Deploy temporal ui service on aws ecs fargate instance

Dear support,

I have deployed retool and temporal services on aws ECS cluster more details here

Everything is working fine. All deployed services [ Retool ( main backend, jobs runner, workflows backend, workflows worker) AND temporal ( frontend, history, matching, worker) ] are running and healthy and i am able to access both retool main service and workflows section

But i also need to deploy Temporal UI on an AWS ECS Fargate service. So, here are the steps i followed :

  1. Create a Dockerfile for the Temporal UI using this docker image temporalio/ui:2.21.3.

  2. Build the Docker image and push it to aws ECR that my AWS ECS cluster can access.

  3. Create a task definition for my Temporal UI service in AWS ECS and set the container port to 8080

  4. Create a service in my AWS ECS cluster that uses the task definition.

  5. Create an internal application load balancer and configure the domain name with cloudflare so i can access the temporal ui service via https://temporal.mydomain.com. I setup the ALB health check path to /

  6. Allow cloudflare zero trust service to access the internal load balancer

  7. Add this environment variable TEMPORAL_ADDRESS=temporal.retoolsvc:7233

The service starts but the application load balancer health check didn’t pass and keep draining so i am getting the 504 Gateway time-out error

Here are the temporal ui ecs logs :

2023/12/09 19:51:53 Loading config; env=docker,configDir=config
2023/12/09 19:51:53 Loading config files=[config/docker.yaml]
Starting UI server...
/___/\__/_//_/\___/ v4.9.0
High performance, minimalist Go web framework
https://echo.labstack.com
____________________________________O/_______
O\
⇨ http server started on [::]:8080
2023/12/09 19:51:53 Loading config; env=docker,configDir=config
2023/12/09 19:51:53 Loading config files=[config/docker.yaml]

Getting some help here is really appreciated and i am ready to provide more details about the terraform code i am using to deploy the different services

Thank you in advance

Any help here please
Thank you

Hi,

Any one can help here ??

Thank you

  1. Create an internal application load balancer and configure the domain name with cloudflare so i can access the temporal ui service via https://temporal.mydomain.com. I setup the ALB health check path to /

Can you access the web ui directly (not through alb)?

504 Gateway time-out error

which port(s) do you open? any security configs that might need update? Any firewall rules that might be preventing network traffic to needed ports?

Hi @tihomir

Thank you for your reply

  1. No but how can i access it directly since i am deploying it in aws ecs fargate instance in a private subnet ? Can you please tell me how can i achieve this ?

  2. I am opening the port 8080 and i am configuring the ALB security group to allow access via port 443 from retool ecs services (main backend, jobs runner, workflows backend, workflows worker) that i am creating with tryretool/backend:3.16.7 image and temporal ecs services ( frontend, history, matching, worker ) that i am creating with tryretool/one-offs:retool-temporal-1.1.4 image. Also i am configuring the security group of web ui ecs service to allow TCP traffic from 0.0.0.0/0 via port range 80 - 3000 and 443 - 3000. Also i am adding the following environment variables TEMPORAL_ADDRESS=temporal.retoolsvc:7233 and TEMPORAL_UI_PORT=8080

Note that i am using temporalio/ui:2.21.3 image to deploy the web ui sercice on aws ecs fargate.
All the services are created in the same ecs cluster in a private subnet.

Please do let me know if i have to share the terraform code i am using to create/deploy these services.

Thank you

Resolved by updating the security groups