Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[ecs-patterns] DNS not in Route53 but being required when adding certificate=cert in ecs_patterns.ApplicationLoadBalancedFargateService

See original GitHub issue

❓ Adding Certificate when Creating ECS cluster with CDK with ecs_patterns.ApplicationLoadBalancedFargateService that is not on Route53

The Question

Hi,

I am trying to create and add an ACM cert when setting up an ECS cluster and ALB with CDK. It appears that when I add certificate=cert in the parameters for ecs_patterns.ApplicationLoadBalancedFargateService I am required to provide a Route53 domain zone, but our DNS is not in Route53. Can you help me out with this?

Here is what I have so far.

from aws_cdk import (core, aws_ec2 as ec2, aws_ecs as ecs,
                     aws_certificatemanager as certman,
                     aws_ecs_patterns as ecs_patterns,
                     aws_ecr as ecr)

from aws_cdk.core import Tags

class CdkTest2Stack(core.Stack):

    def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
        super().__init__(scope, id, **kwargs)

        # Add tags
        Tags.of(self).add('Application', 'CdkTest2')
        Tags.of(self).add('Environment', 'Development')

        vpc = ec2.Vpc.from_lookup(self, "VPC", vpc_id="vpc-0123456789")
        cluster = ecs.Cluster(self, "ecs-cluster", vpc=vpc)
        cert = certman.Certificate(self, 'cert',
            domain_name='test-api.test.com',
            validation=certman.CertificateValidation.from_dns())
        ecrRepo = ecr.Repository.from_repository_name(self, "ecrRepo", "test-api")
        ecs_patterns.ApplicationLoadBalancedFargateService(self, "alb-fargate-service",
            cluster=cluster,            # Required
            cpu=512,                    # Default is 256
            desired_count=1,            # Default is 1
            task_image_options=ecs_patterns.ApplicationLoadBalancedTaskImageOptions(
                image=ecs.ContainerImage.from_ecr_repository(ecrRepo)),
            memory_limit_mib=2048,      # Default is 512
            public_load_balancer=True,  # Default is False
            certificate=cert,
            domain_name='test-api.test.com',
            domain_zone='',
            enable_ecs_managed_tags=True,
            propagate_tags=ecs.PropagatedTagSource('TASK_DEFINITION'))

AWS Support response:

Hello,

Thank you for contacting AWS Premium Support. My name is Adarsh and I will be assisting you today.

I understand that you are try to create and add an ACM cert when setting up an ECS cluster and ALB with CDK. However, when you add the certificate in the parameters for "ecs_patterns.ApplicationLoadBalancedFargateService", you must also provide a Route53 domain zone but your DNS is not hosted on Route53.

I looked at the documentation for "ecs_patterns.ApplicationLoadBalancedFargateService" and found that the "domain_zone" does in fact have to be route53.

Unfortunately, this issue has to be brought up in GitHub Issues.

Please visit [1] and raise this issue there.

I apologize for the inconvenience this may cause.

If you have any questions please do not hesitate to let me know and I will be happy to help.

Thank you and have a wonderful day!

References:
[1] https://github.com/aws/aws-cdk/issues

Environment

CDK CLI Version: 1.68.0 (build a6a3f46)
Module Version: ???
Node.js Version: v12.19.0
OS: OSX High Sierra
Language (Version): Python 3.8.5

Thanks, Robbie

Issue Analytics

State:
Created 3 years ago
Reactions:5
Comments:12 (3 by maintainers)

Top GitHub Comments

3reactions

robbie1douglascommented, Jan 14, 2021

I’m now getting back to this. Is there any progress or a well documented work around? Thanks for your efforts!

3reactions

lefb766commented, Oct 28, 2020

I also got troubled by this recently. I don’t want ApplicationLoadBalancedFargateService to update DNS records.

Here are examples of situations made impossible by this requirement:

With an external DNS zone and a CNAME in it points to ALB (maybe the author’s case)
With a Route 53 zone but their records are managed by a different CF stack
Additional verification is required after ALB setup and before DNS record change

I think this requirement is premature and it’s not achieving something beneficial.

Top Results From Across the Web

aws-cdk/aws-ecs-patterns module - AWS Documentation

declare const cluster: ecs.Cluster; const loadBalancedFargateService = new ecsPatterns.ApplicationLoadBalancedFargateService(this, 'Service', { cluster, ...

Find Answers to AWS Questions about AWS Certificate Manager

Browse through AWS Certificate Manager questions or showcase your expertise by answering unanswered questions.

AWS Load Balancer HTTPS Setup with Route 53 ... - YouTube

In this video we will set up Load Balancer for HTTPS traffic with AWS Certificate Manager, and Route 53. We will also learn...

awslabs/aws-cdk - Gitter

Hi Guys, i have a query and would really need ur help on this ... "if Route 53 is not your DNS provider,...

Application Load Balanced Fargate Service example in AWS ...

Create an AWS VPC. Before we can start to build a Fargate service we need to set up a virtual private cloud (VPC)....