Unable to Create Network Load Balancer with Multiple Ports

[sstelfox]

I am attempting to setup a Network Load Balancer pointing at a service hosted on Fargate. The service in question is running a single custom web server (that needs to handle the SSL termination, and have an Elastic IP connected to it, so an Application Load Balancer won't work for this situation).

I've tested the service and it works fine without any configured load balancer (and currently one can't be added after the fact). The container has the ports defined in the task definition and has health checks all of which work fine and can be queried inside the my VPC based on the service name.

When I go to create a new ECS Service with a Network Load Balancer I hit a dead end when I get to the section Container to load balance. Both ports properly show up in the drop down, but this is where I get stuck. When I select either port and click on the Add to load balancer button new fields show up that I can't seem to fill out. It wants me to select existing target group or create a new one.

I have separately created two target groups, one for each port (protocol TCP, target type instance), but they don't show up under the Target group name drop down. There is a create new option, but this deselects the production port and won't allow me to enter a port that matches those already defined my listener.

I tried creating a Network Load Balancer that didn't have any listeners associated with it so I could attempt to create and define the ports at this point in the new service definition but the interface doesn't allow creating a Network Load Balancer without any listeners.

I was able to create a Network Load Balancer with an unrelated port, specify a relevant port at this point in the Service creation, but I was only able to add a single one of the containers ports. To get just one portion of this container working I attempted to create the service at this point which failed with an error:

Service creation failed: The provided target group <ARN snipped> has target type instance, which is incompatible with the awsvpc network mode specified in the task definition. 

Is there something that I'm missing? Am I going about doing this the wrong way?

[abby-fuller]

hey! looks like you're using awsvpc, which means you have to use ip as the target type, not instance.

from the docs:

If your service's task definition uses the awsvpc network mode (which is required for the Fargate launch type), you must choose ip as the target type, not instance. This is because tasks that use the awsvpc network mode are associated with an elastic network interface, not an Amazon EC2 instance.

[sstelfox]

Yep that definitely got me through the first part, I still can't seem to add a the second port but it seems to be working without specifying anyway so guess that doesn't matter. I still have to figure out how to attach an Elastic IP to the network load balancer but that doesn't belong in this ticket.

Thanks for you help @abby-fuller!