ECS 및 응용 프로그램로드 밸런서가 Terraform을 사용하여 임시 포트를 등록하지 않음

Question

ECS에서 Docker를 사용하여 응용 프로그램을 만들고 있습니다.

resource "aws_ecs_cluster" "my-cluster" { 
 
    name = "my-cluster" 
 
} 
 

 
resource "aws_launch_configuration" "ecs" { 
 
    name = "ECS Cluster" 
 
    image_id = "ami-1c002379" 
 
    instance_type = "m4.xlarge" 
 
    security_groups = ["sg-4218de2a"] 
 
    iam_instance_profile = "${aws_iam_instance_profile.ecs.name}" 
 
    # TODO: is there a good way to make the key configurable sanely? 
 
    key_name = "my-key" 
 
    associate_public_ip_address = true 
 
    user_data = "#!/bin/bash\necho ECS_CLUSTER='${aws_ecs_cluster.my-cluster.name}' > /etc/ecs/ecs.config" 
 
} 
 

 
resource "aws_iam_role" "ecs_host_role" { 
 
    name = "ecs_host_role" 
 
    assume_role_policy = "${file("policies/ecs-role.json")}" 
 
} 
 

 
resource "aws_iam_role_policy" "ecs_instance_role_policy" { 
 
    name = "ecs_instance_role_policy" 
 
    policy = "${file("policies/ecs-instance-role-policy.json")}" 
 
    role = "${aws_iam_role.ecs_host_role.id}" 
 
} 
 

 
resource "aws_iam_policy_attachment" "ecs_for_ec2" { 
 
    name = "ecs-for-ec2" 
 
    roles = ["${aws_iam_role.ecs_host_role.id}"] 
 
    policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role" 
 
} 
 

 
resource "aws_iam_role" "ecs_service_role" { 
 
    name = "ecs_service_role" 
 
    assume_role_policy = "${file("policies/ecs-role.json")}" 
 
} 
 

 
resource "aws_iam_role_policy" "ecs_service_role_policy" { 
 
    name = "ecs_service_role_policy" 
 
    policy = "${file("policies/ecs-service-role-policy.json")}" 
 
    role = "${aws_iam_role.ecs_service_role.id}" 
 
} 
 

 
resource "aws_iam_instance_profile" "ecs" { 
 
    name = "ecs-instance-profile" 
 
    path = "/" 
 
    role = "${aws_iam_role.ecs_host_role.name}" 
 
} 
 

 
resource "aws_autoscaling_group" "ecs-cluster" { 
 
    availability_zones = ["us-east-2a", "us-east-2b"] 
 
    name = "ECS ${aws_ecs_cluster.my-cluster.name}" 
 
    min_size = "1" 
 
    max_size = "2" 
 
    desired_capacity = "1" 
 
    health_check_type = "EC2" 
 
    launch_configuration = "${aws_launch_configuration.ecs.name}" 
 
    vpc_zone_identifier = ["subnet-8e9abce7"] 
 
} 
 

 
resource "aws_alb" "front-end" { 
 
    name   = "alb" 
 
    internal  = false 
 
    security_groups = ["sg-4218de2a"] 
 
    subnets   = ["subnet-8e9abce7", "subnet-e11d779a"] 
 

 
    enable_deletion_protection = true 
 
} 
 

 
resource "aws_alb_listener" "front_end" { 
 
    load_balancer_arn = "${aws_alb.front-end.arn}" 
 
    port    = "80" 
 
    protocol   = "HTTP" 
 

 
    default_action { 
 
    target_group_arn = "${aws_alb_target_group.fe-tg.arn}" 
 
    type    = "forward" 
 
    } 
 
} 
 

 
resource "aws_alb_target_group" "fe-tg" { 
 
    name  = "fe-tg" 
 
    port  = 8080 
 
    protocol = "HTTP" 
 
    vpc_id = "vpc-22eeb84b" 
 
    health_check { 
 
    path = "/poc/healthy.html" 
 
