Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(aws_ecs_patterns): ApplicationLoadBalancedFargateService fails to update when switched from public to private - Fails due to target group #33253

Open
1 task
hqv-divya opened this issue Jan 31, 2025 · 0 comments
Open
1 task

(aws_ecs_patterns): ApplicationLoadBalancedFargateService fails to update when switched from public to private - Fails due to target group #33253

hqv-divya opened this issue Jan 31, 2025 · 0 comments
Labels
@aws-cdk/aws-ecs-patterns Related to ecs-patterns library bug This issue is a bug. needs-triage This issue or PR still needs to be triaged.

Comments

@hqv-divya
Copy link

Describe the bug

When the ApplicationLoadBalancedFargateService pattern is used to create an ALB along with a target group, it creates a public facing load balancer. Once this is created, if I try to switch it to a private ALB, using the parameter publicLoadBalancer: false, it fails with error:

Resource handler returned message: "The following target groups cannot be associated with more than one load balancer: arn:aws:elasticloadbalancing:eu-west-1:318627068478:targetgroup/EcsCon-Sampl-HV24A4ZHHGG1/829e923a9abe6705 (Service: ElasticLoadBalancingV2, Status Code: 400, Request ID: dbe30509-a4b7-42fa-9087-bcff22fdb55b)" (RequestToken: 544175ba-248a-5a75-3458-50b0f5d80582, HandlerErrorCode: ServiceLimitExceeded)

Regression Issue

  • Select this option if this issue appears to be a regression.

Last Known Working CDK Version

No response

Expected Behavior

The target group should be disassociated from the previous load balancer and then attempted to be attached to the new load balancer or a new target group could be created to attach to the new load balancer.

Here's the CDK diff:

Resources
[~] AWS::ElasticLoadBalancingV2::LoadBalancer SampleNetworkLoadBalancedFargateService/LB SampleNetworkLoadBalancedFargateServiceLB3B04F5EA replace
 ├─ [~] Scheme (requires replacement)
 │   ├─ [-] internet-facing
 │   └─ [+] internal
 └─ [~] Subnets
     └─ @@ -1,4 +1,4 @@
        [ ] [
        [-]   "subnet-08d2e5e9a5526d5cd",
        [-]   "subnet-03639cc2fb087e322"
        [+]   "subnet-0be5b8bc6890cdfd1",
        [+]   "subnet-002110f783fd87957"
        [ ] ]
[~] AWS::ElasticLoadBalancingV2::Listener SampleNetworkLoadBalancedFargateService/LB/PublicListener SampleNetworkLoadBalancedFargateServiceLBPublicListener8ED1C5F0 replace
 └─ [~] LoadBalancerArn (requires replacement)
     └─ [~] .Ref:
         ├─ [-] SampleNetworkLoadBalancedFargateServiceLB3B04F5EA
         └─ [+] SampleNetworkLoadBalancedFargateServiceLB3B04F5EA (replaced)


✨  Number of stacks with differences: 1

Current Behavior

Stack deployment fails because the target group is not attached to the private load balancer since it is already attached to the public load balancer

Reproduction Steps

Create an application load balanced fargate service using the construct as follows:

const fargateService = new ApplicationLoadBalancedFargateService(this, "SampleNetworkLoadBalancedFargateService", {
  vpc,
  taskDefinition: taskDefinition,
  minHealthyPercent: 100
});

// fargateService.service.connections.allowFromAnyIpv4(Port.tcp(80), "Allow inbound HTTP traffic");

fargateService.targetGroup.healthCheck = {
  port: "80",
  protocol: Protocol.HTTP,
  path: "/alive",
  interval: Duration.seconds(20),
}

Simply add the publicLoadBalancer: false to the construct ApplicationLoadBalancedFargateService as follows:

const fargateService = new ApplicationLoadBalancedFargateService(this, "SampleNetworkLoadBalancedFargateService", {
      vpc,
      taskDefinition: taskDefinition,
      minHealthyPercent: 100,
      publicLoadBalancer: false
});

// fargateService.service.connections.allowFromAnyIpv4(Port.tcp(80), "Allow inbound HTTP traffic");

fargateService.targetGroup.healthCheck = {
  port: "80",
  protocol: Protocol.HTTP,
  path: "/alive",
  interval: Duration.seconds(20),
}

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

v2.177.0

Framework Version

No response

Node.js Version

v20.17.0

OS

Windows

Language

TypeScript

Language Version

No response

Other information

No response
@hqv-divya hqv-divya added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Jan 31, 2025
@github-actions github-actions bot added the @aws-cdk/aws-ecs-patterns Related to ecs-patterns library label Jan 31, 2025
@github-actions github-actions bot mentioned this issue Feb 1, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-ecs-patterns Related to ecs-patterns library bug This issue is a bug. needs-triage This issue or PR still needs to be triaged.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@hqv-divya