How should I setup Traefik on ECS?

Question

 In Short

I've managed to run Traefik locally and on AWS ECS but now I'm wondering how should I setup some sort of load balancing to make my two services with random IPs available to the public.

My current setup on ECS

[Internet]
    |
[Load balancer on port 443 + ALB Security group on 443]
    |
[Target group on port 443 + Security group from *any* port]
    |
[cluster]
    |
[service1 container ports "0:5000"]

While this works, I'd now like to add another container, eg. service2 also with random ports eg 0:8000. And that's why I need something like Traefik.

What I did

Here's Toml file:

[api]

address = ":8080"

[ecs]

clusters = ["my-cluster"]
watch = true

domain = "mydomain.com"

region = "eu-central-1"
accessKeyID = "AKIA..."
secretAccessKey = "..."

Also I've added the host entry in /etc/hosts:

127.0.0.1 service1.mydomain.com 127.0.0.1 service2.mydomain.com

And the relative labels on the containers and I can curl service1.mydomain.com/status and get a 200.

Now my last bit is just the following question:

• How should publish all this to the internet? AWS ALB? AWS Network LB? Network Bridge/host/other?

Answer 1

AWS ALB vs AWS Network LB depends on who do you want to handle SSL.

• If you have a wildcard certificate and all your services are subdomains of the same domain ALB may be a good choice

• If you want to use Let's encrypt with traefik Network LB may be a better choice

In both case your setup will look something like this :

    [Internet]
        |
      [LB]
        |
    [Target group]
        |
    [Traefik]
    |       |
[service1] [service2]

In both case, easiest way to get this is to make traefik ecs services to auto register to the target group.

This can be done at service creation (network configuration section) and can not be done later. Link to documentation

Screen of configuration console