- Newest
- Most votes
- Most comments
If I understood your question well, in order to create a route for ECS you must create a listener with a rule that should include the conditions for the path-based routing (i.e., /idp).
Make sure your ECS is registered with a Target Group through the above listener and get your ECS Task to have the necessary mappings in order to work.
Currently, we have like this:
Creating ALB
const applicationLoadBalancer = new elbv2.ApplicationLoadBalancer(
this,
'alb',
{
vpc,
vpcSubnets: vpc.selectSubnets({ subnetType: ec2.SubnetType.PUBLIC }),
internetFacing: true,
}
);
Adding listener, with certificate:
const listener = applicationLoadBalancer.addListener(
'http-listener',
{
protocol: elbv2.ApplicationProtocol.HTTPS,
certificates: [
{
certificateArn: platformCertificate.certificateArn,
},
],
}
);
And addTargets
listener.addTargets('ecs-targets', {
targets: [fargateService],
healthCheck: {
path: "/health",
enabled: true,
protocol: elbv2.Protocol.HTTP,
timeout: cdk.Duration.seconds(30),
interval: cdk.Duration.seconds(45),
healthyThresholdCount: 3,
unhealthyThresholdCount: 3,
},
slowStart: cdk.Duration.seconds(60),
stickinessCookieDuration: cdk.Duration.days(1),
port: 8080,
protocol: elbv2.ApplicationProtocol.HTTP,
});
In the end we create CNAME
new route53.CnameRecord(this, 'cname', {
domainName: applicationLoadBalancer.loadBalancerDnsName,
recordName: `idp.${platformUrl}`,
zone: hostedZone,
});
And this is working in idp.example.com
as expected.
Now I tried to add conditions conditions: [elbv2.ListenerCondition.pathPatterns(["/idp"])]
and create new route like we are doing in the AppRunner
new apigateway.HttpRoute(this, 'add-route-idp', {
httpApi,
routeKey: apigateway.HttpRouteKey.with("/idp", apigateway.HttpMethod.ANY),
integration: new integrations.HttpUrlIntegration(
'idp-integration',
`http://idp.${platformUrl}`
),
});
I know I am missing some knowledge here about ALB especially. In perfect scenario I would also like to avoid creating CNAME record and just map loadbalancerDNS to my route with /idp
.
You're on the right track, Anyway these are the 3 steps that I would suggest:
- Add a new listener rule to your ALB that forwards requests from dev.example.com/idp to the appropriate target group associated with your Keycloak ECS service.
- Create a new route in API Gateway with the path /idp. The integration URL should point to your ALB’s DNS name.
- Instead of creating a CNAME record for idp.${platformUrl}, create an A record for dev.example.com that aliases to your ALB.
Relevant content
- asked 10 months ago
- asked 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 9 months ago