From 64d85533a184e93e4820db5cb9d8927891e5547b Mon Sep 17 00:00:00 2001 From: Penghao He Date: Wed, 27 Nov 2019 10:40:27 -0800 Subject: [PATCH] fix: Allow ingress traffic from public internet for NLB Ec2/Fargate Service (#155) * Allow ingress traffic from public internet * Fix load balancer service examples * Fix README --- README.md | 4 ++-- .../cdk.json | 0 .../index.ts | 10 ++++++++-- .../package.json | 4 ++-- .../tsconfig.json | 0 .../cdk.json | 0 .../index.ts | 5 +---- .../package.json | 4 ++-- .../tsconfig.json | 0 9 files changed, 15 insertions(+), 12 deletions(-) rename typescript/ecs/{ecs-load-balanced-service => ecs-network-load-balanced-service}/cdk.json (100%) rename typescript/ecs/{ecs-load-balanced-service => ecs-network-load-balanced-service}/index.ts (80%) rename typescript/ecs/{ecs-load-balanced-service => ecs-network-load-balanced-service}/package.json (81%) rename typescript/ecs/{ecs-load-balanced-service => ecs-network-load-balanced-service}/tsconfig.json (100%) rename typescript/ecs/{fargate-load-balanced-service => fargate-application-load-balanced-service}/cdk.json (100%) rename typescript/ecs/{fargate-load-balanced-service => fargate-application-load-balanced-service}/index.ts (75%) rename typescript/ecs/{fargate-load-balanced-service => fargate-application-load-balanced-service}/package.json (79%) rename typescript/ecs/{fargate-load-balanced-service => fargate-application-load-balanced-service}/tsconfig.json (100%) diff --git a/README.md b/README.md index 65ae22b3d..71969629a 100644 --- a/README.md +++ b/README.md @@ -34,11 +34,11 @@ $ cdk destroy | [custom-resource](https://github.com/aws-samples/aws-cdk-examples/tree/master/typescript/custom-resource/) | Shows adding a Custom Resource to your CDK app | | [elasticbeanstalk](https://github.com/aws-samples/aws-cdk-examples/tree/master/typescript/elasticbeanstalk/) | Elastic Beanstalk example using L1 with a Blue/Green pipeline (community contributed) | | [ecs-cluster](https://github.com/aws-samples/aws-cdk-examples/tree/master/typescript/ecs/cluster/) | Provision an ECS Cluster with custom Autoscaling Group configuration | -| [ecs-load-balanced-service](https://github.com/aws-samples/aws-cdk-examples/tree/master/typescript/ecs/ecs-load-balanced-service/) | Starting a container fronted by a load balancer on ECS | +| [ecs-network-load-balanced-service](https://github.com/aws-samples/aws-cdk-examples/tree/master/typescript/ecs/ecs-load-balanced-service/) | Starting a container fronted by a network load balancer on ECS | | [ecs-service-with-task-placement](https://github.com/aws-samples/aws-cdk-examples/tree/master/typescript/ecs/ecs-service-with-task-placement/) | Starting a container ECS with task placement specifications | | [ecs-service-with-advanced-alb-config](https://github.com/aws-samples/aws-cdk-examples/tree/master/typescript/ecs/ecs-service-with-advanced-alb-config/) | Starting a container fronted by a load balancer on ECS with added load balancer configuration | | [ecs-service-with-task-networking](https://github.com/aws-samples/aws-cdk-examples/tree/master/typescript/ecs/ecs-service-with-task-networking/) | Starting an ECS service with task networking, allowing ingress traffic to the task but blocking for the instance | -| [fargate-load-balanced-service](https://github.com/aws-samples/aws-cdk-examples/tree/master/typescript/ecs/fargate-load-balanced-service/) | Starting a container fronted by a load balancer on Fargate | +| [fargate-application-load-balanced-service](https://github.com/aws-samples/aws-cdk-examples/tree/master/typescript/ecs/fargate-load-balanced-service/) | Starting a container fronted by an application load balancer on Fargate | | [fargate-service-with-auto-scaling](https://github.com/aws-samples/aws-cdk-examples/tree/master/typescript/ecs/fargate-service-with-auto-scaling/) | Starting an ECS service of FARGATE launch type that auto scales based on average CPU Utilization | | [ecs-cross-stack-load-balancer](https://github.com/aws-samples/aws-cdk-examples/tree/master/typescript/ecs/cross-stack-load-balancer/) | Shows how to use a single load balancer with services in other stacks | | [lambda-cron](https://github.com/aws-samples/aws-cdk-examples/tree/master/typescript/lambda-cron/) | Running a Lambda on a schedule | diff --git a/typescript/ecs/ecs-load-balanced-service/cdk.json b/typescript/ecs/ecs-network-load-balanced-service/cdk.json similarity index 100% rename from typescript/ecs/ecs-load-balanced-service/cdk.json rename to typescript/ecs/ecs-network-load-balanced-service/cdk.json diff --git a/typescript/ecs/ecs-load-balanced-service/index.ts b/typescript/ecs/ecs-network-load-balanced-service/index.ts