search

aws / aws-cdk

The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code
https://aws.amazon.com/cdk
Apache License 2.0
11.5k stars 3.84k forks source link

NetworkLoadBalancedFargateService: (Passed subnets are not getting picked while creating the LoadBalancer) #29812

Open SomnathDange opened 4 months ago

SomnathDange commented 4 months ago

Describe the bug

var NLBService = new NetworkLoadBalancedFargateService(this, “NLBService”, new NetworkLoadBalancedFargateServiceProps {                 MemoryLimitMiB = 512,                 TaskDefinition = taskDefinition,                 Cluster = cluster,                 CircuitBreaker = new DeploymentCircuitBreaker {                     Enable = true,                     Rollback = true                 },                 ServiceName = “NLBService”,                 PublicLoadBalancer = false,

                TaskSubnets = new SubnetSelection {                     Subnets = new [] { Subnet.FromSubnetId(this, "subnet", "subnet-12345678”9) }                 }             });

This is my code subnet passed via SubnetSelection is getting passed to ECS service, but Loadbalancer picks all the subnets from VPC, and its not taking the subnets from the list which is passed in above code.

Expected Behavior

Expected behaviour is it should pick the passed subnet while creating the NetWork LoadBalancer.

Current Behavior

Passed subnets are not getting picked while creating the LoadBalancer

Reproduction Steps

Above code is producing the issue

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.134.0 (build 265d769)

Framework Version

No response

Node.js Version

v20.12.0

OS

Linux

Language

.NET

Language Version

6

Other information

No response

pahud commented 4 months ago

According to this https://github.com/aws/aws-cdk/blob/a7384c282756890a3e211c064b4e8a2dee3dab2a/packages/aws-cdk-lib/aws-ecs-patterns/lib/base/network-load-balanced-service-base.ts#L352-L357

At this moment, the auto provisioned NLB will by default span multiple subnets based on the rule.

We probably need a PR to add a new option like nlbListenerOnTaskSubnets or something else that passes the subnet selection all the way to here.

Before that, a workaround is to use escape hatches to override the Subnets prop of the NLB.

Making this a p2, please help us prioritize by 👍 and we welcome PRs to move this forward.

SomnathDange commented 4 months ago

Let me add some more details:

The VPC has four private subnets, with two subnets in each availability zones. When attempting to create a NetworkLoadBalancedFargateService, an error occurs, stating "A load balancer cannot be attached to multiple subnets in the same Availability Zone." This is due to the presence of two subnets in one availability zone.

To address this issue, the SubnetSelection was specified for the NetworkLoadBalancedFargateService. By passing two subnets from different availability zones, the service was able to use the desired subnets(verifies in cloud formation template). However, when the Network Load Balancer was internally created by NetworkLoadBalancedFargateService, it selected all four subnets from the VPC.