ARecord is created even with publicLoadBalancer is set to false in ApplicationLoadBalancedFargateService
See original GitHub issueEven when the ‘publicLoadBalancer’ is set to false, ApplicationLoadBalancedFargateService still creates an ARecord with loadbalancer as target.
I don’t see any reason to have an ARecord when the loadbalancer is private.
Reproduction Steps
// CloudFormation Resources
this.service = new ecsPatterns.ApplicationLoadBalancedFargateService(this, 'Service', {
.......
.......
.......
publicLoadBalancer: false,
protocol: elbv2.ApplicationProtocol.HTTPS,
domainName: `abc.com`,
domainZone: serviceHostedZone,
.......
.......
.......
});
Error Log
Environment
- CLI Version :
- Framework Version:
- OS :
- Language :
Other
It doesn’t make sense to create an ARecord which never gets resolved when the ‘publicLoadBalancer’ is set false. Ideally record creation can be optional or atleast do it only when publicLoadBalancer is set true.
This is 🐛 Bug Report
Issue Analytics
- State:
- Created 4 years ago
- Comments:9 (8 by maintainers)
Top Results From Across the Web
class ApplicationLoadBalancedFargateService (construct)
enableECSManagedTags? Type: boolean (optional, default: false). Specifies whether to enable Amazon ECS managed tags for the tasks within the service.
Read more >awsecspatterns - Go Packages
This library provides higher-level Amazon ECS constructs which follow common architectural patterns. It contains: Application Load Balanced Services; Network ...
Read more >@aws-cdk/aws-elasticloadbalancingv2 - Package Manager
Vpc; // Create the load balancer in a VPC. 'internetFacing' is 'false' // by default, which creates an internal load balancer. const lb...
Read more >Application Load Balanced Fargate Service example in AWS ...
Application Load Balanced Fargate Service architecture diagram. The following resources are going to be built when we're creating the ...
Read more >logback - How to configure AWS CDK ...
TaskDefinition code does not automatically create a LogRouter container, ... publicLoadBalancer, // Default is false domainName: this.
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
If it is public or not depends on the type of hosted zone you are using. But even if it is public this is not a real issue. I don’t think hiding IPs is a security thing.
The DNS name the LB gets is an AWS one, but most of the time I want to use a vanity name to reach this for example via VPN/DirectConnect from on-prem. I don’t see a reason why internal LBs should not have DNS records in my hosted zones.
Additionally, I think the ECS patterns package is marked
stable
so breaking changes, and this is one, are not allowed imho.I don’t think we should be making everything configurable in the patterns (the patterns are designed to be well constructed services with opinionated defaults). As this doesn’t appear to be a common usecase, and the benefits don’t outweigh the complexity, I’m of the opinion that we shouldn’t add this flag as it would add unnecessary complexity to the constructs themselves. The patterns will start to become unmaintainable/unusable if everything is added as a configuration.
A workaround is to implement the pattern using L2s and remove the logic that creates the ARecord. Feel free to reopen and let me know if you have any further questions around how to do this with L2s.