amazon-web-servicesamazon-ecsterraform-provider-awsnlb

ECS - target type ip is incompatible with the bridge network mode specified in the task definition


Problem

Getting target type ip,which is incompatible with the bridge network mode error when trying to create an ECS service with an existing NLB whose target group uses IP as the target type.

The error is from Terraform as using it to create all the AWS resources.

Error: InvalidParameterException: The provided target group arn:aws:elasticloadbalancing:$REGION:$ACCOUNT:targetgroup ... has target type ip,which is incompatible with the bridge network mode specified in the task definition.

The TF_DEBUG output of the Terraform Github issue #11719 seems to be indicating it is the restriction, if Terraform (or its message) is correct.

2020-01-22T20:04:46.819Z [DEBUG] plugin.terraform-provider-aws_v2.45.0_x4: 2020/01/22 20:04:46 [DEBUG] [aws-sdk-go] {"__type":"InvalidParameterException","message":"The provided target group arn:aws:elasticloadbalancing:us-east-1:xxx:targetgroup/llprd20200122052638603300000006/a0a2d775807f6620 has target type ip, which is incompatible with the bridge network mode specified in the task definition."}

Question

Please advise if this can be a limitation of AWS. As far as I looked into the AWS documentation so far, there is no information that IP target type cannot be used for bridge network mode. However, would like to make 100% sure.

Terraform

resource "aws_lb_target_group" "this" {
  count = length(var.listeners)
  name_prefix           = "${substr("${var.name}", 0, 6)}"
  vpc_id                = "${var.vpc_id}"
  target_type           = "ip"
  port                  = 8080
  protocol              = "tcp"
  ...
}

I did not specify the network_mode in the aws_ecs_task_definition resource configuration, so default "bridge" is used.

TF_DEBUG

...
2020-03-03T18:54:10.301+1100 [DEBUG] plugin.terraform-provider-aws_v2.50.0_x4: 2020/03/03 18:54:10 [DEBUG] [aws-sdk-go] {"__type":"InvalidParameterException","message":"The provided target group arn:aws:elasticloadbalancing:us-east-2:ACCOUNT:targetgroup/****/4689fc19ff99ca57 has target type ip, which is incompatible with the bridge network mode specified in the task definition."}
2020-03-03T18:54:10.301+1100 [DEBUG] plugin.terraform-provider-aws_v2.50.0_x4: 2020/03/03 18:54:10 [DEBUG] [aws-sdk-go] DEBUG: Validate Response ecs/CreateService failed, attempt 0/25, error InvalidParameterException: The provided target group arn:aws:elasticloadbalancing:us-east-2:ACCOUNT:targetgroup/****/4689fc19ff99ca57 has target type ip, which is incompatible with the bridge network mode specified in the task definition.
...

Environment


Solution

  • As stated in the AWS service discovery guidelines, you cannot reference ECS containers with bridge network mode using an ip. In fact, you can only specify SRV DNS records for this kind of services.

    Options here are either changing the task definition network mode to awsvpc or changing the target_type to instance.

    Personally I have had only experiences with awsvpc network mode.