[英]AWS ALB-ECS 503 Service Unavailable
我正在嘗試在帶有 ALB 的 ECS 上設置一個簡單的 nginx 網絡服務器來平衡流量,但是在嘗試訪問負載平衡器 URL 時我收到了503 。 我已經仔細檢查了我的安全組和 vpc 設置。 我發現我的目標群體沒有任何健康的目標。 我正在使用 terraform 進行設置。 這是 ALB 代碼 -
## Create a simple ALB
resource "aws_lb" "simple-alb" {
name = "simple-alb"
load_balancer_type = "application"
subnets = var.alb_subnet_ids
security_groups = var.alb_security_group_ids
}
## Create a listener for the ALB
resource "aws_alb_listener" "simple-listener" {
load_balancer_arn = aws_lb.simple-alb.arn
port = "80"
protocol = "HTTP"
default_action {
target_group_arn = aws_lb_target_group.simple-target-group.arn
type = "forward"
}
depends_on = [aws_lb.simple-alb, aws_lb_target_group.simple-target-group]
}
## Create a target group for the ALB
resource "aws_lb_target_group" "simple-target-group" {
name = var.alb_target_group_name
port = 80
protocol = "HTTP"
vpc_id = var.alb_vpc.id
depends_on = [aws_lb.simple-alb]
health_check {
path = "/"
healthy_threshold = 2
unhealthy_threshold = 10
timeout = 60
interval = 300
matcher = "200,301,302"
}
}
這是 ECS 任務定義 -
## Simple service
resource "aws_ecs_service" "simple-service" {
name = var.service_name
cluster = aws_ecs_cluster.simple-cluster.arn
task_definition = aws_ecs_task_definition.simple-task.arn
desired_count = 2
iam_role = aws_iam_role.ecs-service-role.arn
depends_on = [aws_iam_role_policy_attachment.ecs-service-attach, aws_iam_role.ecs-service-role, aws_ecs_cluster.simple-cluster, aws_ecs_task_definition.simple-task]
load_balancer {
target_group_arn = var.alb_target_group.arn
container_name = var.container_name
container_port = "80"
}
}
任務 -
[
{
"name": "simple-nginx-server",
"image": "nginx:latest",
"cpu": 128,
"memory": 256,
"essential": true,
"portMappings": [
{
"containerPort": 80,
"protocol": "tcp",
"hostPort": 80
}
],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "/ecs-logs/cluster-logs",
"awslogs-region": "eu-west-2",
"awslogs-stream-prefix": "ecs"
}
}
}
我已經驗證了變量是正確的,正如你所看到的,我在這里設置了正確的目標組。 但我仍然收到這個特定的錯誤,我不明白為什么 -
PS D:\Code> curl simple-alb-1310900784.us-east-1.elb.amazonaws.com
curl : 503 Service Temporarily Unavailable
At line:1 char:1
+ curl simple-alb-1310900784.us-east-1.elb.amazonaws.com
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebException
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand
編輯 1 - 添加安全組 -
## Create a public Security Group
resource "aws_security_group" "alb-public-security-group" {
vpc_id = aws_vpc.simple-vpc.id
name = "simple-public-sg"
# allow public access on port 80
ingress {
protocol = "tcp"
from_port = 80
to_port = 80
cidr_blocks = ["0.0.0.0/0"]
}
# allow public access on port 443
ingress {
protocol = "tcp"
from_port = 443
to_port = 443
cidr_blocks = ["0.0.0.0/0"]
}
# allow public egress
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
depends_on = [aws_vpc.simple-vpc]
}
## Create security group for EC2 instances
## Allow access from Public ALB Security Group to the instances
resource "aws_security_group" "instance-private-security-group" {
vpc_id = aws_vpc.simple-vpc.id
name = "simple-instance-sg"
# Allow access from load balancer security group on port 80
ingress {
protocol = "tcp"
from_port = 80
to_port = 80
security_groups = [
aws_security_group.alb-public-security-group.id
]
}
# Allow access from load balancer security group on port 443
ingress {
protocol = "tcp"
from_port = 443
to_port = 443
security_groups = [
aws_security_group.alb-public-security-group.id
]
}
# block public egress
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
depends_on = [aws_vpc.simple-vpc, aws_security_group.alb-public-security-group]
}
我能夠解決這個問題。 問題是由於錯誤配置的日志組,容器沒有啟動。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.