Aws ecs service with nlb

Hi there,

I’m new to terraform so i’m having some problems spinning up an ECS service with NLB…

The service uses UDP so i’m using ASG with NLB. I’ve managed to create the cluster, iam roles, load balancer, vpc with gw and the service, but the service won’t run on the instance.

the user_data script to add the instance to the cluster is working and i made a key to ssh into the instances (will not put that in production).

The error i’m getting is :
service XXX was unable to place a task because no container instance met all of its requirements. The closest matching container-instance YYY is already using a port required by your task. For more information, see the Troubleshooting section

But i went into the instance and the port is not being used, i think there’s some problem on the load balancer or service configuration.

autoscaling group:

resource "aws_launch_configuration" "radius" {
 name_prefix                 = "${var.name_prefix}_radius_"
 instance_type               = var.instance_type
 image_id                    = data.aws_ami.amazon_linux_ecs.id
 key_name                    = var.key_name
 security_groups             = [aws_security_group.radius.id]
 user_data                   = data.template_cloudinit_config.asg_user_data.rendered
 iam_instance_profile        = aws_iam_instance_profile.radius_iam_profile.id
 associate_public_ip_address = true

 lifecycle {
   create_before_destroy = true
 }
}

resource "aws_autoscaling_group" "radius" {
 name                      = "${var.name_prefix}_radius_asg"
 max_size                  = var.desired_count * 2
 min_size                  = ceil(max(1, var.desired_count / 2))
 desired_capacity          = var.desired_count
 health_check_grace_period = 300
 health_check_type         = "EC2"
 force_delete              = true
 launch_configuration      = aws_launch_configuration.radius.name
 vpc_zone_identifier       = var.subnet_ids
 # vpc_zone_identifier       = ["${split(",", var.subnet_ids)}"]

 tag {
   key                 = "Name"
   value               = "${var.name_prefix}-radius-asg"
   propagate_at_launch = true
 }

 lifecycle {
   create_before_destroy = true
 }
}

ecs.tf:

resource "aws_ecs_cluster" "this" {
  name = "${var.name_prefix}_radius_cluster"
}

resource "aws_ecs_service" "radius" {
  name                               = "${var.name_prefix}_radius_service"
  cluster                            = aws_ecs_cluster.this.id
  task_definition                    = aws_ecs_task_definition.radius.arn
  desired_count                      = var.desired_count
  deployment_minimum_healthy_percent = var.min_health

  load_balancer {
    target_group_arn = aws_lb_target_group.auth.arn
    container_name   = "radius"
    container_port   = 1812
  }

  load_balancer {
    target_group_arn = aws_lb_target_group.acct.arn
    container_name   = "radius"
    container_port   = 1813
  }

  lifecycle {
    create_before_destroy = true
    ignore_changes        = [desired_count]
  }
}

resource "aws_ecs_task_definition" "radius" {
  family                = "${var.name_prefix}_radius_tastdef"
  container_definitions = data.template_file.radius_task.rendered

  lifecycle {
    create_before_destroy = true
  }
}

data "template_file" "radius_task" {
  template = <<EOF
[
  {
    "name": "radius",
    "image": "${var.radius_image}",
    "cpu": 512,
    "memory": 512,
    "essential": true,
    "portMappings": [
      {
        "containerPort": 22,
        "hostPort": 22
      },
      {
        "containerPort": 1812,
        "hostPort": 1812
      },
      {
        "containerPort": 1813,
        "hostPort": 1813
      }
    ],
    "environment": [${join(",", data.template_file.env_vars.*.rendered)}]
  }
]
EOF
}

data "template_file" "env_vars" {
  count    = length(var.env_vars)
  template = <<EOF
{"name": "${element(keys(var.env_vars), count.index)}", "value": "${lookup(var.env_vars, element(keys(var.env_vars), count.index), "")}"}
EOF
}

nlb.tf

    resource "aws_lb" "nlb" {
  name               = "${var.name_prefix}-radius-nlb"
  internal           = false
  load_balancer_type = "network"
  # subnets            = var.subnet_ids

  enable_deletion_protection = false

  dynamic subnet_mapping {
    for_each = var.subnet_ids

    content {
      subnet_id     = subnet_mapping.value
      allocation_id = lookup(element(aws_eip.public_ips, subnet_mapping.key), "id", "")
    }
  }
}

resource "aws_lb_listener" "auth" {
  load_balancer_arn = aws_lb.nlb.arn
  port              = 1812
  protocol          = "TCP_UDP"

  default_action {
    type             = "forward"
    target_group_arn = aws_lb_target_group.auth.arn
  }
}

resource "aws_lb_listener" "acct" {
  load_balancer_arn = aws_lb.nlb.arn
  port              = 1813
  protocol          = "TCP_UDP"

  default_action {
    type             = "forward"
    target_group_arn = aws_lb_target_group.acct.arn
  }
}

resource "aws_lb_target_group" "auth" {
  name        = "${var.name_prefix}-radius-auth-tg"
  target_type = "instance"
  port        = 1812
  protocol    = "TCP_UDP"
  vpc_id      = var.vpc_id
}

resource "aws_lb_target_group" "acct" {
  name        = "${var.name_prefix}-radius-acct-tg"
  target_type = "instance"
  port        = 1813
  protocol    = "TCP_UDP"
  vpc_id      = var.vpc_id
}