Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[ecs-patterns] Make sslPolicy configurable with ApplicationLoadBalancedFargateService

See original GitHub issue

When adding an ApplicationListener to an ApplicationLoadBalancer the sslPolicy can be configured. However when using an ApplicationLoadBalancedFargateService or an ApplicationLoadBalancedEc2Service the construct automatically adds the listener and there is no option to configure the sslPolicy.

I worked around this feature gap by extending ApplicationLoadBalancer and overriding the addListener method to add the sslPolicy flag but this should be an option in an ApplicationLoadBalancedService

Use Case

Be able to configure the ApplicationLoadBalancer in an ApplicationLoadBalancedFargateService to use a different sslPolicy such as only allowing TLS1.2 connections

Proposed Solution

Add the sslPolicy property to ApplicationLoadBalancedServiceBaseProps and use the property when calling loadBalancer.addListener in ApplicationLoadBalancedServiceBase

Other

👋 I may be able to implement this feature request
⚠️ This feature might incur a breaking change

This is a 🚀 Feature Request

Issue Analytics

State:
Created 3 years ago
Reactions:14
Comments:5 (3 by maintainers)

Top GitHub Comments

4reactions

daniel-harrisoncommented, Jun 16, 2021

I’ve hit this issue as well, I don’t know if this will help someone but overrides work in the meantime const listener: elbv2.CfnListener = fargateService.listener.node.defaultChild as elbv2.CfnListener; listener.addOverride('Properties.SslPolicy', SslPolicy.TLS12_EXT);

1reaction

iamhopaul123commented, Dec 2, 2020

Hello @rcollette, the use case is valid but even if we expose sslPolicy as a property the other listener properties remains out of control for users. I think #11841 would be the one we need to address instead of this one. Once we are able to address #11841 this one can be closed as well.

Top Results From Across the Web

aws-cdk/aws-ecs-patterns module - AWS Documentation

Instead of providing a cluster you can specify a VPC and CDK will create a new ECS cluster. ... Configure HTTPS on an...

ecs-patterns 1.182.0 javadoc (software.amazon.awscdk)

ApplicationLoadBalancedFargateService. A Fargate service running on an ECS cluster fronted by an application load balancer.

awsecspatterns - Go Packages

A Fargate service running on an ECS cluster fronted by an application load balancer. Example: var cluster cluster loadBalancedFargateService := ecsPatterns.

Namespace Amazon.CDK.AWS.ECS.Patterns

If you deploy multiple services CDK will only create one cluster per VPC. ... Configure HTTPS on an ApplicationLoadBalancedFargateService. using Amazon.CDK.

How can I set the sslPolicy of the ApplicationLoadBalancer ...

... sslPolicy but your subclass can be made configurable as needed. ... constructs such as ApplicationLoadBalancedFargateService and * it ...