У меня уже есть несколько стеков формирования облака, которые создают кластер ECS по HTTP, однако я не могу заставить его работать с использованием HTTPS. Я уже создал сертификат SSL и указываю домен на балансировщик нагрузки
. Когда я перехожу к URL-адресу DNS балансировщика нагрузки, я получаю ошибку 502
Однако, если использовать HTTP в моемстеки, все работает
Вот мои стеки формирования облака
AWSTemplateFormatVersion: '2010-09-09'
Description: container cluster on ECS, loadbalancer, security groups and cloudwatch
Resources:
ECSCluster:
Type: AWS::ECS::Cluster
Properties:
ClusterName: 'amdCluster'
LoadBalancer:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
Name: ecs-services
Subnets:
- !ImportValue 'Subnet1'
- !ImportValue 'Subnet2'
SecurityGroups:
- !Ref LoadBalancerSecurityGroup
LoadBalancerListener:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
LoadBalancerArn: !Ref LoadBalancer
Protocol: HTTPS
Port: 443
Certificates:
- CertificateArn: REDACTED
SslPolicy: ELBSecurityPolicy-2016-08
DefaultActions:
- Type: forward
TargetGroupArn: !Ref DefaultTargetGroup
LoadBalancerSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Security group for loadbalancer to services on ECS
VpcId: !ImportValue 'VPC'
SecurityGroupIngress:
- CidrIp: 0.0.0.0/0
IpProtocol: -1
DefaultTargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
Name: default
VpcId: !ImportValue 'VPC'
Protocol: 'HTTPS'
Port: '443'
CloudWatchLogsGroup:
Type: AWS::Logs::LogGroup
Properties:
LogGroupName: 'amd'
RetentionInDays: 1
ContainerSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
VpcId: !ImportValue 'VPC'
GroupDescription: for ecs containers
SecurityGroupIngress:
- SourceSecurityGroupId: !Ref 'LoadBalancerSecurityGroup'
IpProtocol: -1
Outputs:
Cluster:
Value: !Ref ECSCluster
Export:
Name: 'ECSCluster'
Listener:
Description: listener port 443
Value: !Ref LoadBalancerListener
Export:
Name: 'Listener'
ContainerSecurityGroup:
Description: container security group
Value: !Ref ContainerSecurityGroup
Export:
Name: 'ContainerSecurityGroup'
LoadBalancerDNS:
Description: Domain name for the loadbalancer
Value: !GetAtt LoadBalancer.DNSName
Export:
Name: 'DomainName'
AWSTemplateFormatVersion: '2010-09-09'
Description: container on ecs cluster
Resources:
Task:
Type: AWS::ECS::TaskDefinition
Properties:
Family: amd
Cpu: 256
Memory: 512
NetworkMode: awsvpc
RequiresCompatibilities:
- FARGATE
ExecutionRoleArn: !ImportValue ECSTaskExecutionRole
ContainerDefinitions:
- Name: amd
Image: REDACTED
Cpu: 256
Memory: 512
PortMappings:
- ContainerPort: 8080
Protocol: tcp
LogConfiguration:
LogDriver: awslogs
Options:
awslogs-group: 'amd'
awslogs-region: !Ref AWS::Region
awslogs-stream-prefix: 'amd'
Service:
Type: AWS::ECS::Service
DependsOn: ListenerRule
Properties:
ServiceName: amd-service
TaskDefinition: !Ref Task
Cluster: !ImportValue 'ECSCluster'
LaunchType: FARGATE
DesiredCount: 1
DeploymentConfiguration:
MaximumPercent: 200
MinimumHealthyPercent: 70
NetworkConfiguration:
AwsvpcConfiguration:
AssignPublicIp: ENABLED
Subnets:
- !ImportValue Subnet1
- !ImportValue Subnet2
SecurityGroups:
- !ImportValue ContainerSecurityGroup
LoadBalancers:
- ContainerName: amd
ContainerPort: 8080
TargetGroupArn: !Ref TargetGroup
TargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
Name: amd-tg
VpcId: !ImportValue VPC
Port: 443
Protocol: HTTPS
Matcher:
HttpCode: 200-299
HealthCheckIntervalSeconds: 300
HealthCheckPath: /
HealthCheckProtocol: HTTPS
HealthCheckTimeoutSeconds: 5
HealthyThresholdCount: 10
TargetType: ip
ListenerRule:
Type: AWS::ElasticLoadBalancingV2::ListenerRule
Properties:
ListenerArn: !ImportValue Listener
Priority: 1
Conditions:
- Field: path-pattern
Values: [/*]
Actions:
- TargetGroupArn: !Ref TargetGroup
Type: forward
Outputs:
ApiEndpoint:
Description: AMD Endpoint
Value: !Join ['', ['http://', !ImportValue DomainName, '/']]
Export:
Name: 'AMDEndpoint'