similarity index 80% rename from typescript/ecs/ecs-load-balanced-service/index.ts rename to typescript/ecs/ecs-network-load-balanced-service/index.ts index 2092efe27..363b8f1e4 100644 --- a/typescript/ecs/ecs-load-balanced-service/index.ts +++ b/typescript/ecs/ecs-network-load-balanced-service/index.ts @@ -3,6 +3,11 @@ import ecs = require('@aws-cdk/aws-ecs'); import ecs_patterns = require('@aws-cdk/aws-ecs-patterns'); import cdk = require('@aws-cdk/core'); +/** + * The port range to open up for dynamic port mapping + */ +const EPHEMERAL_PORT_RANGE = ec2.Port.tcpRange(32768, 65535); + class BonjourECS extends cdk.Stack { constructor(scope: cdk.App, id: string, props?: cdk.StackProps) { super(scope, id, props); @@ -26,8 +31,9 @@ class BonjourECS extends cdk.Stack { } }); - // Output the DNS where you can access your service - new cdk.CfnOutput(this, 'LoadBalancerDNS', { value: ecsService.loadBalancer.loadBalancerDnsName }); + // Need target security group to allow all inbound traffic for + // ephemeral port range (when host port is 0). + ecsService.service.connections.allowFromAnyIpv4(EPHEMERAL_PORT_RANGE); } } diff --git a/typescript/ecs/ecs-load-balanced-service/package.json b/typescript/ecs/ecs-network-load-balanced-service/package.json similarity index 81% rename from typescript/ecs/ecs-load-balanced-service/package.json rename to typescript/ecs/ecs-network-load-balanced-service/package.json index 739d9bd1f..07f13bb25 100644 --- a/typescript/ecs/ecs-load-balanced-service/package.json +++ b/typescript/ecs/ecs-network-load-balanced-service/package.json @@ -1,7 +1,7 @@ { - "name": "ecs-load-balanced-service", + "name": "ecs-network-load-balanced-service", "version": "1.0.0", - "description": "Running a load balanced service on ECS", + "description": "Running a network load balanced service on ECS", "private": true, "scripts": { "build": "tsc", diff --git a/typescript/ecs/ecs-load-balanced-service/tsconfig.json b/typescript/ecs/ecs-network-load-balanced-service/tsconfig.json similarity index 100% rename from typescript/ecs/ecs-load-balanced-service/tsconfig.json rename to typescript/ecs/ecs-network-load-balanced-service/tsconfig.json diff --git a/typescript/ecs/fargate-load-balanced-service/cdk.json b/typescript/ecs/fargate-application-load-balanced-service/cdk.json similarity index 100% rename from typescript/ecs/fargate-load-balanced-service/cdk.json rename to typescript/ecs/fargate-application-load-balanced-service/cdk.json diff --git a/typescript/ecs/fargate-load-balanced-service/index.ts b/typescript/ecs/fargate-application-load-balanced-service/index.ts similarity index 75% rename from typescript/ecs/fargate-load-balanced-service/index.ts rename to typescript/ecs/fargate-application-load-balanced-service/index.ts index 488a5089f..cf70cdd9d 100644 --- a/typescript/ecs/fargate-load-balanced-service/index.ts +++ b/typescript/ecs/fargate-application-load-balanced-service/index.ts @@ -13,15 +13,12 @@ class BonjourFargate extends cdk.Stack { const cluster = new ecs.Cluster(this, 'Cluster', { vpc }); // Instantiate Fargate Service with just cluster and image - const fargateService = new ecs_patterns.NetworkLoadBalancedFargateService(this, "FargateService", { + new ecs_patterns.ApplicationLoadBalancedFargateService(this, "FargateService", { cluster, taskImageOptions: { image: ecs.ContainerImage.fromRegistry("amazon/amazon-ecs-sample"), }, }); - - // Output the DNS where you can access your service - new cdk.CfnOutput(this, 'LoadBalancerDNS', { value: fargateService.loadBalancer.loadBalancerDnsName }); } } diff --git a/typescript/ecs/fargate-load-balanced-service/package.json b/typescript/ecs/fargate-application-load-balanced-service/package.json similarity index 79% rename from typescript/ecs/fargate-load-balanced-service/package.json rename to typescript/ecs/fargate-application-load-balanced-service/package.json index f6c5d897d..0f7199d43 100644 --- a/typescript/ecs/fargate-load-balanced-service/package.json +++ b/typescript/ecs/fargate-application-load-balanced-service/package.json @@ -1,7 +1,7 @@ { - "name": "fargate-load-balanced-service", + "name": "fargate-application-load-balanced-service", "version": "1.0.0", - "description": "Running a load balanced service on Fargate", + "description": "Running an application load balanced service on Fargate", "private": true, "scripts": { "build": "tsc", diff --git a/typescript/ecs/fargate-load-balanced-service/tsconfig.json b/typescript/ecs/fargate-application-load-balanced-service/tsconfig.json similarity index 100% rename from typescript/ecs/fargate-load-balanced-service/tsconfig.json rename to typescript/ecs/fargate-application-load-balanced-service/tsconfig.json