How to configure target groups ports with listeners and tasks?

Question

Been looking into configuring ECS loadbalancers with listeners and target groups and I am getting confused by the port mappings, my current undrstanding is that:

1. You will have a loadbalancer which has ports 80/443 exposed

2. This then will flow to a listener which is listening on port 80 with its own rules for domain/host routing patterns.

3. If one of these rules is triggered it will flow to an associated target group thats set up against the listener

4. This target group will contain the service previously set up running the containers with the port set to whatever the containers all run on.

Is this understanding correct? What if we had dynamic container ports, what do we put in the Target group port, does ECS resolve this for us?

Answer 1

Is this understanding correct?

Yes, your understanding is correct. The flow is:

Client ----> LB ---> Listener ----> TG -----> ECS Service

what do we put in the Target group port?

You put your container port. For dynamic port mapping it is important that when you define your containers, the host port is not set. Also, the security groups on the tasks should allow all ports from the group of the load balancer (for ALB and CLB, NLB doesn't have security groups). For Fargate or awsvpc you have to use ip target type, not instance.