[ECS] Why "securityGroups" fromClusterAttributes mandatory ?
See original GitHub issueWhen using ECS with EC2 instances (hosts), no pb; but when using Fargate, we don’t have any Security Group associated with the container instances registered to the cluster, so why it’s needed at the import ?
Reproduction Steps
For example, you create a Cluster in a Stack A :
const EcsCluster = new ecs.Cluster(this, 'EcsCluster', {
vpc: vpc,
clusterName: EcsClusterName,
containerInsights: true
});
const SecurityGroupEcsHost = new ec2.SecurityGroup(this, 'SecurityGroupEcsHost', {
vpc: vpc,
allowAllOutbound: true,
description: 'Security Group for ECS Host'
});
AutoScalingGroupEcsHost.addSecurityGroup(SecurityGroupEcsHost);
EcsCluster.addAutoScalingGroup(AutoScalingGroupEcsHost;
And you want to create an ECS EC2Service in another Stack B :
clusterName: EcsClusterName,
vpc,
securityGroups: [SecurityGroupEcsHost]
});
No pb at this time because on the first Stack, you have provided SGR & ASG resources for Hosts Instances.
What did you expect to happen?
But now, I want to create ECS Fargate resources on the other Stack, and the SGR is created on this one because associated with Fargate Service.
const EcsClusterFargate = new ecs.Cluster(this, 'EcsClusterFargate ', {
vpc: vpc,
clusterName: EcsClusterFargateName,
containerInsights: true
});
But in that case, I can’t import the dedicated Cluster like that :
const EcsClusterFargate = ecs.Cluster.fromClusterAttributes(this, 'EcsCluster', {
clusterName: EcsClusterFargateName,
vpc
});
So, why it’s mandatory ? Do I have to attach a fake SGR ?
Environment
- CLI Version : 1.68.0
- Framework Version: 6.14.8
- Node.js Version: v12.15.0
- OS : Linux
- Language (Version): TypeScript
This is 🐛 Bug Report
Issue Analytics
- State:
- Created 3 years ago
- Reactions:21
- Comments:9 (2 by maintainers)
Top Results From Across the Web
class Cluster (construct) · AWS CDK
A regional grouping of one or more container instances on which you can run tasks and services. Example. declare const vpc: ec2.Vpc; const...
Read more >awslabs/aws-cdk - Gitter
const importedCluster = ecs.Cluster.fromClusterAttributes(this, "cluster", { clusterName: cluster.clusterName, vpc: vpc, securityGroups: [ securityGroup ] });.
Read more >How to run a Fargate Task on an existing ecs cluster using ...
There are two questions. I Will try to answer both: First of all you need to run the Fargate task via CDK. you...
Read more >awsecs - Go Packages
If your container instances are launched from the Amazon ECS-optimized AMI version 20190301 or later, then they contain the required versions of the ......
Read more >update-service — AWS CLI 2.9.9 Command Reference
When you update any of these parameters, Amazon ECS starts new tasks with the new ... The IDs of the security groups associated...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
the securityGroups property can contain an empty array
This fixed my lookup issue. Thanks so much!