Containers-roadmap: ECS support for multiple target groups per service

This will address https://github.com/aws/amazon-ecs-agent/issues/1351.

Just making sure that the Fargate label doesn't mean that it's only for Fargate as there are plenty of uses in ECS on EC2 as well

We have the requirement of static IPs in front of our ALB but we don't want to follow the guidance of this AWS blog post because it seems like a hack.

Instead we have:

• Static IP NLB
• Routes traffic to haproxy containers
• TCP forwards to ALB
• ALB does TLS termination, redirects, path based routing, etc

This is still a hack but a slightly more observable hack, though, in order to use the nice ALB redirect (HTTP -> HTTPS 301) feature we have to run two ECS Services because a Service only supports one target group. There are potentially other ways around this problem but this is the one which we have chosen.

This feature would be extremely good.

We need this feature to split internal and external traffic in different Load Balancers but using the same container instance.

The original issue https://github.com/aws/containers-roadmap/issues/104 was opened 1 year ago. Any news?

we thought about using app mesh for internal traffic and load balancers for external, but since we do not have very many services, setting up app mesh seemed like overkill.

however, if you have a lot of services talking to each other, app mesh seems like a good solution

We need this feature to split internal and external traffic in different Load Balancers but using the same container instance.

We are trying to deploy a Node.js service with express routing + websocket listener, as a basic configuration it expose 2 ports.

There's an ETA about this feature release? Just to know if we have to implements a workaround, refactor the application (splitting HTTP and WS) or waiting for this feature.

Thank you

It's in preview (:
https://github.com/aws/containers-roadmap/tree/master/preview-programs/ecs-multipletg-service

Shipped! Learn more here: https://aws.amazon.com/about-aws/whats-new/2019/07/amazon-ecs-services-now-support-multiple-load-balancer-target-groups/

Hi,

Thank you for the update - jusr saw this myself as well :)

Yours,

Iiro Niinikoski

On 30 Jul 2019, at 22.19, akshayram-wolverine <[email protected]notifications@github.com> wrote:

Shipped! Learn more here: https://aws.amazon.com/about-aws/whats-new/2019/07/amazon-ecs-services-now-support-multiple-load-balancer-target-groups/

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHubhttps://github.com/aws/containers-roadmap/issues/12?email_source=notifications&email_token=AGG2SEZFVUZXI6WUKW4VBPDQCCO4FA5CNFSM4GHAKKXKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD3FGBNQ#issuecomment-516579510, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AGG2SE3EKXQHH5U2ARS57RLQCCO4FANCNFSM4GHAKKXA.

can't see anything new on the cloudformation changelog page - what happened to that?

I'm not sure any changes to CloudFormation is needed? I just tried this out, and the support for declaring multiple LoadBalancers are already available in the AWS::ECS::Service resource - see: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-loadbalancers

This enables us to work with multiple loadbalancers / target groups exactly as in the examples from the docs: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/register-multiple-targetgroups.html

Thanks to the ECS team for adding this support - it works great :)

thanks, yeah that was there ages ago but it didn't work when I tried it before. Was expecting something to show up on the cfn changelog

Yeah, exactly. That property has been around for a while, the only difference now being that it is possible to add more elements than one. If I remember correctly, doing that prior to this release, caused the CloudFormation stack to fail during creation with an error similar to: "_load balancers can have at most 1 items_".

But yeah, one could argue that the CFN changelog could contain an entry mentioning that this restriction has now been relaxed.

cfn doesn't work for me

You cannot specify an IAM role for services that require a service linked role. (Service: AmazonECS; Status Code: 400; Error Code: InvalidParameterException;

can do it for one target group but not two

You need to remove the Role section from AWS::ECS::Service and it'll work.

@mbotmcc The multiple target groups requires to use ECS service linked role, it will enhance the service role management for free. See IAM SLR

Remove the Role for the ECS service, it will use service linked role by default. And you can also remove the entire section to create service role for ECS.