Cannot get response from deployed AWS Fargate?
Okay, I've followed the docs on How to create Task Definition using AWS console. I also created a cluster before creating Task Definition. Task (i.e. the container) is running using provided image URI which is on ECR. I can see logs nicely on CloudWatch as well as in ECS itself.
When I go to:
Amazon Elastic Container Service -> Clusters -> AwsTutorialECSCluster -> Tasks -> myTaskId -> Configuration
I can see public IP. The application in question is simple Spring Boot app with default settings.
@SpringBootApplication
@RestController
@RequestMapping("aws")
public class AwsTutorialApplication {
public static void main(String[] args) {
SpringApplication.run(AwsTutorialApplication.class, args);
}
@GetMapping("/hello")
public String helloAws(){
return "Hello from AWS!";
}
}
I cannot get response when I try any of the following:
http://publicIp:8080/aws/hello
http://publicIp:80/aws/hello
http://publicIp/aws/hello
While creating Task definition I also added the Role with managed policy: AwsTutorialECS_FullAccess_Role
I will pass json Task definition:
{
"taskDefinitionArn": "arn:aws:ecs:eu-central-1:myAccount:task-definition/NewTaskDefinition:1",
"containerDefinitions": [
{
"name": "spring-boot-container",
"image": "myAcc.dkr.ecr.eu-central-1.amazonaws.com/aws-tutorial:latest",
"cpu": 0,
"memory": 3072,
"portMappings": [
{
"name": "spring-boot-container-8080-tcp",
"containerPort": 8080,
"hostPort": 8080,
"protocol": "tcp",
"appProtocol": "http"
}
],
"essential": true,
"environment": [],
"environmentFiles": [],
"mountPoints": [],
"volumesFrom": [],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-create-group": "true",
"awslogs-group": "/ecs/NewTaskDefinition",
"awslogs-region": "eu-central-1",
"awslogs-stream-prefix": "ecs"
}
}
}
],
"family": "NewTaskDefinition",
"taskRoleArn": "arn:aws:iam::myAccount:role/AwsTutorialECS_FullAccess_Role",
"executionRoleArn": "arn:aws:iam::myAccount:role/ecsTaskExecutionRole",
"networkMode": "awsvpc",
"revision": 1,
"volumes": [],
"status": "ACTIVE",
"requiresAttributes": [
{
"name": "com.amazonaws.ecs.capability.logging-driver.awslogs"
},
{
"name": "ecs.capability.execution-role-awslogs"
},
{
"name": "com.amazonaws.ecs.capability.ecr-auth"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.19"
},
{
"name": "com.amazonaws.ecs.capability.task-iam-role"
},
{
"name": "ecs.capability.execution-role-ecr-pull"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.18"
},
{
"name": "ecs.capability.task-eni"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.29"
}
],
"placementConstraints": [],
"compatibilities": [
"EC2",
"FARGATE"
],
"requiresCompatibilities": [
"FARGATE"
],
"cpu": "1024",
"memory": "3072",
"runtimePlatform": {
"cpuArchitecture": "X86_64",
"operatingSystemFamily": "LINUX"
},
"registeredAt": "2023-03-21T18:20:52.034Z",
"registeredBy": "arn:aws:iam::accountiD:user/myUserName",
"tags": []
}
User has AdministratorAccess IAM role.
Why is this so complicated?!?
Update 1:
Based on the comments for security groups. I delete Task Definition, unregistered and stop Task. Recreated everything again. When I go to Deploy -> Run Task:
Still cannot hit an endpoint. Also, I disabled cors with @CrossOrigin and:
@Configuration
public class Config implements WebMvcConfigurer {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**").allowedMethods("*");
}
}
You have HTTP port 80 open in the security group. You are selecting HTTP because you are using the HTTP protocol, but you aren't using the standard HTTP port (80), you are using port 8080 instead. So selecting HTTP which is just a shortcut for port 80 is not going to work for you. You have to add a TCP rule to your security group with port 8080 to allow the traffic to your service.
Note that there is no reason to recreate everything just to get to that screen again. You can go into the EC2 section of the AWS console, find the security group there, and just add a new inbound rule for port 8080.
- Using forward slash (`/`) in key of a RedisJSON object on Amazon Elasticache
- How to increase aws dynamodb index limit from 5
- Does Amazon Lightsail have remote desktop (GUI) with their Linux offering?
- Why does Runtime.maxMemory() change its value on separate calls?
- Appsync Query Returning Null with Cognito Auth
- AWS CLI S3 A client error (403) occurred when calling the HeadObject operation: Forbidden
- How to extract files from a zip archive in S3
- Copy Aws launch template to another region
- AWS S3 upload fails: RequestTimeTooSkewed
- Simplest way to automate starting of EC2 daily
- How to pass API Gateway authorizer context to a HTTP integration
- How to use AWS CLI to deploy lambda function to specific alias or version?
- Exporting data from dynamo db to a csv file
- Amazaon S3Client can list buckets, but throws an UnknownHostException when trying to do a putObject
- No integration defined for method - Choose a stage where your API will be deployed
- Using SNS to send push notifications - Expo App
- CodePipeline buildspec and multiple build actions
- Why can't an AWS lambda function inside a public subnet in a VPC connect to the internet?
- Lambda@Edge not logging on cloudfront request
- Vue is not picking up env variables from aws ecs task container
- AWS CLI cloudformation validate-template success but getting error during create-stack
- The term 'Events:' is not recognized in cloudformation template in AWS
- AWS Lambda function and S3 - change metadata on an object in S3 only if the object changed
- Cloudformation : Encountered unsupported property DeletionPolicy on S3 Bucket
- Error in CloudFormation Stack: Syntax errors in policy. (Service: AmazonIdentityManagement; Status Code: 400;
- Template format error: Unresolved resource dependencies [subnet-057ba3df40f87da4e] in the Resources block of the template
- Encountered unsupported property Version
- While deploying an efs stack i get the following error
- Invalid request provided: AWS::ElasticLoadBalancingV2::ListenerRule Validation exception
- aws cloudformation - Encountered unsupported property RequestValidatorId