cn-terraform / terraform-aws-ecs-alb Goto Github PK
View Code? Open in Web Editor NEWAWS ALB Terraform Module for ECS
Home Page: https://registry.terraform.io/modules/cn-terraform/ecs-alb
License: Apache License 2.0
AWS ALB Terraform Module for ECS
Home Page: https://registry.terraform.io/modules/cn-terraform/ecs-alb
License: Apache License 2.0
Hello @jnonino ,
Since your udpate, I have issue during sonarqube deployment :
Error: failure configuring LB attributes: InvalidConfigurationRequest: S3Bucket validation transient issue
status code: 400, request id: 391d3af7-99cd-4cd8-9617-15557228d1ce
with module.sonar.module.ecs_fargate.module.ecs-fargate-service.module.ecs-alb.aws_lb.lb,
on .terraform/modules/sonar.ecs_fargate.ecs-fargate-service.ecs-alb/main.tf line 26, in resource "aws_lb" "lb":
26: resource "aws_lb" "lb" {
At the moment it is not possible to have different LB listener and target group ports.
For example you can not forward LB port 443 to target group port 80
https://github.com/cn-terraform/terraform-aws-ecs-alb/blob/master/main.tf#L160-L179
Because the listener port is read out of the targetgroups:
port = element(aws_lb_target_group.lb_http_tgs.*.port, count.index)
port = element(aws_lb_target_group.lb_https_tgs.*.port, count.index)
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
This repository currently has no open or pending branches.
.github/workflows/pipeline.yml
actions/checkout v4
actions/checkout v4
main.tf
cn-terraform/logs-s3-bucket/aws 1.0.6
versions.tf
aws >= 4
hashicorp/terraform >= 0.13
The name of the load balancer is limited to 32 characters, which can be easily violated, especially when the name is composed of many parts.
I'm running into an issue when I try to forward both HTTP and HTTPS to the same container port. As an example:
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 3.0"
}
}
}
provider "aws" {
region = "us-west-1"
}
module "base-network" {
source = "cn-terraform/networking/aws"
version = "2.0.13"
name_prefix = "test-networking"
vpc_cidr_block = "192.168.0.0/16"
availability_zones = ["us-west-1a", "us-west-1b"]
public_subnets_cidrs_per_availability_zone = ["192.168.0.0/19", "192.168.32.0/19"]
private_subnets_cidrs_per_availability_zone = ["192.168.128.0/19", "192.168.160.0/19"]
}
module "ecs-fargate" {
source = "cn-terraform/ecs-fargate/aws"
version = "2.0.28"
name_prefix = "demo-http-https-port"
assign_public_ip = false
container_image = "mendhak/http-https-echo:23"
container_name = "demo-http-https-port"
vpc_id = module.base-network.vpc_id
private_subnets_ids = module.base-network.private_subnets_ids
public_subnets_ids = module.base-network.public_subnets_ids
environment = [
{
name = "HTTP_PORT"
value = "3000"
}
]
port_mappings = [
{
containerPort = 3000
hostPort = 3000
protocol = "tcp"
}
]
lb_http_ports = {
default_http = {
listener_port = 80
target_group_port = 3000
}
}
lb_https_ports = {
default_https = {
listener_port = 443
target_group_port = 3000
}
}
default_certificate_arn = "MY_CERT_ARN"
}
When I apply this configuration, I see:
│ Error: [WARN] A duplicate Security Group rule was found on (sg-xxxxxxxxxx). This may be
│ a side effect of a now-fixed Terraform issue causing two security groups with
│ identical attributes but different source_security_group_ids to overwrite each
│ other in the state. See https://github.com/hashicorp/terraform/pull/2376 for more
│ information and instructions for recovery. Error: InvalidPermission.Duplicate: the specified rule "peer: sg-xxxxxxxxxx, TCP, from port: 3000, to port: 3000, ALLOW" already exists
│ status code: 400, request id: xxxxxxxxx
│
│ with module.ecs-fargate.module.ecs-fargate-service.aws_security_group_rule.ingress_through_https["3000"],
│ on .terraform/modules/ecs-fargate.ecs-fargate-service/main.tf line 161, in resource "aws_security_group_rule" "ingress_through_https":
│ 161: resource "aws_security_group_rule" "ingress_through_https" {
│
I believe this is because this module creates an ingress rule for HTTP and HTTPS traffic (one each) that wind up being identical (main.tf:116):
resource "aws_security_group_rule" "ingress_through_http" {
for_each = var.http_ports
security_group_id = aws_security_group.lb_access_sg.id
type = "ingress"
from_port = each.value.listener_port
to_port = each.value.listener_port
protocol = "tcp"
cidr_blocks = var.http_ingress_cidr_blocks
prefix_list_ids = var.http_ingress_prefix_list_ids
}
resource "aws_security_group_rule" "ingress_through_https" {
for_each = var.https_ports
security_group_id = aws_security_group.lb_access_sg.id
type = "ingress"
from_port = each.value.listener_port
to_port = each.value.listener_port
protocol = "tcp"
cidr_blocks = var.https_ingress_cidr_blocks
prefix_list_ids = var.https_ingress_prefix_list_ids
}
There might be some way to deduplicate these rules or make them different in some semantic way to allow both rules to exist.
Missing Tags as a variable [map()] on lb and tg
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.