search

hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.
https://registry.terraform.io/providers/hashicorp/aws
Mozilla Public License 2.0
9.78k stars 9.13k forks source link

(ECS/NLB) target type ip is incompatible with the bridge network mode specified in the task definition #12252

Open ghost opened 4 years ago

ghost commented 4 years ago

This issue was originally opened by @oonisim as hashicorp/terraform#24266. It was migrated here as a result of the provider split. The original body of the issue is below.

Terraform Version

Using Terraform v0.12.20 running on Ubuntu "18.04.4 LTS (Bionic Beaver)"

Terraform Configuration Files

resource "aws_lb_target_group" "this" {
  count = 1
  name_prefix           = "test"
  vpc_id                = "${var.vpc_id}"
  target_type           = "ip"
  port                  = 8080
  protocol              = "tcp"
  health_check {
    healthy_threshold   = "3"
    unhealthy_threshold = "3"
    interval            = "30"
    port                = "traffic-port"
    protocol            = "tcp"
    enabled             = true
  }
}

resource "aws_ecs_task_definition" "this" {
  family                = "${var.PROJECT}_${var.ENV}_${var.ecs_task_name}"
  container_definitions = templatefile(local.ecs_task_container_definition_template, {
    image         = "${var.container_image_url}"
    cpu_units     = "${var.ecs_task_cpu_units}"
    memory_units  = "${var.ecs_task_memory_units}"
    port_mappings = jsonencode(var.ecs_task_port_mappings)
    aws_region    = data.aws_region.current.name
  })
}

Debug Output

...
2020-03-03T18:54:10.301+1100 [DEBUG] plugin.terraform-provider-aws_v2.50.0_x4: 2020/03/03 18:54:10 [DEBUG] [aws-sdk-go] {"__type":"InvalidParameterException","message":"The provided target group arn:aws:elasticloadbalancing:us-east-2:ACCOUNT:targetgroup/****/4689fc19ff99ca57 has target type ip, which is incompatible with the bridge network mode specified in the task definition."}
2020-03-03T18:54:10.301+1100 [DEBUG] plugin.terraform-provider-aws_v2.50.0_x4: 2020/03/03 18:54:10 [DEBUG] [aws-sdk-go] DEBUG: Validate Response ecs/CreateService failed, attempt 0/25, error InvalidParameterException: The provided target group arn:aws:elasticloadbalancing:us-east-2:ACCOUNT:targetgroup/****/4689fc19ff99ca57 has target type ip, which is incompatible with the bridge network mode specified in the task definition.
...

Expected Behavior

No error, because according to ECS Service - Creating a Network Load Balancer - Configure Routing, we should be able to select both IP and Instance ID.

If there is an AWS documentation which has the information that ELB target type IP is incompatible with the default Docker network mode "bridge", kindly provide the reference.

For Target type, choose whether to register your targets with an instance ID or an IP address
Important If your service's task definition uses the awsvpc network mode (which is required for the Fargate launch type), you must choose ip as the target type, not instance. This is because tasks that use the awsvpc network mode are associated with an elastic network interface, not an Amazon EC2 instance.
You cannot register instances by instance ID if they have the following instance types: C1, CC1, CC2, CG1, CG2, CR1, G1, G2, HI1, HS1, M1, M2, M3, and T1. You can register instances of these types by IP address.

Actual Behavior

Error: InvalidParameterException: The provided target group arn:aws:elasticloadbalancing:$REGION:$ACCOUNT:targetgroup ... has target type ip,which is incompatible with the bridge netEwork mode specified in the task definition.

Steps to Reproduce

  1. Create VPC and a NLB in a public subnet.
  2. Run terraform init and apply.

Additional Context

ECS type is EC2, not Fargate.
All (NLB, service, task, docker container) works if target_type = "instance" is specified.

References

justinretzolk commented 2 years ago

Hey @oonisim 👋 Thank you for taking the time to file this issue. Given that there's been a number of AWS Provider releases since you initially filed it, can you confirm whether you're still experiencing this behavior?

sibendu commented 2 years ago

Wow finally I seem to have some luck :) @justinretzolk I have the same issue. I was facing issue that my application was not working after deployment as a ECS service (ELB unable to access, gives 504 Gateway Error). After lot of struggle over last 2 days, finally realized it is due to "awsvpc" mode. If I manually create service using ECS task definition having "host" networking , it works. But Terraform tells there is a conflict -

error creating svc-zip-dev service: error waiting for ECS service (svc-zip-dev) creation: InvalidParameterException: The provided target group arn:aws:elasticloadbalancing:eu-east-1:729524366783:targetgroup/tg-mytask-dev/1b7859bb0235e281 has target type ip, which is incompatible with the bridge network mode specified in the task definition.

github-actions[bot] commented 5 days ago

Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.

If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!