0

Okay, I've followed the docs on How to create Task Definition using AWS console. I also created a cluster before creating Task Definition. Task (i.e. the container) is running using provided image URI which is on ECR. I can see logs nicely on CloudWatch as well as in ECS itself.

When I go to:

Amazon Elastic Container Service -> Clusters -> AwsTutorialECSCluster -> Tasks -> myTaskId -> Configuration

I can see public IP. The application in question is simple Spring Boot app with default settings.

@SpringBootApplication
@RestController
@RequestMapping("aws")
public class AwsTutorialApplication {

    public static void main(String[] args) {
        SpringApplication.run(AwsTutorialApplication.class, args);
    }

    @GetMapping("/hello")
    public String helloAws(){
        return "Hello from AWS!";
    }

}

I cannot get response when I try any of the following:

http://publicIp:8080/aws/hello
http://publicIp:80/aws/hello
http://publicIp/aws/hello

While creating Task definition I also added the Role with managed policy: AwsTutorialECS_FullAccess_Role

I will pass json Task definition:

    {
"taskDefinitionArn": "arn:aws:ecs:eu-central-1:myAccount:task-definition/NewTaskDefinition:1",
        "containerDefinitions": [
            {
                "name": "spring-boot-container",
                "image": "myAcc.dkr.ecr.eu-central-1.amazonaws.com/aws-tutorial:latest",
                "cpu": 0,
                "memory": 3072,
                "portMappings": [
                    {
                        "name": "spring-boot-container-8080-tcp",
                        "containerPort": 8080,
                        "hostPort": 8080,
                        "protocol": "tcp",
                        "appProtocol": "http"
                    }
                ],
                "essential": true,
                "environment": [],
                "environmentFiles": [],
                "mountPoints": [],
                "volumesFrom": [],
                "logConfiguration": {
                    "logDriver": "awslogs",
                    "options": {
                        "awslogs-create-group": "true",
                        "awslogs-group": "/ecs/NewTaskDefinition",
                        "awslogs-region": "eu-central-1",
                        "awslogs-stream-prefix": "ecs"
                    }
                }
            }
        ],
        "family": "NewTaskDefinition",
        "taskRoleArn": "arn:aws:iam::myAccount:role/AwsTutorialECS_FullAccess_Role",
        "executionRoleArn": "arn:aws:iam::myAccount:role/ecsTaskExecutionRole",
        "networkMode": "awsvpc",
        "revision": 1,
        "volumes": [],
        "status": "ACTIVE",
        "requiresAttributes": [
            {
                "name": "com.amazonaws.ecs.capability.logging-driver.awslogs"
            },
            {
                "name": "ecs.capability.execution-role-awslogs"
            },
            {
                "name": "com.amazonaws.ecs.capability.ecr-auth"
            },
            {
                "name": "com.amazonaws.ecs.capability.docker-remote-api.1.19"
            },
            {
                "name": "com.amazonaws.ecs.capability.task-iam-role"
            },
            {
                "name": "ecs.capability.execution-role-ecr-pull"
            },
            {
                "name": "com.amazonaws.ecs.capability.docker-remote-api.1.18"
            },
            {
                "name": "ecs.capability.task-eni"
            },
            {
                "name": "com.amazonaws.ecs.capability.docker-remote-api.1.29"
            }
        ],
        "placementConstraints": [],
        "compatibilities": [
            "EC2",
            "FARGATE"
        ],
        "requiresCompatibilities": [
            "FARGATE"
        ],
        "cpu": "1024",
        "memory": "3072",
        "runtimePlatform": {
            "cpuArchitecture": "X86_64",
            "operatingSystemFamily": "LINUX"
        },
        "registeredAt": "2023-03-21T18:20:52.034Z",
        "registeredBy": "arn:aws:iam::accountiD:user/myUserName",
        "tags": []
    }

User has AdministratorAccess IAM role.

Why is this so complicated?!?

Update 1:

Based on the comments for security groups. I delete Task Definition, unregistered and stop Task. Recreated everything again. When I go to Deploy -> Run Task:

enter image description here

Still cannot hit an endpoint. Also, I disabled cors with @CrossOrigin and:

@Configuration
public class Config implements WebMvcConfigurer {

    @Override
    public void addCorsMappings(CorsRegistry registry) {
        registry.addMapping("/**").allowedMethods("*");
    }
}
Wrapper
  • 794
  • 10
  • 25
  • 1
    Assuming the Spring Boot app is actually listening on 8080, your most likely issue is the security group assigned to the service. Do you have port `8080` open in the security group? Also, given your task definition, this URL is the only one that should work: `http://publicIp:8080/aws/hello` – Mark B Mar 21 '23 at 19:00
  • @MarkB I updated the question. I can pass a dockerfile and buildspec.yaml if necessary – Wrapper Mar 21 '23 at 19:44

1 Answers1

2

You have HTTP port 80 open in the security group. You are selecting HTTP because you are using the HTTP protocol, but you aren't using the standard HTTP port (80), you are using port 8080 instead. So selecting HTTP which is just a shortcut for port 80 is not going to work for you. You have to add a TCP rule to your security group with port 8080 to allow the traffic to your service.

Note that there is no reason to recreate everything just to get to that screen again. You can go into the EC2 section of the AWS console, find the security group there, and just add a new inbound rule for port 8080.

Mark B
  • 183,023
  • 24
  • 297
  • 295