我正在使用一个简单的 Dockerfile,它将创建一个映像并在端口 3000 中运行一个简单的 node.js 应用程序。 这是我的 dockerfile。
FROM node:16-alpine
WORKDIR /usr/src/app
COPY package*.json ./
RUN npm install
COPY . .
EXPOSE 3000
CMD [ "node", "app.js" ]
我可以从本地计算机的端口 3000 访问它。
现在我想从 AWS ECS 服务访问此服务,并且我已经为此创建了必要的资源(集群/任务定义/ALB/安全组/侦听器),但我不确定如何从以下位置访问此端口 3000在 AWS 内。
ECSTaskDefinition:
Type: AWS::ECS::TaskDefinition
Properties:
Family: !Join ["-", [!Ref ServiceName, taskdef, !Ref Environment]]
NetworkMode: awsvpc
RequiresCompatibilities:
- FARGATE
Cpu: !Ref CPU
Memory: !Ref Memory
ExecutionRoleArn: !GetAtt ECSTaskRole.Arn
TaskRoleArn: !GetAtt ECSTaskRole.Arn
ContainerDefinitions:
- Name: !Sub
- "${TheServiceName}-${TheEnvironment}"
- TheServiceName: !Ref ServiceName
TheEnvironment: !Ref Environment
Image: !Ref Image
Environment:
- Name: AWS_ENV
Value: !Ref Environment
- Name: AWS_REGION
Value: !Ref AWS::Region
PortMappings:
- ContainerPort: 80
Protocol: tcp
LogConfiguration:
LogDriver: awslogs
Options:
awslogs-group: !Ref LogGroup
awslogs-region: !Ref AWS::Region
awslogs-stream-prefix: !Sub ${ServiceName}-${Environment}
ApplicationLoadBalancer:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
IpAddressType: ipv4
Name: !Join ["-", [!Ref Environment, !Ref AppNameForResources, "server"]]
Scheme: internal
LoadBalancerAttributes:
- Key: idle_timeout.timeout_seconds
Value: '30'
SecurityGroups:
- !Ref SecurityGroupForALB
Subnets:
- Fn::ImportValue:
!Sub
- "${TheNetworkStackName}-PrivateAZ1-ID"
- TheNetworkStackName: !Ref NetworkStackName
- Fn::ImportValue:
!Sub
- "${TheNetworkStackName}-PrivateAZ2-ID"
- TheNetworkStackName: !Ref NetworkStackName
- Fn::ImportValue:
!Sub
- "${TheNetworkStackName}-PrivateAZ3-ID"
- TheNetworkStackName: !Ref NetworkStackName
Type: application
SecurityGroupForALB:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: !Sub 'Created for ALB of ${AppNameForResources} app on ${Environment}'
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '80'
ToPort: '80'
CidrIp: "0.0.0.0/0"
Description: 'HTTP Traffic to SG'
VpcId: !Ref VPC
SecurityGroupForECS:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: !Sub 'Created for ECS ${AppNameForResources} app on ${Environment} env'
SecurityGroupIngress:
# Allow anything from SecurityGroupForALB
- IpProtocol: tcp
FromPort: '1'
ToPort: '65535'
SourceSecurityGroupId: !GetAtt SecurityGroupForALB.GroupId
Description: 'Accept anything from ALB security group'
VpcId:
Fn::ImportValue: !Join ['-', [!Ref NetworkStackName, 'VPCID']]
ALBTargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
Name: !Sub '${Environment}-${AppNameForResources}-alb-tg-1'
HealthCheckEnabled: true
HealthCheckIntervalSeconds: 30
HealthCheckPort: '80'
HealthCheckTimeoutSeconds: 5
HealthyThresholdCount: 2
UnhealthyThresholdCount: 2
Port: '80'
Protocol: HTTP
TargetType: ip
VpcId:
Fn::ImportValue: !Sub "${NetworkStackName}-VPCID"
ALBListenerForHTTP:
Type: "AWS::ElasticLoadBalancingV2::Listener"
Properties:
LoadBalancerArn: !Ref ApplicationLoadBalancer
Port: 80
Protocol: "HTTP"
DefaultActions:
- Type: forward
TargetGroupArn: !Ref ALBTargetGroup
这 2 个安全组以及我的 ALB 和目标组中都有端口。 我如何将我的 ALB 指向此处的端口 3000 以及我应该在堆栈中的哪个位置进行此更改?
非常感谢任何帮助。
在 ECS 任务定义中将容器端口更改为
3000 PortMappings:
- ContainerPort: 3000
Protocol: tcp
并将目标组端口和运行状况检查端口设置更改为
3000ALBTargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
Name: !Sub '${Environment}-${AppNameForResources}-alb-tg-1'
HealthCheckEnabled: true
HealthCheckIntervalSeconds: 30
HealthCheckPort: '3000'
HealthCheckTimeoutSeconds: 5
HealthyThresholdCount: 2
UnhealthyThresholdCount: 2
Port: '3000'
进行这些更改后,您可以在 Web 浏览器中转到负载均衡器的 DNS 地址,该地址将使用默认 HTTP 端口
80您的 ECS 容器的 3000。