0

I am trying to get Grafana stood up in a ECS Fargate stack. The stack is comprise of the following:

  1. An Application Load Balancer with an ACM cert applied listening on port 443
  2. The ALB's target group is forwarding traffic port 3000 on my Grafana container. SSL is terminated at the ALB so the traffic coming into the container is non-SSL.
  3. I have an A record created in Route53 that points to the ALB.
  4. The container is using ephemeral storage that Fargate provides to the container.

What's wrong?

  1. When I try to access Grafana from my A-record I get to the home page fine.
  2. But when I'm prompted to enter the user name and password it fails with an unauthorized exception. On my very first attempt, when asked to change the password. I get a "password was changed successfully" followed by an "unauthorized" message at the same time.

However, if try to go directly to the the container's private IP address everything works fine.

Is this a CORS issue or is there a setting I need to pass into the container to tell is to accept traffic from the ALB as the origin (e.g. whitelisting).

Thanks!

KSS
  • 821
  • 3
  • 10
  • 26
  • Pls provide config of ecs tasks, errors from grafana logs, errors from the browser console/netwotrk console. – Jan Garaj Mar 10 '21 at 07:56
  • Jan, I think I figured out part of it. After looking at the logs for the Grafana container I noticed that the app was having problems with a container. So I thought it might have something to do with session stickiness at the ALB. I turned session stickiness on and now it appears to work. Still doing more testing. I'll confirm it completely working by tearing down and building a new stack and retesting. – KSS Mar 12 '21 at 15:45
  • One more thing, to be clear the stickiness setting is on the Target Group, not the ALB. – KSS Mar 12 '21 at 15:47
  • IMHO you have very basic setup of Grafana ECS task + you keep it secret. I'm running Grafana on ECS Fargate stack without any problem. But you don't expose any details, so you won't have any answer. – Jan Garaj Mar 12 '21 at 16:28
  • Jan, the previous authorization was resolved by was resolved. I didn't want to overload the viewers with detail that they might not need. That's said I was wondering how you are persisting data in your Fargate stacks. Are you using EFS or a database? It looks like that's the remaining piece I have left to do right now. – KSS Mar 12 '21 at 20:25
  • https://stackoverflow.com/help/minimal-reproducible-example – Jan Garaj Mar 12 '21 at 20:44
  • Thanks for the reminder Jan. I'll follow this pattern going forward. – KSS Mar 14 '21 at 17:44

1 Answers1

0

Issue was resolved by turning on session stickiness in the target group property for the ALB.

KSS
  • 821
  • 3
  • 10
  • 26
  • I would say that's only work around, not a solution. I bet you will have (random) problems, when you will be scaling tasks up/down. – Jan Garaj Mar 14 '21 at 19:10