Reputation: 678
AWS ECS Fargate Task is not working properly from Cloudformation Stack
I have a working "model" of my ECS Fargate launch type task that I created using the AWS Console. I need, however, to create a Cloudformation YAML file and deploy it.
The problem I'm having is that when I deploy the stack, the cluster and service are created, the task is also created and is showing as "RUNNING" in the console. It's just a simple NGINX container with my own content in it. But the deployed version is never responding on its public IP. If I STOP it and then start another task in the console, it works fine. I'm at a loss as to why the deployed version doesn't work and the manually started one does.
Nothing is showing in the Cloudwatch logs, nothing in Cloudtrail. Any suggestions are appreciated. Here is my Cloudformation YAML file:
AWSTemplateFormatVersion: 2010-09-09
Description: ECS NGINX FARGATE
Resources:
ECSCluster:
Type: 'AWS::ECS::Cluster'
Properties:
ClusterName: 'jwh20-ecs-cluster'
NginxService:
Type: 'AWS::ECS::Service'
Properties:
Cluster: !Ref ECSCluster
LaunchType: FARGATE
TaskDefinition: !Ref NginxTask
DesiredCount: 1
NetworkConfiguration:
AwsvpcConfiguration:
AssignPublicIp: ENABLED
Subnets:
- 'subnet-XXXXXXXXXXXX'
NginxTask:
Type: 'AWS::ECS::TaskDefinition'
Properties:
Cpu: 512
Memory: 1024
Family: jwh-nginx
ContainerDefinitions:
- Name: jwh20-container
Image: 'XXXXXXXXXXXX.dkr.ecr.us-east-1.amazonaws.com/jwh20'
Name: jwh20-nginx-cont
PortMappings:
-
ContainerPort: 80
HostPort: 80
Protocol: 'tcp'
LogConfiguration:
LogDriver: awslogs
Options:
awslogs-group: '/ecs/jwh-nginx-cf'
awslogs-region: !Ref AWS::Region
awslogs-stream-prefix: 'ecs'
ExecutionRoleArn: 'arn:aws:iam::XXXXXXXXXXXX:role/ecsTaskExecutionRole'
TaskRoleArn: 'arn:aws:iam::XXXXXXXXXXXX:role/ecsTaskExecutionRole'
NetworkMode: awsvpc
RequiresCompatibilities:
- 'FARGATE'
Upvotes: 0
Views: 933
Answers (1)
Reputation: 256
If you can see the Task come to RUNNING State, that means the image from ECR was pulled successfully, meaning successful outbound connections. However if you are not able to get any response back from the task by hitting on the PUBLIC_IP:80, that usually suggests Security Group or NACL related issue. I'm assuming you are getting request time out. If not do share the output of the below:
curl -v http://
<PUBLIC_IP_OF_THE_TASK>
On observing the template,
There is no security group specified in the NetworkConfiguration
NetworkConfiguration:
AwsvpcConfiguration:
AssignPublicIp: ENABLED
Subnets:
- 'subnet-XXXXXXXXXXXX'
AWS::ECS::Service AwsVpcConfiguration - If you do not specify a security group, the default security group for the VPC is used.
The default security group may not have the port 80 open. You can have a look at that.
Secondly, this one maybe a typo, I see the Name property being specified twice,
ContainerDefinitions:
- Name: jwh20-container
Image: 'XXXXXXXXXXXX.dkr.ecr.us-east-1.amazonaws.com/jwh20'
Name: jwh20-nginx-cont
PortMappings:
Upvotes: 1
Related Questions
- AWS Fargate task error - ResourceInitializationError: failed to download env files: failed to write to temporary file: AccessDenied
- ECS Fargate Scheduled Task not running
- ECS Fargate task not applying role
- AWS ECS Fargate not creating task AmazonECSTaskExecutionRole error
- Error in Fargate configuration file: FargateECSTaskDefinition
- AWS Lambda invoking Fargate task
- ECS Fargate Scheduled task cannot connect to ECR
- AWS ECS Fargate - Task Not Running
- How to integrate/link fargate cluster service with task defintion using cloudformation template
- Attach taskRoleArn to AWS Fargate does not work