    } 
 
} 
 

 

 
resource "aws_autoscaling_attachment" "asg_attachment_bar" { 
 
    autoscaling_group_name = "${aws_autoscaling_group.ecs-cluster.name}" 
 
    alb_target_group_arn = "${aws_alb_target_group.fe-tg.arn}" 
 
} 
 

 
resource "template_file" "task_container_definition" { 
 
    template = "${file("container-defintion.json.tpl")}" 
 

 
    vars { 
 
    aws_region = "${var.region}" 
 
    aws_account = "${var.account}" 
 
    image = "${var.image}" 
 
    tag = "${var.tag}" 
 
    } 
 
} 
 

 

 
resource "aws_ecs_task_definition" "my-td" { 
 
    family = "my-task" 
 
    container_definitions = "${template_file.task_container_definition.rendered}" 
 
} 
 

 
resource "aws_ecs_service" "poc" { 
 
    name   = "poc-v4" 
 
    cluster   = "${aws_ecs_cluster.my-cluster.name}" 
 
    task_definition = "${aws_ecs_task_definition.my-td.arn}" 
 
    desired_count = 3 
 
    iam_role  = "${aws_iam_role.ecs_service_role.arn}" 
 

 
    depends_on = ["aws_iam_role_policy.ecs_service_role_policy", "aws_alb_listener.front_end"] 
 

 
    deployment_maximum_percent = 200 
 
    deployment_minimum_healthy_percent = 51 
 

 
    load_balancer { 
 
    target_group_arn = "${aws_alb_target_group.fe-tg.id}" 
 
    container_name = "greeter" 
 
    container_port = 0 
 
    } 
 

 
    placement_constraints { 
 
    type  = "memberOf" 
 
    expression = "attribute:ecs.availability-zone in [us-east-2a, us-east-2b]" 
 
    } 
 

 
    placement_strategy { 
 
    type = "binpack" 
 
    field = "cpu" 
 
    } 
 
}

작업 정의 템플릿 :

[{ 
 
    "environment": [], 
 
"name": "greeter", 
 
"mountPoints": [], 
 
"image": "${aws_account}.dkr.ecr.${aws_region}.amazonaws.com/${image}:${tag}", 
 
"cpu": 0, 
 
"portMappings": [ 
 
{ 
 
"containerPort": 8080, "hostPort": 0 
 
} 
 
], 
 
"memory": 2048, 
 
     "memoryReservation": 1024, 
 
"essential": true, 
 
"volumesFrom": [] 
 
}]

내가 스핀 ECS를 요구하고 나는 (읽기 쉽도록 연결된) 다음 Terraform 파일이 내 서비스에서 적어도 3 가지 작업을 수행하십시오. 그러나 어떤 이유로 Application Load Balancer가 임시 포트를 상태 확인에 넣지 않습니다. 그것은 실제로 바람둥이 포트 (8080)를 넣고 있습니다.

손으로 서비스를 만들면 잘 작동하지만 Terraform을 사용하면 제대로 작동하지 않습니다. 아무것도 튀어 나와 있니?

Answer 1

예, 설정을 보았습니다.

resource "aws_alb_listener_rule" "static" { 
    listener_arn = "${aws_alb_listener.front_end.arn}" 
    priority  = 100 

    action { 
    type    = "forward" 
    target_group_arn = "${aws_alb_target_group.fe-tg.arn}" 
    } 

    condition { 
    field = "path-pattern" 
    values = ["/static/*"] 
    } 
} 

당신은 (다른 priority 100 더 많은 자원 aws_alb_listener_rule을 추가 할 수 있습니다 : 자원 aws_alb_listener은

당신을 위해 자원 aws_alb_listener_rule, 샘플 코드를 추가하십시오 기본 규칙 (마지막으로, 가장 낮은 우선 순위 규칙)을 정의하는 데 사용됩니다 , 101, 102, ...).

동적 포트를 올바르게 가져 오면 정상적으로 작동합니다.