[ECS] [request]: Support multiple LoadBalancers for ECS TaskSets

[kszarlej]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Tell us about your request

ECS services with default deployment controller or CodeDeploy supports registering to multiple TargetGroups from multiple LoadBalancers - this allows to have a single service that is exposed both internally through internal ALB/NLB and externally through public-facing ALB/NLB. When ECS service deployment controller is EXTERNAL the TaskSet can register only to one LoadBalancer at a time.

TaskSet API CreateTaskSet operation takes an argument LoadBalancers that is a list but if more than one LB is specified there then the API returns an error: An error occurred (InvalidParameterException) when calling the CreateTaskSet operation: CreateTaskSet cannot have more than 1 load balancer

Hence the request is: Allow ECS TaskSet to register to multiple LoadBalancers (at least 2 because this will allow configuring service on both internal and external LBs). Currently, I had to create two services myservice and myservice-internal

Which service(s) is this request for? ECS

Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard? I have a bit special case because I have to follow a pretty strict deployment procedure due to how Keycloak handles the authentication sessions. In my case, I need a Blue/Green deployment with control over the termination process of the old cluster. I cannot remove all boxes at once, I must be removing them one by one waiting for the cluster REBALANCING to finish. Unfortunately, both ECS and CodeDeploy controllers don't give me control over the termination process so I had to go with an EXTERNAL deployment controller. But in EXTERNAL the service cannot register to multiple LBs so I had to work around it.

Are you currently working around this issue? Yes, I had to create two services myservice and myservice-internal.

[scarytom]

The AWS Documentation states under the "Multiple target group considerations" section that "The service must use the rolling update (ECS) deployment controller type."

As this issue states, it would be very useful to use multiple target groups with our service using the EXTERNAL deployment controller.

Our present workaround is to direct internal traffic via the public load balancer, which incurs significant NAT Gateway costs.