Hi there,
I’m new to terraform so i’m having some problems spinning up an ECS service with NLB…
The service uses UDP so i’m using ASG with NLB. I’ve managed to create the cluster, iam roles, load balancer, vpc with gw and the service, but the service won’t run on the instance.
the user_data script to add the instance to the cluster is working and i made a key to ssh into the instances (will not put that in production).
The error i’m getting is :
service XXX was unable to place a task because no container instance met all of its requirements. The closest matching container-instance YYY is already using a port required by your task. For more information, see the Troubleshooting section
But i went into the instance and the port is not being used, i think there’s some problem on the load balancer or service configuration.
autoscaling group:
resource "aws_launch_configuration" "radius" {
name_prefix = "${var.name_prefix}_radius_"
instance_type = var.instance_type
image_id = data.aws_ami.amazon_linux_ecs.id
key_name = var.key_name
security_groups = [aws_security_group.radius.id]
user_data = data.template_cloudinit_config.asg_user_data.rendered
iam_instance_profile = aws_iam_instance_profile.radius_iam_profile.id
associate_public_ip_address = true
lifecycle {
create_before_destroy = true
}
}
resource "aws_autoscaling_group" "radius" {
name = "${var.name_prefix}_radius_asg"
max_size = var.desired_count * 2
min_size = ceil(max(1, var.desired_count / 2))
desired_capacity = var.desired_count
health_check_grace_period = 300
health_check_type = "EC2"
force_delete = true
launch_configuration = aws_launch_configuration.radius.name
vpc_zone_identifier = var.subnet_ids
# vpc_zone_identifier = ["${split(",", var.subnet_ids)}"]
tag {
key = "Name"
value = "${var.name_prefix}-radius-asg"
propagate_at_launch = true
}
lifecycle {
create_before_destroy = true
}
}
ecs.tf:
resource "aws_ecs_cluster" "this" {
name = "${var.name_prefix}_radius_cluster"
}
resource "aws_ecs_service" "radius" {
name = "${var.name_prefix}_radius_service"
cluster = aws_ecs_cluster.this.id
task_definition = aws_ecs_task_definition.radius.arn
desired_count = var.desired_count
deployment_minimum_healthy_percent = var.min_health
load_balancer {
target_group_arn = aws_lb_target_group.auth.arn
container_name = "radius"
container_port = 1812
}
load_balancer {
target_group_arn = aws_lb_target_group.acct.arn
container_name = "radius"
container_port = 1813
}
lifecycle {
create_before_destroy = true
ignore_changes = [desired_count]
}
}
resource "aws_ecs_task_definition" "radius" {
family = "${var.name_prefix}_radius_tastdef"
container_definitions = data.template_file.radius_task.rendered
lifecycle {
create_before_destroy = true
}
}
data "template_file" "radius_task" {
template = <<EOF
[
{
"name": "radius",
"image": "${var.radius_image}",
"cpu": 512,
"memory": 512,
"essential": true,
"portMappings": [
{
"containerPort": 22,
"hostPort": 22
},
{
"containerPort": 1812,
"hostPort": 1812
},
{
"containerPort": 1813,
"hostPort": 1813
}
],
"environment": [${join(",", data.template_file.env_vars.*.rendered)}]
}
]
EOF
}
data "template_file" "env_vars" {
count = length(var.env_vars)
template = <<EOF
{"name": "${element(keys(var.env_vars), count.index)}", "value": "${lookup(var.env_vars, element(keys(var.env_vars), count.index), "")}"}
EOF
}
nlb.tf
resource "aws_lb" "nlb" {
name = "${var.name_prefix}-radius-nlb"
internal = false
load_balancer_type = "network"
# subnets = var.subnet_ids
enable_deletion_protection = false
dynamic subnet_mapping {
for_each = var.subnet_ids
content {
subnet_id = subnet_mapping.value
allocation_id = lookup(element(aws_eip.public_ips, subnet_mapping.key), "id", "")
}
}
}
resource "aws_lb_listener" "auth" {
load_balancer_arn = aws_lb.nlb.arn
port = 1812
protocol = "TCP_UDP"
default_action {
type = "forward"
target_group_arn = aws_lb_target_group.auth.arn
}
}
resource "aws_lb_listener" "acct" {
load_balancer_arn = aws_lb.nlb.arn
port = 1813
protocol = "TCP_UDP"
default_action {
type = "forward"
target_group_arn = aws_lb_target_group.acct.arn
}
}
resource "aws_lb_target_group" "auth" {
name = "${var.name_prefix}-radius-auth-tg"
target_type = "instance"
port = 1812
protocol = "TCP_UDP"
vpc_id = var.vpc_id
}
resource "aws_lb_target_group" "acct" {
name = "${var.name_prefix}-radius-acct-tg"
target_type = "instance"
port = 1813
protocol = "TCP_UDP"
vpc_id = var.vpc_id
}