Create an internal Network load balancer with AWS Copilot

Question

I am trying to deploy bitnami/openldap container in ECS using AWS Copilot as a backend service with a internal NLB (Couldn't go with ALB since bitnami/openldap does not have a http healthcheck endpoint).

I have the following config in Copilot service manifest.

name: ldap2023
type: Backend Service

nlb:
  port: 1389/tcp
  healthcheck:
    healthy_threshold: 3
    unhealthy_threshold: 10
    grace_period: 120s
    interval: 15s
    timeout: 10s

network:
  vpc:
    placement: private

But when I deploy the service a NLB is not created. R53 dns record is directly pointing to the ECS task ip.

Is it not possible to use NLB with backend service?

Can't find it in docs but it is not mentioned that it is not possible as well. For Load balanced web service it has examples for both ALB and NLB!

Answer 1

With the current AWS Copilot capability it is not possible to create a internal NLB with backend service.

Possible workaround:

1. create a Load Balanced Web Service (public NLB)

# copilot/<service>/manifest.yml
name: <service name>
type: Load Balanced Web Service
nlb:
  port: 80/tcp

2. create a YAML patch to modify the NLB to internal

# copilot/<service>/overrides/cfn.patches.yml
# Change the NLB to internal
- op: replace
  path: /Resources/PublicNetworkLoadBalancer/Properties/Scheme
  value: internal
# Add a Name to the NLB (otherwise the automatically generated name will contain 'public', which is confusing)
- op: add
  path: /Resources/PublicNetworkLoadBalancer/Properties/Name
  value: !Sub "${AppName}-${EnvName}-${WorkloadName}-NLB"

Hopefully there will be a feature/option in the future!