Based on AWS ECS architecture
@Marcin purposed an interesting idea, but I cannot wrap my head around how the ALB knows which target group to forward to, as my attempts with 2 listeners (HTTP 80 → Frontend & HTTP 5000 → Backend) did not work.
Let's say I have the following (as @Marcin purposed)
|---> Target Group 1 ---> ECS Services for Frontend (private subnet)
Client ---> ALB (public subnet) ---|
|---> Target Group 2 ---> ECS Service for Backend (private subnet)
Assume:
- the ALB is accessible via
http://www.example.comand listens on: - HTTP 80 → forward to target Group 1
- HTTP 5000 → forward to target Group 2
- frontend container is exposed on port
3000 - backend container is exposed on port
5000 - target group 1 maps to
HTTP 3000 - target group 2 maps to
HTTP 5000
Reasoning for the above setup was that if client wants a frontend resource, the access http://www.example.com (port 80), but if the frontend makes an API request to the backend, it does so via http://www.example.com:5000/<end_point> (note the :5000).
However, this hangs due to timeout
POST http://www.example.com:5000/check net::ERR_CONNECTION_TIMED_OUT
I can see that both target groups pass their respective health-checks in AWS console
Did I get something wrong with the above reasoning, or is this a setup issue?
CodePudding user response:
Based on the comments.
The issue was with luck of a rule in ALB's security group to allow port 5000. Thus, the solution was to add the needed rule.