我正在将应用程序部署在AWS ECS Fargate上。
当我有两个有效的CloudFormation模板时,就可以了。第一个模板创建网络VPC。第二个定义了我的基础架构的其余部分,包括应用程序负载平衡器,目标组,Fargate群集和运行容器的服务。
我的服务似乎正常运行,以至于探针永不失败。我的容器没有注销,也没有排水。但是,许多请求发送到我的负载均衡器超时,还是需要很长时间才能完成。其他人返回速度很快,响应代码始终为20倍。日志中的任何地方也没有超时的证据。
下面是我的网络VPC配置:
AWSTemplateFormatVersion: 2010-09-09
Description: >
Creates a VPC with public and private subnets for a given AWS Account.
This template incorporates many design ideas from this excellent blog post:
https://medium.com/aws-activate-startup-blog/practical-vpc-design-8412e1a18dcc#.g0txo2p4v
Parameters:
VpcCidrParam:
Type: String
Description: VPC CIDR. For more info, see http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html#VPC_Sizing
AllowedPattern: "^(10|172|192)\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\/(16|17|18|19|20|21|22|23|24|25|26|27|28)$"
ConstraintDescription: must be valid IPv4 CIDR block (/16 to /28) from the private address ranges defined in RFC 1918.
# Public Subnets
PublicAZASubnetBlock:
Type: String
Description: Subnet CIDR for first Availability Zone
AllowedPattern: "^(10|172|192)\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\/(16|17|18|19|20|21|22|23|24|25|26|27|28)$"
ConstraintDescription: must be valid IPv4 CIDR block (/16 to /28) from the private address ranges defined in RFC 1918.
PublicAZBSubnetBlock:
Type: String
Description: Subnet CIDR for second Availability Zone
AllowedPattern: "^(10|172|192)\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\/(16|17|18|19|20|21|22|23|24|25|26|27|28)$"
ConstraintDescription: must be valid IPv4 CIDR block (/16 to /28) from the private address ranges defined in RFC 1918.
PublicAZCSubnetBlock:
Type: String
Description: Subnet CIDR for third Availability Zone
AllowedPattern: "^(10|172|192)\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\/(16|17|18|19|20|21|22|23|24|25|26|27|28)$"
ConstraintDescription: must be valid IPv4 CIDR block (/16 to /28) from the private address ranges defined in RFC 1918.
# Private Subnets
PrivateAZASubnetBlock:
Type: String
Description: Subnet CIDR for first Availability Zone (e.g. us-west-2a, us-east-1b)
AllowedPattern: "^(10|172|192)\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\/(16|17|18|19|20|21|22|23|24|25|26|27|28)$"
ConstraintDescription: must be valid IPv4 CIDR block (/16 to /28) from the private address ranges defined in RFC 1918.
PrivateAZBSubnetBlock:
Type: String
Description: Subnet CIDR for second Availability Zone (e.g. us-west-2b, us-east-1c)
AllowedPattern: "^(10|172|192)\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\/(16|17|18|19|20|21|22|23|24|25|26|27|28)$"
ConstraintDescription: must be valid IPv4 CIDR block (/16 to /28) from the private address ranges defined in RFC 1918.
PrivateAZCSubnetBlock:
Type: String
Description: Subnet CIDR for third Availability Zone, (e.g. us-west-2c, us-east-1d)
AllowedPattern: "^(10|172|192)\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\/(16|17|18|19|20|21|22|23|24|25|26|27|28)$"
ConstraintDescription: must be valid IPv4 CIDR block (/16 to /28) from the private address ranges defined in RFC 1918.
HighlyAvailableNat:
Type: String
Description: Optional configuration for a highly available NAT Gateway setup. Default configuration is a single NAT Gateway in Subnet A. The highly available option will configure a NAT Gateway in each of the Subnets.
AllowedPattern: "^(true|false)$"
Default: "false"
ConstraintDescription: must be true or false (case sensitive).
