-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[ECS] Why "securityGroups" fromClusterAttributes mandatory ? #11146
Comments
For a workaround, I've provided the Fargate SGR create on the other Stack "B" :
Even if the SGR is, not the one Maybe you can clarify the situation ? ^^ |
So, this is required because of the way the This causes a couple of weird issues, including this one. I don't see an issue changing this to be an optional property, we just need to make sure we are checking for the presence of an SG on imported clusters wherever they are needed and throwing a nice error if it's not present. |
I'm experiencing the same. It's a very stupid error. If you don't need security groups with |
We are having the same issue in a different context. In cloudformation, creating a fargate serivice only requires |
Still a problem in 1.110. So is the work around to just add a "fake" security group since it doesn't matter at all? |
Seems to work in my tests, just to confirm. EDIT: But an empty array, as mentioned in the next comment, is better. |
the securityGroups property can contain an empty array const vpcId = StringParameter.valueFromLookup(this, `/${stage}/VpcId`);
const cluster = ecs.Cluster.fromClusterAttributes(this, 'ImportedCluster', {
clusterName: cdk.Fn.importValue(`${stage}-ClusterName`),
vpc: ec2.Vpc.fromLookup(this, 'VPC', { vpcId}),
securityGroups: [],
}) |
This fixed my lookup issue. Thanks so much! |
This issue has received a significant amount of attention so we are automatically upgrading its priority. A member of the community will see the re-prioritization and provide an update on the issue. |
There is now a We can still change |
Doesn't work. I get this |
The `securityGroups` is passed down to create a new `ec2.Connections`, where this property is already optional. Making it optional in `fromClusterAttributes` as well. Closes #11146 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
|
When using ECS with EC2 instances (hosts), no pb; but when using Fargate, we don't have any Security Group associated with the container instances registered to the cluster, so why it's needed at the import ?
Reproduction Steps
For example, you create a Cluster in a Stack A :
And you want to create an ECS EC2Service in another Stack B :
No pb at this time because on the first Stack, you have provided SGR & ASG resources for Hosts Instances.
What did you expect to happen?
But now, I want to create ECS Fargate resources on the other Stack, and the SGR is created on this one because associated with Fargate Service.
But in that case, I can't import the dedicated Cluster like that :
So,, why it's mandatory ?
Do I have to attach a fake SGR ?
Environment
This is 🐛 Bug Report
The text was updated successfully, but these errors were encountered: