Closed robertd closed 5 years ago
You can import
an existing VPC network (see ec2.VpcNetwork.importFromContext
).
The Fargate Service will use the private subnets from the imported VPC network. Should you need the public subnets, you pass the vpcPlacement
property.
Need a bit of guidance on a related issue. Subnets for my fargate service are never populated @rix0rrr @robertd
networkConfiguration:
{ awsvpcConfiguration:
{ assignPublicIp: 'DISABLED',
subnets: [],
securityGroups: [Token] } } }
const vpc = ec2.VpcNetwork.import(this, 'vpc', {
vpcId: 'vpc-xxxxx',
availabilityZones: ['eu-west-1a', 'eu-west-1b'],
privateSubnetIds: ['subnet-xxxxx', 'subnet-xxxx'],
});
const cluster = ecs.Cluster.import(this, 'Cluster', {
clusterName: "cluster_name",
vpc: vpc,
securityGroups: [{securityGroupId: 'securityGroupId'}]
})
const fargateService = new ecs.FargateService(this, 'FargateService', {
cluster: cluser,
taskDefinition: taskname
desiredCount: 2,
});
@allankp Cluster.import
does not take an IVpcNetwork
, it takes VpcNetworkImportProps
. Correct code:
const cluster = ecs.Cluster.import(this, 'Cluster', {
clusterName: "cluster_name",
vpc: {
vpcId: 'vpc-xxxxx',
availabilityZones: ['eu-west-1a', 'eu-west-1b'],
privateSubnetIds: ['subnet-xxxxx', 'subnet-xxxx'],
},
securityGroups: [{securityGroupId: 'securityGroupId'}]
})
@rix0rrr Rookie mistake, much appreciated
@rix0rrr Thank you for clarifying that. Originally, I've used imported vpc (via importFromContext
) and passed it down to cluster. I was surprised that cluster/VSCode didn't yell at me (see screenshot attached).
But anyway, after your last reply to @allankp I've changed things around
//Import existing Security Group
const sg = ec2.SecurityGroup.import(this, "SecurityGroup", {
securityGroupId: props.securityGroupId
});
const cluster = ecs.Cluster.import(this, "Cluster", {
clusterName: props.clusterName,
securityGroups: [ sg ],
vpc: {
vpcId: props.vpcId,
availabilityZones: ['us-west-2'],
privateSubnetIds: subnets
}
});
... and my CFN looks like this
...
ServiceD69D759B:
Type: AWS::ECS::Service
Properties:
TaskDefinition:
Ref: TaskDefinitionB36D86D9
Cluster: DlvAPPEcsClustersStack-AppF1B96344-5WK03WOT8LSV
DeploymentConfiguration:
MaximumPercent: 200
MinimumHealthyPercent: 50
DesiredCount: 1
LaunchType: FARGATE
LoadBalancers: []
NetworkConfiguration:
AwsvpcConfiguration:
AssignPublicIp: DISABLED
SecurityGroups:
- sg-xxxxxxx
Subnets:
- subnet-xxxxxxx
- subnet-xxxxxxx
- subnet-xxxxxxx
...
TY!
@rix0rrr Although, is this statement still correct?
You can import an existing VPC network (see ec2.VpcNetwork.importFromContext).
The Fargate Service will use the private subnets from the imported VPC network. Should you need the public subnets, you pass the
vpcPlacement
property.
Because if I do it that way:
//Import existing VPC
const vpc = ec2.VpcNetwork.importFromContext(this, "VPC", {
vpcId: props.vpcId
});
//Import existing Security Group
const sg = ec2.SecurityGroup.import(this, "SecurityGroup", {
securityGroupId: props.securityGroupId
});
const cluster = ecs.Cluster.import(this, "Cluster", {
clusterName: props.clusterName,
securityGroups: [ sg ],
vpc: vpc
});
My CFN is still missing subnets
ServiceD69D759B:
Type: AWS::ECS::Service
Properties:
TaskDefinition:
Ref: TaskDefinitionB36D86D9
Cluster: DlvAPPEcsClustersStack-AppF1B96344-5WK03WOT8LSV
DeploymentConfiguration:
MaximumPercent: 200
MinimumHealthyPercent: 50
DesiredCount: 1
LaunchType: FARGATE
LoadBalancers: []
NetworkConfiguration:
AwsvpcConfiguration:
AssignPublicIp: DISABLED
SecurityGroups:
- sg-xxxxxxxx
Subnets: []
Just wanted to make sure the info is correct for the folks who stumble upon this issue.
Do you need to define a vpcplacement group on the fargateservice with the subnet type:
vpcPlacement: {subnetsToUse: SubnetType.Private}
FYI that does not work for me, subnets are still empty on the fargateservice subnets.
@allankp Same here. The only way I was able to populate subnets was using this in cluster construct.
vpc: {
vpcId: 'vpc-xxxxx',
availabilityZones: ['eu-west-1a', 'eu-west-1b'],
privateSubnetIds: ['subnet-xxxxx', 'subnet-xxxx'],
}
It would be nice if we can pass existing subnets to a FargateServiceProps. Our SecOps prevents us from creating subnets ad-hoc, thus we cannot use
ecs.FargateService
construct. Thanks!