Conditions:
HighlyAvailable: !Equals [!Ref HighlyAvailableNat, "true"]
NotHighlyAvailable: !Equals [!Ref HighlyAvailableNat, "false"]
Outputs:
VpcId:
Description: VPC Id
Value: !Ref Vpc
Export:
Name: !Sub "${AWS::StackName}-vpc-id"
PublicRouteTableId:
Description: Route Table for public subnets
Value: !Ref PublicRouteTable
Export:
Name: !Sub "${AWS::StackName}-public-rtb"
PublicAZASubnetId:
Description: Availability Zone A public subnet Id
Value: !Ref PublicAZASubnet
Export:
Name: !Sub "${AWS::StackName}-public-az-a-subnet"
PublicAZBSubnetId:
Description: Availability Zone B public subnet Id
Value: !Ref PublicAZBSubnet
Export:
Name: !Sub "${AWS::StackName}-public-az-b-subnet"
PublicAZCSubnetId:
Description: Availability Zone C public subnet Id
Value: !Ref PublicAZCSubnet
Export:
Name: !Sub "${AWS::StackName}-public-az-c-subnet"
PrivateAZASubnetId:
Description: Availability Zone A private subnet Id
Value: !Ref PrivateAZASubnet
Export:
Name: !Sub "${AWS::StackName}-private-az-a-subnet"
PrivateAZBSubnetId:
Description: Availability Zone B private subnet Id
Value: !Ref PrivateAZBSubnet
Export:
Name: !Sub "${AWS::StackName}-private-az-b-subnet"
PrivateAZCSubnetId:
Description: Availability Zone C private subnet Id
Value: !Ref PrivateAZCSubnet
Export:
Name: !Sub "${AWS::StackName}-private-az-c-subnet"
PrivateAZARouteTableId:
Description: Route table for private subnets in AZ A
Value: !Ref PrivateAZARouteTable
Export:
Name: !Sub "${AWS::StackName}-private-az-a-rtb"
PrivateAZBRouteTableId:
Description: Route table for private subnets in AZ B
Value: !Ref PrivateAZBRouteTable
Export:
Name: !Sub "${AWS::StackName}-private-az-b-rtb"
PrivateAZCRouteTableId:
Description: Route table for private subnets in AZ C
Value: !Ref PrivateAZCRouteTable
Export:
Name: !Sub "${AWS::StackName}-private-az-c-rtb"
Resources:
Vpc:
Type: AWS::EC2::VPC
Properties:
CidrBlock: !Ref VpcCidrParam
Tags:
- Key: Name
Value: !Sub ${AWS::StackName}
InternetGateway:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: !Sub ${AWS::StackName}
VPCGatewayAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
InternetGatewayId: !Ref InternetGateway
VpcId: !Ref Vpc
# Public Subnets - Route Table
PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref Vpc
Tags:
- Key: Name
Value: !Sub ${AWS::StackName}-public
- Key: Type
Value: public
PublicSubnetsRoute:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
DependsOn: VPCGatewayAttachment
# Public Subnets
# First Availability Zone
PublicAZASubnet:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref Vpc
CidrBlock: !Ref PublicAZASubnetBlock
AvailabilityZone: !Select [0, !GetAZs ""]
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: !Sub
- ${AWS::StackName}-public-${AZ}
- { AZ: !Select [0, !GetAZs ""] }
- Key: Type
Value: public
PublicAZASubnetRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PublicAZASubnet
RouteTableId: !Ref PublicRouteTable
# Second Availability Zone
PublicAZBSubnet:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref Vpc
CidrBlock: !Ref PublicAZBSubnetBlock
AvailabilityZone: !Select [1, !GetAZs ""]
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: !Sub
- ${AWS::StackName}-public-${AZ}
- { AZ: !Select [1, !GetAZs ""] }
- Key: Type
Value: public
PublicAZBSubnetRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PublicAZBSubnet
RouteTableId: !Ref PublicRouteTable
# Third Availability Zone
PublicAZCSubnet:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref Vpc
CidrBlock: !Ref PublicAZCSubnetBlock
AvailabilityZone: !Select [2, !GetAZs ""]
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: !Sub
- ${AWS::StackName}-public-${AZ}
- { AZ: !Select [2, !GetAZs ""] }
- Key: Type
Value: public
PublicAZCSubnetRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PublicAZCSubnet
RouteTableId: !Ref PublicRouteTable
# Private Subnets - NAT Gateways
# First Availability Zone
AZANatGatewayEIP:
Type: AWS::EC2::EIP
Properties:
Domain: vpc
DependsOn: VPCGatewayAttachment
AZANatGateway:
Type: AWS::EC2::NatGateway
Properties:
AllocationId: !GetAtt AZANatGatewayEIP.AllocationId
SubnetId: !Ref PublicAZASubnet
# Second Availability Zone
AZBNatGatewayEIP:
Type: AWS::EC2::EIP
Condition: HighlyAvailable
Properties:
Domain: vpc
DependsOn: VPCGatewayAttachment
AZBNatGateway:
Type: AWS::EC2::NatGateway
Condition: HighlyAvailable
Properties:
AllocationId: !GetAtt AZBNatGatewayEIP.AllocationId
SubnetId: !Ref PublicAZBSubnet
