CDK Current Issues

Long Format ANS Names

ECS needs to be able to use long format ARNs if tags are going to be used. These need to be enabled using the aws command line and are set for ECS at the account level

 aws ecs put-account-setting-default --name serviceLongArnFormat --value enabled
{
    "setting": {
        "name": "serviceLongArnFormat",
        "value": "enabled",
        "principalArn": "arn:aws:iam::974255826724:root"
    }
}

aws ecs put-account-setting-default --name taskLongArnFormat --value enabled
{
    "setting": {
        "name": "taskLongArnFormat",
        "value": "enabled",
        "principalArn": "arn:aws:iam::974255826724:root"
    }
}
aws ecs put-account-setting-default --name containerInstanceLongArnFormat --value enabled
{
    "setting": {
        "name": "containerInstanceLongArnFormat",
        "value": "enabled",
        "principalArn": "arn:aws:iam::974255826724:root"
    }
}

Default Port 80 Listener

The top-level abstractions in the esc patterns library assume that the container deployment is a web application or some form of RESTful micro service. Consequently, it creates a default listener on Port 80 and performs health checks on this port to ensure that the service is alive. If the healthcheck fails then the container is destroyed and recreated.

Where this becomes an issue is when the service deployed exposes only a TCP protocol on the ECS container. An example of this is the Eclipse Mosquitto MQTT provider. It listens on port 1883 for MQTT traffic but does not respond to HTTP. The Fargate infrastructure will, therefore, continually restart the MQTT service making it unusable.

Note that there is also a lower level protocol healthcheck (at the TCP level) on the MQTT port 1883. The port 80 check is essentially unnecessary.

Workaround

The MQTT container has been repackaged with an HTTP server (at this point nginx) and the listener healthcheck receives a response which keeps the container active.

Current Status

Reported Bug to AWS https://github.com/aws/aws-cdk/issues/11634

Default Load Balancer Targets Hidden

Because the Target Groups and Targets are created by the high level abstractions in the CDK they are easily available to the CDK program in the case where we wish to add a listener fcor a port other than 80. This makes it difficult to expose other ports on the internet as although it’s easy to add a new listener and create a new Target Group we do not have direct access to the Container targets in order to wire up the access from the Load Balancer.

Workaround

The container targets are available by performing a search on the container access points on the LoadBalancer. Passing the name of the container and the required port number to the loadBalancerTarget method will return the container access point on the Load Balancer so that it can be added into the Target Group

targets:[service.service.loadBalancerTarget({
containerName: 'mqtt-container',
containerPort: 1883
})],

Current Status

Feature

File System Creation