Created
July 19, 2024 01:27
-
-
Save bneil/c08962fbbdb1b1d06da2656b54d30ad4 to your computer and use it in GitHub Desktop.
Struggling to allow the 20 udp ports to the container
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
locals { | |
environment = "dev" | |
services = { | |
ex-tcp-7000 = { | |
port = 7000 | |
protocol = "TCP" | |
} | |
ex-udp-5020 = { | |
port = 5020 | |
protocol = "UDP" | |
} | |
ex-udp-5019 = { | |
port = 5019 | |
protocol = "UDP" | |
} | |
ex-udp-5018 = { | |
port = 5018 | |
protocol = "UDP" | |
} | |
ex-udp-5017 = { | |
port = 5017 | |
protocol = "UDP" | |
} | |
ex-udp-5016 = { | |
port = 5016 | |
protocol = "UDP" | |
} | |
ex-udp-5015 = { | |
port = 5015 | |
protocol = "UDP" | |
} | |
ex-udp-5014 = { | |
port = 5014 | |
protocol = "UDP" | |
} | |
ex-udp-5013 = { | |
port = 5013 | |
protocol = "UDP" | |
} | |
ex-udp-5012 = { | |
port = 5012 | |
protocol = "UDP" | |
} | |
ex-udp-5011 = { | |
port = 5011 | |
protocol = "UDP" | |
} | |
ex-udp-5010 = { | |
port = 5010 | |
protocol = "UDP" | |
} | |
ex-udp-5009 = { | |
port = 5009 | |
protocol = "UDP" | |
} | |
ex-udp-5008 = { | |
port = 5008 | |
protocol = "UDP" | |
} | |
ex-udp-5007 = { | |
port = 5007 | |
protocol = "UDP" | |
} | |
ex-udp-5006 = { | |
port = 5006 | |
protocol = "UDP" | |
} | |
ex-udp-5005 = { | |
port = 5005 | |
protocol = "UDP" | |
} | |
ex-udp-5004 = { | |
port = 5004 | |
protocol = "UDP" | |
} | |
ex-udp-5003 = { | |
port = 5003 | |
protocol = "UDP" | |
} | |
ex-udp-5002 = { | |
port = 5002 | |
protocol = "UDP" | |
} | |
ex-udp-5001 = { | |
port = 5001 | |
protocol = "UDP" | |
} | |
ex-udp-5000 = { | |
port = 5000 | |
protocol = "UDP" | |
} | |
} | |
} | |
data "aws_availability_zones" "available" { state = "available" } | |
module "vpc" { | |
source = "terraform-aws-modules/vpc/aws" | |
version = "~> 5.9.0" | |
azs = data.aws_availability_zones.available.names | |
cidr = "10.0.0.0/16" | |
private_subnets = ["10.0.1.0/24", "10.0.2.0/24"] | |
public_subnets = ["10.0.101.0/24", "10.0.102.0/24"] | |
enable_nat_gateway = true | |
single_nat_gateway = true | |
create_igw = true | |
} | |
module "nlb" { | |
source = "terraform-aws-modules/alb/aws" | |
version = "~> 9.9.0" | |
load_balancer_type = "network" | |
#security_groups = [module.vpc.default_security_group_id] | |
vpc_id = module.vpc.vpc_id | |
subnets = module.vpc.public_subnets | |
# this lets us tear it down | |
enable_deletion_protection = false | |
security_group_name = "dev-cluster-sg" | |
security_group_ingress_rules = { | |
all_ingress_7000 = { | |
from_port = 7000 | |
to_port = 7000 | |
ip_protocol = "TCP" | |
description = "JSONP Traffic" | |
cidr_ipv4 = "0.0.0.0/0" | |
}, | |
all_ingress_udp = { | |
from_port = 5000 | |
to_port = 5020 | |
protocol = "UDP" | |
description = "UDP Traffic" | |
cidr_ipv4 = "0.0.0.0/0" | |
} | |
} | |
security_group_egress_rules = { | |
all = { | |
ip_protocol = "-1" | |
description = "Allow out all traffic" | |
cidr_ipv4 = "0.0.0.0/0" | |
} | |
} | |
listeners = { | |
for key, value in local.services : key => { | |
name = key | |
port = value.port | |
protocol = value.protocol | |
forward = { | |
target_group_key = key | |
} | |
} | |
} | |
target_groups = { | |
for key, value in local.services : key => { | |
name = key | |
port = value.port | |
protocol = value.protocol | |
target_type = "ip" | |
create_attachment = false | |
} | |
} | |
} | |
module "ecs" { | |
source = "terraform-aws-modules/ecs/aws" | |
version = "~> 4.1.3" | |
cluster_name = "${local.environment}-cluster" | |
fargate_capacity_providers = { | |
FARGATE = { | |
default_capacity_provider_strategy = { | |
base = 20 | |
weight = 50 | |
} | |
} | |
FARGATE_SPOT = { | |
default_capacity_provider_strategy = { | |
weight = 50 | |
} | |
} | |
} | |
} | |
resource "aws_cloudwatch_log_group" "ion_cw" { | |
name = "ion_cw" | |
} | |
resource "aws_ecs_task_definition" "this" { | |
container_definitions = jsonencode([ | |
{ | |
environment : [ | |
{ name = "ENV", value = "placeholder" } | |
], | |
essential = true, | |
image = "docker.io/pionwebrtc/ion-sfu:latest-jsonrpc" | |
name = "ion-sfu" | |
portMappings = [ | |
{ | |
containerPort = 7000 | |
hostPort = 7000 | |
}, | |
{ | |
containerPortRange = "5000-5020" | |
hostPortRange = "5000-5020" | |
protocol = "udp" | |
} | |
] | |
logConfiguration : { | |
logDriver = "awslogs" | |
options = { | |
awslogs-group = "${aws_cloudwatch_log_group.ion_cw.name}" | |
awslogs-region = "us-west-2" | |
awslogs-stream-prefix = "ecs" | |
} | |
} | |
} | |
]) | |
cpu = 256 | |
execution_role_arn = "arn:aws:iam::381491913429:role/ecsTaskExecutionRole" | |
family = "${local.environment}-tasks" | |
memory = 512 | |
network_mode = "awsvpc" | |
requires_compatibilities = ["FARGATE"] | |
} | |
resource "aws_ecs_service" "this" { | |
cluster = module.ecs.cluster_id | |
desired_count = 1 | |
launch_type = "FARGATE" | |
name = "${local.environment}-ion-service" | |
task_definition = resource.aws_ecs_task_definition.this.arn | |
lifecycle { | |
ignore_changes = [desired_count] | |
} | |
load_balancer { | |
container_name = "ion-sfu" | |
container_port = 7000 | |
target_group_arn = module.nlb.target_groups["ex-tcp-7000"].arn | |
} | |
network_configuration { | |
security_groups = [module.nlb.security_group_id] | |
subnets = module.vpc.private_subnets | |
} | |
} | |
output "lb_url" { value = "http://${module.nlb.dns_name}" } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The above is in regard to my question on the aws subreddit How to allow many ports to ecs
When I tried to replace the resource 'aws_ecs_service' with
I got back an error saying i couldnt specify more than five target groups as mentioned here:
https://docs.aws.amazon.com/AmazonECS/latest/developerguide/register-multiple-targetgroups.html#multiple-targetgroups-considerations
So, does anyone have a way they know to do this? I'll keep looking - but any help is appreciate. Thanks folks