# Third Availability Zone
AZCNatGatewayEIP:
Type: AWS::EC2::EIP
Condition: HighlyAvailable
Properties:
Domain: vpc
DependsOn: VPCGatewayAttachment
AZCNatGateway:
Type: AWS::EC2::NatGateway
Condition: HighlyAvailable
Properties:
AllocationId: !GetAtt AZCNatGatewayEIP.AllocationId
SubnetId: !Ref PublicAZCSubnet
# Private Subnets
# First Availability Zone
PrivateAZASubnet:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref Vpc
CidrBlock: !Ref PrivateAZASubnetBlock
AvailabilityZone: !Select [0, !GetAZs ""]
Tags:
- Key: Name
Value: !Sub
- ${AWS::StackName}-private-${AZ}
- { AZ: !Select [0, !GetAZs ""] }
- Key: Type
Value: private
PrivateAZARouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref Vpc
Tags:
- Key: Name
Value: !Sub
- ${AWS::StackName}-private-${AZ}
- { AZ: !Select [0, !GetAZs ""] }
- Key: Type
Value: private
PrivateAZARoute:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PrivateAZARouteTable
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref AZANatGateway
PrivateAZARouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PrivateAZASubnet
RouteTableId: !Ref PrivateAZARouteTable
# # Second Availability Zone
PrivateAZBSubnet:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref Vpc
CidrBlock: !Ref PrivateAZBSubnetBlock
AvailabilityZone: !Select [1, !GetAZs ""]
Tags:
- Key: Name
Value: !Sub
- ${AWS::StackName}-private-${AZ}
- { AZ: !Select [1, !GetAZs ""] }
- Key: Type
Value: private
PrivateAZBRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref Vpc
Tags:
- Key: Name
Value: !Sub
- ${AWS::StackName}-private-${AZ}
- { AZ: !Select [1, !GetAZs ""] }
- Key: Type
Value: private
PrivateAZBRoute:
Type: AWS::EC2::Route
Condition: HighlyAvailable
Properties:
RouteTableId: !Ref PrivateAZBRouteTable
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref AZBNatGateway
PrivateAZBRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Condition: HighlyAvailable
Properties:
SubnetId: !Ref PrivateAZBSubnet
RouteTableId: !Ref PrivateAZBRouteTable
NotHighlyAvailablePrivateAZBRoute:
Type: AWS::EC2::Route
Condition: NotHighlyAvailable
Properties:
RouteTableId: !Ref PrivateAZBRouteTable
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref AZANatGateway
NotHighlyAvailablePrivateAZBRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Condition: NotHighlyAvailable
Properties:
SubnetId: !Ref PrivateAZBSubnet
RouteTableId: !Ref PrivateAZBRouteTable
# Third Availability Zone
PrivateAZCSubnet:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref Vpc
CidrBlock: !Ref PrivateAZCSubnetBlock
AvailabilityZone: !Select [2, !GetAZs ""]
Tags:
- Key: Name
Value: !Sub
- ${AWS::StackName}-private-${AZ}
- { AZ: !Select [2, !GetAZs ""] }
- Key: Type
Value: private
PrivateAZCRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref Vpc
Tags:
- Key: Name
Value: !Sub
- ${AWS::StackName}-private-${AZ}
- { AZ: !Select [2, !GetAZs ""] }
- Key: Type
Value: private
PrivateAZCRoute:
Type: AWS::EC2::Route
Condition: HighlyAvailable
Properties:
RouteTableId: !Ref PrivateAZCRouteTable
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref AZCNatGateway
PrivateAZCRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Condition: HighlyAvailable
Properties:
SubnetId: !Ref PrivateAZCSubnet
RouteTableId: !Ref PrivateAZCRouteTable
NotHighlyAvailablePrivateAZCRoute:
Type: AWS::EC2::Route
Condition: NotHighlyAvailable
Properties:
RouteTableId: !Ref PrivateAZCRouteTable
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref AZANatGateway
NotHighlyAvailablePrivateAZCRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Condition: NotHighlyAvailable
Properties:
SubnetId: !Ref PrivateAZCSubnet
RouteTableId: !Ref PrivateAZCRouteTable
S3VPCEndpoint:
Type: "AWS::EC2::VPCEndpoint"
Properties:
RouteTableIds:
- !Ref PublicRouteTable
- !Ref PrivateAZARouteTable
- !Ref PrivateAZBRouteTable
- !Ref PrivateAZCRouteTable
ServiceName: !Join
- ""
- - com.amazonaws.
- !Ref "AWS::Region"
- .s3
VpcId: !Ref Vpc
DynamoDBVPCEndpoint:
Type: "AWS::EC2::VPCEndpoint"
Properties:
RouteTableIds:
- !Ref PublicRouteTable
- !Ref PrivateAZARouteTable
- !Ref PrivateAZBRouteTable
- !Ref PrivateAZCRouteTable
ServiceName: !Join
- ""
- - com.amazonaws.
- !Ref "AWS::Region"
- .dynamodb
VpcId: !Ref Vpc
我的ECS + Fargate + ALB模板仅使用两(2)个子网。
是因为我的网络模板描述了六(6)个接口,而我的群集使用了两(2)个子网,这可能是我遇到问题了吗?
如果那不是可能的原因,我应该在哪里看?
答案 0 :(得分:1)
基于评论。
此问题最有可能是通过向一个公共子网和一个私有子网注册ALB引起的。但是,要使ALB正常工作,必须在两个公共子网中进行设置。