fix: Allow ingress traffic from public internet for NLB Ec2/Fargate S…

…ervice (aws-samples#155)

* Allow ingress traffic from public internet

* Fix load balancer service examples

* Fix README

README.md

@@ -34,11 +34,11 @@ $ cdk destroy
 | [custom-resource](https://github.com/aws-samples/aws-cdk-examples/tree/master/typescript/custom-resource/) | Shows adding a Custom Resource to your CDK app |
 | [elasticbeanstalk](https://github.com/aws-samples/aws-cdk-examples/tree/master/typescript/elasticbeanstalk/) | Elastic Beanstalk example using L1 with a Blue/Green pipeline (community contributed) |
 | [ecs-cluster](https://github.com/aws-samples/aws-cdk-examples/tree/master/typescript/ecs/cluster/) | Provision an ECS Cluster with custom Autoscaling Group configuration |
-| [ecs-load-balanced-service](https://github.com/aws-samples/aws-cdk-examples/tree/master/typescript/ecs/ecs-load-balanced-service/) | Starting a container fronted by a load balancer on ECS |
+| [ecs-network-load-balanced-service](https://github.com/aws-samples/aws-cdk-examples/tree/master/typescript/ecs/ecs-load-balanced-service/) | Starting a container fronted by a network load balancer on ECS |
 | [ecs-service-with-task-placement](https://github.com/aws-samples/aws-cdk-examples/tree/master/typescript/ecs/ecs-service-with-task-placement/) | Starting a container ECS with task placement specifications |
 | [ecs-service-with-advanced-alb-config](https://github.com/aws-samples/aws-cdk-examples/tree/master/typescript/ecs/ecs-service-with-advanced-alb-config/) | Starting a container fronted by a load balancer on ECS with added load balancer configuration |
 | [ecs-service-with-task-networking](https://github.com/aws-samples/aws-cdk-examples/tree/master/typescript/ecs/ecs-service-with-task-networking/) | Starting an ECS service with task networking, allowing ingress traffic to the task but blocking for the instance |
-| [fargate-load-balanced-service](https://github.com/aws-samples/aws-cdk-examples/tree/master/typescript/ecs/fargate-load-balanced-service/) | Starting a container fronted by a load balancer on Fargate |
+| [fargate-application-load-balanced-service](https://github.com/aws-samples/aws-cdk-examples/tree/master/typescript/ecs/fargate-load-balanced-service/) | Starting a container fronted by an application load balancer on Fargate |
 | [fargate-service-with-auto-scaling](https://github.com/aws-samples/aws-cdk-examples/tree/master/typescript/ecs/fargate-service-with-auto-scaling/) | Starting an ECS service of FARGATE launch type that auto scales based on average CPU Utilization |
 | [ecs-cross-stack-load-balancer](https://github.com/aws-samples/aws-cdk-examples/tree/master/typescript/ecs/cross-stack-load-balancer/) | Shows how to use a single load balancer with services in other stacks |
 | [lambda-cron](https://github.com/aws-samples/aws-cdk-examples/tree/master/typescript/lambda-cron/) | Running a Lambda on a schedule |

typescript/ecs/ecs-load-balanced-service/index.ts → typescript/ecs/ecs-network-load-balanced-service/index.ts

@@ -3,6 +3,11 @@ import ecs = require('@aws-cdk/aws-ecs');
 import ecs_patterns = require('@aws-cdk/aws-ecs-patterns');
 import cdk = require('@aws-cdk/core');
 
+/**
+ * The port range to open up for dynamic port mapping
+ */
+const EPHEMERAL_PORT_RANGE = ec2.Port.tcpRange(32768, 65535);
+
 class BonjourECS extends cdk.Stack {
   constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {
     super(scope, id, props);
@@ -26,8 +31,9 @@ class BonjourECS extends cdk.Stack {
       }
     });
 
-    // Output the DNS where you can access your service
-    new cdk.CfnOutput(this, 'LoadBalancerDNS', { value: ecsService.loadBalancer.loadBalancerDnsName });
+    // Need target security group to allow all inbound traffic for
+    // ephemeral port range (when host port is 0).
+    ecsService.service.connections.allowFromAnyIpv4(EPHEMERAL_PORT_RANGE);
   }
 }
 

typescript/ecs/ecs-load-balanced-service/package.json → typescript/ecs/ecs-network-load-balanced-service/package.json

@@ -1,7 +1,7 @@
 {
-  "name": "ecs-load-balanced-service",
+  "name": "ecs-network-load-balanced-service",
   "version": "1.0.0",
-  "description": "Running a load balanced service on ECS",
+  "description": "Running a network load balanced service on ECS",
   "private": true,
   "scripts": {
     "build": "tsc",

typescript/ecs/fargate-load-balanced-service/index.ts → typescript/ecs/fargate-application-load-balanced-service/index.ts

@@ -13,15 +13,12 @@ class BonjourFargate extends cdk.Stack {
     const cluster = new ecs.Cluster(this, 'Cluster', { vpc });
 
     // Instantiate Fargate Service with just cluster and image
-    const fargateService = new ecs_patterns.NetworkLoadBalancedFargateService(this, "FargateService", {
+    new ecs_patterns.ApplicationLoadBalancedFargateService(this, "FargateService", {
       cluster,
       taskImageOptions: {
         image: ecs.ContainerImage.fromRegistry("amazon/amazon-ecs-sample"),
       },
     });
-
-    // Output the DNS where you can access your service
-    new cdk.CfnOutput(this, 'LoadBalancerDNS', { value: fargateService.loadBalancer.loadBalancerDnsName });
   }
 }
 

typescript/ecs/fargate-load-balanced-service/package.json → typescript/ecs/fargate-application-load-balanced-service/package.json

@@ -1,7 +1,7 @@
 {
-  "name": "fargate-load-balanced-service",
+  "name": "fargate-application-load-balanced-service",
   "version": "1.0.0",
-  "description": "Running a load balanced service on Fargate",
+  "description": "Running an application load balanced service on Fargate",
   "private": true,
   "scripts": {
     "build": "tsc",