Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[aws-events-targets] Add flag for Auto-assign public IP to EcsTask

See original GitHub issue

With ECS tasks I ran into an issue where ECS is unable to pull images from ECR even though the task is set to run in a PUBLIC subnet. In the console it appears that it is possible to set the Auto-assign public IP for an Event target.

Use Case

I have a cloudwatch event that is set to run every week that fires an ECS task. The ECS task needs to be able to pull the ECR image and communicate with external resources and therefore needs a public IP address.

My current event and target:

    const encryptionEventRule = new Rule(this, `${this.projectTag}-encryption-event-rule`, {
      schedule: Schedule.expression("rate(7 days)"),
    });

    encryptionEventRule.addTarget(
      new EcsTask({
        cluster,
        taskDefinition: encryptionTaskDefinition,
        taskCount: 1,
        subnetSelection: VPC.selectSubnets({
          subnetType: SubnetType.PUBLIC,
        }),
      })
    );

Proposed Solution

Just like ECS services I believe a flag for the Auto-assign public IP can be added

In an ECS Service

    const service = new FargateService(this, SERVICE_NAME, {
      serviceName: SERVICE_NAME,
      taskDefinition: taskDefinition,
      cluster: cluster,
      desiredCount: SERVICE_DESIRED_CONTAINER_COUNT,
      assignPublicIp: SERVICE_ASSIGN_PUBLIC_IP,
      securityGroup: serviceSecurityGroup,
      vpcSubnets: VPC.selectSubnets({
        subnetType: SubnetType.PUBLIC,
      }),
    });

My proposal for an ECS Task event target:

    encryptionEventRule.addTarget(
      new EcsTask({
        cluster,
        taskDefinition: encryptionTaskDefinition,
        taskCount: 1,
        assignPublicIp: SERVICE_ASSIGN_PUBLIC_IP,
        subnetSelection: VPC.selectSubnets({
          subnetType: SubnetType.PUBLIC,
        }),
      })
    );

Other

The CloudWatch console allows for setting the Auto-assign public IP value when creating an Event Rule that triggers ECS tasks as described here.

👋 I may be able to implement this feature request
⚠️ This feature might incur a breaking change

This is a 🚀 Feature Request

Issue Analytics

State:
Created 3 years ago
Reactions:19
Comments:10 (2 by maintainers)

Top GitHub Comments

5reactions

obernardocostacommented, Aug 27, 2021

I am having the same issue here. Any update on this? more than a year… I am trying to use CDK over Terraform, but this kind of thing piss us of 😕

5reactions

vmouraccommented, Aug 23, 2021

Any updates on this? The company I work for is currently on early stages of adopting CDK, but this issue is currently having a negative impact on our analysis

Top Results From Across the Web

Amazon ECS events - Amazon Elastic Container Service

Amazon ECS sends the following types of events to EventBridge: container instance state change events, task state change events, service action, and service ......

aws-cdk/aws-ecs module - AWS Documentation

It's possible to add multiple AutoScalingGroups with various instance types. The following example creates an Amazon ECS cluster and adds capacity to it:...

Step 2: Configure a network - Amazon Elastic Container Service

To access the internet, tasks that are hosted on Amazon EC2 instances can be launched in a private subnet that's configured to use...

aws-cdk/aws-ecs-patterns module - AWS Documentation

One application load balancer with one listener and two target groups. declare const cluster: ecs.Cluster; const loadBalancedEc2Service = new ecsPatterns.

run-task — AWS CLI 1.27.37 Command Reference

You can allow Amazon ECS to place tasks for you, or you can customize how Amazon ... For example, if you binpack on...