How to manage ECS tasks with a Network Load Balancer in TypeScript?

Question

Pulumi · Accepted Answer

In this program, we create a network load balancer and an ECS task set using the AWS native Pulumi libraries. For this, we use the following resources:

- `aws-native.ecs.TaskSet`: This resource describes a set of ECS tasks. An ECS task set is a subset of an ECS service's tasks that use a specific task definition version, container settings, and network settings.

- `aws-native.elasticloadbalancingv2.TargetGroup`: A target group routes requests to one or more registered targets when it receives traffic from the load balancer.

- `aws-native.elasticloadbalancingv2.Listener`: Before you start using your Network Load Balancer, you create one or more listeners. A Network Load Balancer listener listens for connection requests from clients.

Let's start coding:

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as aws_native from "@pulumi/aws-native";

// A new VPC for our load balancer and ECS tasks.
const vpc = new aws_native.ec2.Vpc("myVpc");

// Create a security group for our load balancer.
const lbSecurityGroup = new aws_native.ec2.SecurityGroup("lbSecurityGroup", {
    vpcId: vpc.id,
});

// A load balancer listing on port 80.
const loadBalancer = new aws_native.elasticloadbalancingv2.LoadBalancer("myLoadBalancer", {
    scheme: "internet-facing",
    subnets: vpc.subnets,
    securityGroups: [lbSecurityGroup.id],
    type: "network",
});

// A target group for port 80.
const targetGroup = new aws_native.elasticloadbalancingv2.TargetGroup("targetGroup", {
    vpcId: vpc.id,
    port: 80,
    protocol: "TCP",
    targetType: "ip",
});

// Listen to port 80.
const listener = new aws_native.elasticloadbalancingv2.Listener("myListener", {
    defaultActions: [{
        type: "forward",
        targetGroupArn: targetGroup.arn,
    }],
    loadBalancerArn: loadBalancer.arn,
    port: 80,
    protocol: "TCP",
});

// Create a log group for our ECS service.
const logGroup = new aws_native.logs.LogGroup("logGroup");

// An ECS cluster.
const cluster = new aws_native.ecs.Cluster("cluster", {
    containerInsights: true,
});

// Create an ECS task definition: the application we want to run.
const taskDefinition = new aws_native.ecs.TaskDefinition("taskDefinition", {
    containerDefinitions: JSON.stringify([{
        name: "my-app",
        image: "nginx",
        memory: 128,
        portMappings: [{ containerPort: 80 }],
        logConfiguration: {
            logDriver: "awslogs",
            options: {
                "awslogs-group": logGroup.name,
                "awslogs-region": "us-west-2",
                "awslogs-stream-prefix": "my-app",
            },
        },
    }]),
    cpu: "256",
    memory: "0.5GB",
    networkMode: "awsvpc",
    requiresCompatibilities: ["FARGATE"],
    executionRoleArn: role.arn,
    family: "my-app",
});

// An ECS service to run and maintain tasks in an ECS cluster.
const service = new aws_native.ecs.Service("service", {
    cluster: cluster.arn,
    desiredCount: 5,
    launchType: "FARGATE",
    taskDefinition: taskDefinition.arn,
    waitForSteadyState: true,
    networkConfiguration: {
        assignPublicIp: "ENABLED",
        subnets: vpc.subnets,
        securityGroups: [lbSecurityGroup.id],
    },
    loadBalancers: [{
        targetGroupArn: targetGroup.arn,
        containerName: "my-app",
        containerPort: 80,
    }],
});
```

This establishes a network load balancer listening on port 80 and balancing amongst ECS tasks. These tasks are running the `nginx` Docker image. The ECS tasks are publicly reachable through the load balancer.

You can access the load balancer at its DNS name. The Pulumi Program exports this value.

```
export const url = loadBalancer.dnsName;
```