Deploy temporal ui service on aws ecs fargate instance

Community Support Server Deployment
1

Dear support,

I have deployed retool and temporal services on aws ECS cluster more details here

Everything is working fine. All deployed services [ Retool ( main backend, jobs runner, workflows backend, workflows worker) AND temporal ( frontend, history, matching, worker) ] are running and healthy and i am able to access both retool main service and workflows section

But i also need to deploy Temporal UI on an AWS ECS Fargate service. So, here are the steps i followed :

  1. Create a Dockerfile for the Temporal UI using this docker image temporalio/ui:2.21.3.

  2. Build the Docker image and push it to aws ECR that my AWS ECS cluster can access.

  3. Create a task definition for my Temporal UI service in AWS ECS and set the container port to 8080

  4. Create a service in my AWS ECS cluster that uses the task definition.

  5. Create an internal application load balancer and configure the domain name with cloudflare so i can access the temporal ui service via https://temporal.mydomain.com. I setup the ALB health check path to /

  6. Allow cloudflare zero trust service to access the internal load balancer

  7. Add this environment variable TEMPORAL_ADDRESS=temporal.retoolsvc:7233

The service starts but the application load balancer health check didn’t pass and keep draining so i am getting the 504 Gateway time-out error

Here are the temporal ui ecs logs :

2023/12/09 19:51:53 Loading config; env=docker,configDir=config
2023/12/09 19:51:53 Loading config files=[config/docker.yaml]
Starting UI server...
/___/\__/_//_/\___/ v4.9.0
High performance, minimalist Go web framework
https://echo.labstack.com
____________________________________O/_______
O\
⇨ http server started on [::]:8080
2023/12/09 19:51:53 Loading config; env=docker,configDir=config
2023/12/09 19:51:53 Loading config files=[config/docker.yaml]

Getting some help here is really appreciated and i am ready to provide more details about the terraform code i am using to deploy the different services

Thank you in advance

2

Any help here please
Thank you

3

Hi,

Any one can help here ??

Thank you

4
  1. Create an internal application load balancer and configure the domain name with cloudflare so i can access the temporal ui service via https://temporal.mydomain.com. I setup the ALB health check path to /

Can you access the web ui directly (not through alb)?

504 Gateway time-out error

which port(s) do you open? any security configs that might need update? Any firewall rules that might be preventing network traffic to needed ports?

5

Hi @tihomir

Thank you for your reply

  1. No but how can i access it directly since i am deploying it in aws ecs fargate instance in a private subnet ? Can you please tell me how can i achieve this ?

  2. I am opening the port 8080 and i am configuring the ALB security group to allow access via port 443 from retool ecs services (main backend, jobs runner, workflows backend, workflows worker) that i am creating with tryretool/backend:3.16.7 image and temporal ecs services ( frontend, history, matching, worker ) that i am creating with tryretool/one-offs:retool-temporal-1.1.4 image. Also i am configuring the security group of web ui ecs service to allow TCP traffic from 0.0.0.0/0 via port range 80 - 3000 and 443 - 3000. Also i am adding the following environment variables TEMPORAL_ADDRESS=temporal.retoolsvc:7233 and TEMPORAL_UI_PORT=8080

Note that i am using temporalio/ui:2.21.3 image to deploy the web ui sercice on aws ecs fargate.
All the services are created in the same ecs cluster in a private subnet.

Please do let me know if i have to share the terraform code i am using to create/deploy these services.

Thank you

6

Resolved by updating the security groups

1 Like