pulumi template to deploy a container to fargate allowing for https traffic on the load balancer

Sure thing! We can use the awsx library from Pulumi to handle a lot of the setup for us.

The following program provisions an AWS ECS Fargate service running a container based on a provided Docker image. An Application Load Balancer is set up to handle traffic to the service over HTTPS.

import * as awsx from "@pulumi/awsx";

// The Docker image to use for our Fargate service.
const imageUrl = "my-image-repo/my-image:latest";

// The certificate to use for our Application Load Balancer.
const certArn = "my-certificate-arn";

let cluster = new awsx.ecs.Cluster("cluster");

let alb = new awsx.lb.ApplicationLoadBalancer("alb", { securityGroups: cluster.securityGroups });

let albTargetGroup = alb.createTargetGroup("fargate-target-group", {
    port: 80,
    targetType: "ip",
    protocol: "HTTP"
});

albTargetGroup.createListener("fargate-listener", {
    protocol: "HTTPS",
    certificateArn: certArn,
    defaultAction: {
        type: "forward"
    }
});

let fargateService = new awsx.ecs.FargateService("fargate-service", {
    cluster: cluster,
    taskDefinitionArgs: {
        container: {
            image: imageUrl,
            portMappings: [ albTargetGroup ],
        },
    },
    desiredCount: 1,
});

export const serviceName = fargateService.service.name;

Please replace "my-image-repo/my-image:latest" with your Docker image and "my-certificate-arn" with your certificate ARN.

This program includes the following resources:

An ECS Cluster, defined with awsx.ecs.Cluster.
An Application Load Balancer, defined with awsx.lb.ApplicationLoadBalancer to handle incoming traffic.
A target group where an ALB routes traffic to. The target group's port is the port your application listens on in the Docker image, and the targetType is "ip".
A listener that listens on HTTPS (port 443) traffic with a certificate to decrypt incoming traffic and forwards it to the target group.
An ECS Fargate service running the specified Docker image.

Notice that, the cluster.securityGroups is provided when creating the ALB, which allows the Load Balancer to communicate with the Fargate service.