name": "greeter", 
 
"mountPoints": [], 
 
"image": "${aws_account}.dkr.ecr.${aws_region}.amazonaws.com/${image}:${tag}", 
 
"cpu": 0, 
 
"portMappings": [ 
 
{ 
 
"containerPort": 8080, "hostPort": 0 
 
} 
 
], 
 
"memory": 2048, 
 
     "memoryReservation": 1024, 
 
"essential": true, 
 
"volumesFrom": [] 
 
}]

私はスピンにECSを求めています私は、次のテラフォームファイルを（読みやすくするために連結された）持っています私のサービス内で少なくとも3つのタスクをアップ。しかし、何らかの理由で、私のアプリケーション・ロード・バランサがヘルス・チェックにエフェメラル・ポートを入れていません。実際にはtomcatポート（8080）を置いています。

サービスを手作業で作成してもうまく動作しますが、Terraformを使用しても機能しません。何か突き出ていますか？

Answer 1

はい、私は設定を見ました。リソースaws_alb_listenerは、デフォルトのルール（最後の、最も低い優先度のルール）を定義するために使用され

、あなたのためのサンプルコードをリソースaws_alb_listener_ruleを追加してください：

resource "aws_alb_listener_rule" "static" { 
    listener_arn = "${aws_alb_listener.front_end.arn}" 
    priority  = 100 

    action { 
    type    = "forward" 
    target_group_arn = "${aws_alb_target_group.fe-tg.arn}" 
    } 

    condition { 
    field = "path-pattern" 
    values = ["/static/*"] 
    } 
} 

あなたは（100異なるpriorityでより多くのリソースaws_alb_listener_ruleを追加することができます、101,102、...）。

これで、動的ポートを正しく取得することができます。