Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ecs-patterns] ApplicationLoadBalancedFargateService - how to add security group to Network Interface #8953

Closed
sjbthfc2 opened this issue Jul 8, 2020 · 2 comments · Fixed by #10501
Closed

[ecs-patterns] ApplicationLoadBalancedFargateService - how to add security group to Network Interface #8953

sjbthfc2 opened this issue Jul 8, 2020 · 2 comments · Fixed by #10501
Assignees
@uttarasridhar
Labels
@aws-cdk/aws-ecs-patterns Related to ecs-patterns library guidance Question that needs advice or information. in-progress This issue is being actively worked on. needs-triage This issue or PR still needs to be triaged.

Comments

@sjbthfc2
Copy link

sjbthfc2 commented Jul 8, 2020

Hi,

I am trying to create a Fargate ECS cluster with two Tasks. I want each Task to communicate over tcp to non-default ports. I am using the ApplicationLoadBalancedFargateService in C#, but I cannot see where to add a Security Group that allows inbound traffic to these ports. I can add one in the console after the stack has been deployed, but I want to include it in the CDK stack. I can see that the following group is successfully created:

            var secGroup = new SecurityGroup(this, "secgroup", 
             new SecurityGroupProps
            {
                Vpc = vpc,
                SecurityGroupName = "MySecurityGroup",
                Description = "Silo security port access"
            });
            secGroup.AddIngressRule(Peer.Ipv4("0.0.0.0/0"), Port.Tcp(11111), "Silo port access");
            secGroup.AddIngressRule(Peer.Ipv4("0.0.0.0/0"), Port.Tcp(30000), "Gateway port access");

but it does not get added to the ENI of the ECS Service. I have tried adding the group to the Service created as part of using ApplicationLoadBalancedFargateService via the Connections.AddSecurityGroup method.

How can I get the security group to be used for the ENIs created for the tasks?

Many thanks
@sjbthfc2 sjbthfc2 added the needs-triage This issue or PR still needs to be triaged. label Jul 8, 2020
@sjbthfc2 sjbthfc2 changed the title ApplicationLoadBalancedFargateService ApplicationLoadBalancedFargateService - how to add security group to Network Interface Jul 8, 2020
@SomayaB SomayaB changed the title ApplicationLoadBalancedFargateService - how to add security group to Network Interface [ecs-patterns] ApplicationLoadBalancedFargateService - how to add security group to Network Interface Jul 8, 2020
@SomayaB SomayaB added @aws-cdk/aws-ecs-patterns Related to ecs-patterns library guidance Question that needs advice or information. labels Jul 8, 2020
@sjbthfc2
Copy link
Author

Hi, has there been any development with this issue?

Thanks

@sjbthfc2
Copy link
Author

HI, any update on guidance or resolution for this?

Thanks

@clementallen clementallen mentioned this issue Sep 23, 2020
Merged
@SomayaB SomayaB added the in-progress This issue is being actively worked on. label Sep 23, 2020
@mergify mergify bot closed this as completed in #10501 Sep 24, 2020
mergify bot pushed a commit that referenced this issue Sep 24, 2020
@clementallen
feat(ecs-patterns): allow passthrough of security groups to service (#…
e349004 
…10501)

Closes #8953

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@uttarasridhar uttarasridhar

Labels
@aws-cdk/aws-ecs-patterns Related to ecs-patterns library guidance Question that needs advice or information. in-progress This issue is being actively worked on. needs-triage This issue or PR still needs to be triaged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(ecs-patterns): allow passthrough of security groups to service clementallen/aws-cdk
3 participants
@uttarasridhar @sjbthfc2 @SomayaB