Create a service that uses VPC Lattice
You can use either the AWS Management Console or the AWS CLI to create a service with VPC Lattice.
Prerequisites
Before you start this tutorial, make sure that the following prerequisites are met:
-
The latest version of the AWS CLI is installed and configured. For more information, see Installing the AWS Command Line Interface.
-
The steps described in Set up to use Amazon ECS are complete.
-
Your AWS user has the required permissions specified in the AmazonECS_FullAccess IAM policy example.
Create a service that uses VPC Lattice with the AWS Management Console
Follow these steps to create a service with VPC Lattice using the AWS Management Console.
Open the console at https://console.aws.amazon.com/ecs/v2
. -
In the navigation page, choose Clusters.
-
On the Clusters page, choose the cluster to create the service in.
-
From the Services tab, choose Create.
If you've never created a service before, follow the steps found in Creating an Amazon ECS service using the console, then continue with these steps when you reach the VPC Lattice section.
-
Choose to Turn on VPC Lattice by checking the button.
-
Choose an ECS infrastructure role for Amazon ECS that you've already created to use when creating the VPC Lattice target group or choose to Create ECS infrastructure role.
-
Choose the VPC.
The VPC depends on the networking mode you selected when you registered your task definition. If you use the
host
ornetwork
mode with the EC2 launch type, choose your VPC here.For the
awsvpc
mode, the VPC is automatically selected based on the VPC you chose under Networking and can't be changed. -
Under Target Groups choose the target group or groups. You need to choose at least one target group and can have a maximum of five. Choose Add target group to add additional target groups. Choose the Port name, Protocol, and Port for each target group you chose. To delete a target group, choose Remove.
Note
-
If you want to add existing target groups, you need use the AWS CLI. For instructions on how to add target groups using the AWS CLI, see register-targets in the AWS Command Line Interface Reference.
-
While a VPC Lattice service can have multiple target groups, each target group can only be added to one service.
-
-
At this point, you navigate to the VPC Lattice console to continue setting up. This is where you include your new target groups in the listener default action or in the rules of an existing VPC Lattice service.
For more information, see Listener rules for your VPC Lattice service.
Important
You need to allow the inbound rule vpc-lattice
prefix to your security group or
tasks and health checks can fail.
Create a service that uses VPC Lattice with the AWS CLI
Use the AWS CLI to create a service with VPC Lattice. Replace each user input
placeholder
with your own information.
-
Create a target group configuration file. The following example is named
tg-config.json
{ "ipAddressType": "IPV4", "port": 443, "protocol": "HTTPS", "protocolVersion": "HTTP1", "vpcIdentifier": "
vpc-f1663d9868EXAMPLE
" } -
Use the following command to create a VPC Lattice target group.
aws vpc-lattice create-target-group \ --name my-lattice-target-group-ip \ --type IP \ --config file://
tg-config.json
Example output:
{ "arn": "arn:aws:vpc-lattice:us-east-2:123456789012:targetgroup/tg-0eaa4b9ab4EXAMPLE", "config": { "healthCheck": { "enabled": true, "healthCheckIntervalSeconds": 30, "healthCheckTimeoutSeconds": 5, "healthyThresholdCount": 5, "matcher": { "httpCode": "200" }, "path": "/", "protocol": "HTTPS", "protocolVersion": "HTTP1", "unhealthyThresholdCount": 2 }, "ipAddressType": "IPV4", "port": 443, "protocol": "HTTPS", "protocolVersion": "HTTP1", "vpcIdentifier": "vpc-f1663d9868EXAMPLE" }, "id": "tg-0eaa4b9ab4EXAMPLE", "name": "my-lattice-target-group-ip", "status": "CREATE_IN_PROGRESS", "type": "IP" }
-
The following json file named
ecs-service-vpc-lattice.json
is an example used to attach an Amazon ECS service to a VPC Lattice target group. TheportName
in the example below is the same one you defined in your task definition.{ "serviceName": "
ecs-service-vpc-lattice
", "taskDefinition": "ecs-task-def
", "vpcLatticeConfigurations": [ { "targetGroupArn": "arn:aws:vpc-lattice:us-west-2:123456789012
:targetgroup/tg-0eaa4b9ab4EXAMPLE
", "portName": "testvpclattice
", "roleArn": "arn:aws:iam::123456789012
:role/ecsInfrastructureRoleVpcLattice" } ], "desiredCount":5
, "role": "ecsServiceRole
" }Use the following command to create an Amazon ECS service and attach it to the VPC Lattice target group using the json example above.
aws ecs create-service \ --cluster
clusterName
\ --serviceNameecs-service-vpc-lattice
\ --cli-input-json file://ecs-service-vpc-lattice.json