Can't connect to ECS service through ALB
I have an ecs service that runs a fargate container with django server in it, this is the host mapping of the container
{
"name": "django-port",
"containerPort": 443,
"hostPort": 443,
"protocol": "tcp",
"appProtocol": "http2"
}
I auto assigned a public IP to the container, and allowed access in the security group from my IP, and when I connect through the public IP to port 443 I have access through the server.
I also attached an Application Load Balancer to the service, with an HTTPS listener on port 443 that forwards it to the following target group
And I see that the task of the service is registered to the target group but is unhealthy, and according to the monitoring tab it looks like it doesn't reach the service since I see no response data in any of the graphs.
And when I try to reach my server via the domain I registered and attached it's certificate to the ALB listener I get timeout. Any help would be appreciated!
EDIT: The SSL certificate is added to the ALB listener
And the rules in the security group I added to handle the traffic are:
Inbound IPv4 HTTPS TCP 443 0.0.0.0/0
Outbound IPv4 All traffic All All 0.0.0.0/0
You have incorrectly configured your container/task to listen on port 443 (the default HTTPS port) while serving HTTP traffic instead of HTTPS traffic. You have then configured the target group to connect to the container/task on port 443 with the HTTPS protocol.
Now the load balancer/target group is trying to create a secure HTTPS connection to your task/container, but your container doesn't have an SSL certificate installed on it, and doesn't support the HTTPS protocol, so the connection is failing.
You need to configure your container to listen on some other port, like the default HTTP port 80, and configure the target group to connect to the ECS task over that port, with the HTTP protocol.
You also need two security groups, one for the ECS task, and one for the load balancer. The ECS task's security group should accept inbound connections on the port the container is listening on, like port 80, while the load balancer's security group should accept inbound connections on the port the load balancer is listening on 443.
- Using forward slash (`/`) in key of a RedisJSON object on Amazon Elasticache
- How to increase aws dynamodb index limit from 5
- Does Amazon Lightsail have remote desktop (GUI) with their Linux offering?
- Why does Runtime.maxMemory() change its value on separate calls?
- Appsync Query Returning Null with Cognito Auth
- AWS CLI S3 A client error (403) occurred when calling the HeadObject operation: Forbidden
- How to extract files from a zip archive in S3
- Copy Aws launch template to another region
- AWS S3 upload fails: RequestTimeTooSkewed
- Simplest way to automate starting of EC2 daily
- How to pass API Gateway authorizer context to a HTTP integration
- How to use AWS CLI to deploy lambda function to specific alias or version?
- Exporting data from dynamo db to a csv file
- Amazaon S3Client can list buckets, but throws an UnknownHostException when trying to do a putObject
- No integration defined for method - Choose a stage where your API will be deployed
- Using SNS to send push notifications - Expo App
- CodePipeline buildspec and multiple build actions
- Why can't an AWS lambda function inside a public subnet in a VPC connect to the internet?
- Lambda@Edge not logging on cloudfront request
- Vue is not picking up env variables from aws ecs task container
- AWS CLI cloudformation validate-template success but getting error during create-stack
- The term 'Events:' is not recognized in cloudformation template in AWS
- AWS Lambda function and S3 - change metadata on an object in S3 only if the object changed
- Cloudformation : Encountered unsupported property DeletionPolicy on S3 Bucket
- Error in CloudFormation Stack: Syntax errors in policy. (Service: AmazonIdentityManagement; Status Code: 400;
- Template format error: Unresolved resource dependencies [subnet-057ba3df40f87da4e] in the Resources block of the template
- Encountered unsupported property Version
- While deploying an efs stack i get the following error
- Invalid request provided: AWS::ElasticLoadBalancingV2::ListenerRule Validation exception
- aws cloudformation - Encountered unsupported property RequestValidatorId