Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

How to configure a custom domain with ECS Express Mode in CloudFormation

3

I am attempting to set-up a REST API using ECS Express Mode and CloudFormation. I have a CloudFormation template along the lines of the following

AWSTemplateFormatVersion: 2010-09-09
Resources:
  ApiService:
    Type: AWS::ECS::ExpressGatewayService
    Properties:
      ExecutionRoleArn: !GetAtt ApiServiceExecutionRole.Arn
      InfrastructureRoleArn: !GetAtt ApiServiceInfrastructureRole.Arn
      PrimaryContainer: 
        Image: !Ref ApiImage

to configure an ECS Express Mode task. On the Updating Resources Outside of Express Mode guide there are steps outlined to add a custom domain by modifying the Load Balancer in the console, I am attempting to do this through CloudFormation but I cannot find any sources or examples to suggest that this is currently possible.

I believe the last few steps are possible by configuring a Route53 RecordSet in CloudFormation using the following snippet:

  ApiDnsRecord:
    Type: AWS::Route53::RecordSet
    Properties:
      HostedZoneId: Z04150203OUU6HSSX4Y95
      Type: CNAME
      TTL: 900
      Name: api-staging.auto-trust.com
      ResourceRecords:
      - !GetAtt ApiService.Endpoint

This blog by Jeroen Reijn suggests that express mode is currently lacking support for this feature, is there any way around this?

Topics
Management & GovernanceContainers
Tags
Amazon Elastic Container ServiceAWS CloudFormation
Language
English
asked a month ago138 views
2 Answers
5
Accepted Answer

Adding to the generated recommendation: The core issue here is that ECS Express Mode acts as a 'black box' regarding the underlying Load Balancer. While the suggestion to use the Console/CLI works, it breaks the CloudFormation automation (leading to drift).

If you must stick with CloudFormation and require a fully automated custom domain setup, consider these two technical paths:

  1. The "Standard" Route (Recommended): Move away from AWS::ECS::ExpressGatewayService and use the standard AWS::ECS::Service combined with an explicitly defined AWS::ElasticLoadBalancingV2::LoadBalancer. This gives you full access to the Certificates property of the Listener within the same template.
  2. Route 53 Optimization: Instead of a CNAME for the ApiService.Endpoint, use an Alias Record (Type A). Alias records are better for AWS-native resources as they handle DNS resolution more efficiently and are not charged as standard queries by Route 53.
  3. The Lambda Workaround: If you want to keep Express Mode, you could implement a CloudFormation Custom Resource (backed by a Lambda). This Lambda can use the AWS SDK to programmatically find the 'hidden' ALB created by Express Mode and attach the SSL certificate/Host-header rules during the stack deployment.

Summary: Express Mode prioritizes simplicity over configurability. For production-grade custom domain setups, the standard ECS resource path is currently the most robust way to keep everything within CloudFormation."

EXPERT
answered a month ago
EXPERT
reviewed a month ago
0

Based on the available documentation, configuring a custom domain with ECS Express Mode through CloudFormation is not currently supported in the same way as it is through the console. The process for adding a custom domain to an ECS Express Mode service requires manual configuration of the Application Load Balancer that is automatically created by Express Mode.

To add a custom domain, you need to:

  1. Add your custom domain as a host header condition in the Application Load Balancer listener rule. This should use the same domain name you want to associate with your service (for example, app.example.com). This configuration tells the Application Load Balancer to route traffic from your domain to the ECS Express Mode target group.

  2. Add the SSL certificate to the Application Load Balancer HTTPS listener. You'll need to add your ACM certificate to the HTTPS listener.

These configurations are currently done through the console or AWS CLI by modifying the Application Load Balancer resources that Express Mode creates automatically. The CloudFormation template you've provided for the AWS::ECS::ExpressGatewayService resource doesn't include properties for custom domain configuration, and the documentation doesn't show examples of managing the Application Load Balancer configuration through the Express Mode CloudFormation resource itself.

Your approach of using a Route 53 RecordSet to point to the Express Mode endpoint is correct for the DNS portion, but the Application Load Balancer configuration (host header condition and SSL certificate) would still need to be configured separately, either through the console, AWS CLI, or by managing the Application Load Balancer resources directly in CloudFormation outside of the Express Mode service definition.
Sources
AWS App Runner availability change - AWS App Runner
Migrating from AWS App Runner to Amazon ECS Express Mode | Containers

answered a month ago
EXPERT
reviewed a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content