ecs-patterns/ApplicationLoadBalancedFargateService fails to deploy in VPC with multiple subnets in same AZ

fshields commented 4 years ago

The ApplicationLoadBalancedFargateService construct (and possibly other related constructs) fails to deploy when there exist multiple public subnets in the same AZ. It appears that the construct selects all public subnets from the provided VPC by default.

Reproduction Steps

I was following the "ECS Example" described at https://docs.aws.amazon.com/cdk/latest/guide/ecs_example.html but utilizing an existing VPC (with 7 pre-existing public subnets) instead of creating a new VPC like the example prescribes.

Error Log

  7/16 | 10:00:14 AM | CREATE_FAILED        | AWS::ElasticLoadBalancingV2::LoadBalancer | DevStack/MyFargateService/LB (MyFargateServiceLBDE830E97) A load balancer cannot be attached to multiple subnets in the same Availability Zone (Service: AmazonElasticLoadBalancingV2; Status Code: 400; Error Code: InvalidConfigurationRequest; Request ID: 4915531e-c85f-40f6-93ff-0a899d948d5e)
        new BaseLoadBalancer (/mnt/c/git-repos/atlassian-backup/node_modules/@aws-cdk/aws-elasticloadbalancingv2/lib/shared/base-load-balancer.ts:138:22)
        \_ new ApplicationLoadBalancer (/mnt/c/git-repos/atlassian-backup/node_modules/@aws-cdk/aws-elasticloadbalancingv2/lib/alb/application-load-balancer.ts:64:5)
        \_ new ApplicationLoadBalancedServiceBase (/mnt/c/git-repos/atlassian-backup/node_modules/@aws-cdk/aws-ecs-patterns/lib/base/application-load-balanced-service-base.ts:300:81)
        \_ new ApplicationLoadBalancedFargateService (/mnt/c/git-repos/atlassian-backup/node_modules/@aws-cdk/aws-ecs-patterns/lib/fargate/application-load-balanced-fargate-service.ts:92:5)
        \_ new AtlassianBackupStack (/mnt/c/git-repos/atlassian-backup/lib/atlassian-backup-stack.ts:24:5)
        \_ Object.<anonymous> (/mnt/c/git-repos/atlassian-backup/bin/atlassian-backup.ts:14:15)
        \_ Module._compile (internal/modules/cjs/loader.js:778:30)
        \_ Module.m._compile (/mnt/c/git-repos/atlassian-backup/node_modules/ts-node/src/index.ts:814:23)
        \_ Module._extensions..js (internal/modules/cjs/loader.js:789:10)
        \_ Object.require.extensions.(anonymous function) [as .ts] (/mnt/c/git-repos/atlassian-backup/node_modules/ts-node/src/index.ts:817:12)
        \_ Module.load (internal/modules/cjs/loader.js:653:32)
        \_ tryModuleLoad (internal/modules/cjs/loader.js:593:12)
        \_ Function.Module._load (internal/modules/cjs/loader.js:585:3)
        \_ Function.Module.runMain (internal/modules/cjs/loader.js:831:12)
        \_ main (/mnt/c/git-repos/atlassian-backup/node_modules/ts-node/src/bin.ts:226:14)
        \_ Object.<anonymous> (/mnt/c/git-repos/atlassian-backup/node_modules/ts-node/src/bin.ts:485:3)
        \_ Module._compile (internal/modules/cjs/loader.js:778:30)
        \_ Object.Module._extensions..js (internal/modules/cjs/loader.js:789:10)
        \_ Module.load (internal/modules/cjs/loader.js:653:32)
        \_ tryModuleLoad (internal/modules/cjs/loader.js:593:12)
        \_ Function.Module._load (internal/modules/cjs/loader.js:585:3)
        \_ Function.Module.runMain (internal/modules/cjs/loader.js:831:12)
        \_ findNodeScript.then.existing (/home/fshields/.nvm/versions/node/v10.18.1/lib/node_modules/npm/node_modules/libnpx/index.js:268:14)

Environment

CDK Version : 1.21.1 (build 842cc5f)
Framework Version:
OS : Debian GNU/Linux 9 (stretch)
Language : TypeScript 3.7.5

Other

This is :bug: Bug Report

fshields commented 4 years ago

While continuing to troubleshoot this, I discovered that it may be related to #3126

jdavisp3 commented 4 years ago

Hitting the same issue here, and the one_per_az argument to SubnetSelection doesn't seem to work either.

xcrezd commented 3 years ago

Workaround



    const albFargetService = new ecsPatterns.ApplicationLoadBalancedFargateService(this, 'Service', {
     ...
    });

    const cfnLoadBalancer = albFargetService.loadBalancer.node.defaultChild as CfnLoadBalancer
    cfnLoadBalancer.subnets = vpc.selectSubnets({ onePerAz: true, subnetType: SubnetType.PUBLIC}).subnetIds

MisterGlass commented 3 years ago

Are there any updates on this? Just ran into this in python, and I can't seem to override the subnets after creation like in the posted TypeScript workaround

nkolatsis commented 2 years ago

The following python work-around uses two approaches. The approach above and a subnet_ids approach. Use it depending on what you have available.

subnet_ids = ['subnet-1234', 'subnet-5678']
alb_fargate_service = ecs_patterns.ApplicationLoadBalancedFargateService(self, .....)

cfn_lb = alb_fargate_service.load_balancer.node.default_child
if not subnet_ids:
    cfn_lb.subnets = vpc.select_subnets(subnet_group_name=subnet_group_name, availability_zones=availability_zones, one_per_az=True).subnet_ids
else:
    cfn_lb.subnets = subnet_ids

Anonyfox commented 2 years ago

with CDK (lib/cli) 2.22 the issue can't be solved with

cfnLoadBalancer.subnets = vpc.selectSubnets({ onePerAz: true, subnetType: ec2.SubnetType.PUBLIC }).subnetIds

because onePerAz does not what it says, leading to CreateService error: subnets can have at most 16 items.

the fix from @nkolatsis also doesn't fix it for me :(

drobbins-ancile commented 8 months ago

Any plans to fix this? It's been open for 3 years.

aws / aws-cdk