By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How to provide static elastic IP to ECS Farget service (web application) to connect databases in other VPCs for outbound traffic and inbound traffic for general users as HTTP/HTTPS requests?

0

I have a web app in ECS Farget and I need to connect databases in other VPCs as outbound traffic but due to every deployment a new IP is assigned to the Farget service. Is there any way to assign a static elastic IP to the ECS Farget service or CIDR block with a range of IPs that can work? I know some of the answers related to assigning static IP to NAT gateway and then ECS Farget service with NLB in that subnet. Those things are done but I think due to NLB it is not working maybe need to add ALB as well but is it over-engineering or I am missing something?

I read this answer how-to-use-elastic-ip-for-aws-ecs-with-farget-without-using-network-loadbalancer but cname records cannot be used for adding as IPs.

Topics
Networking & Content DeliveryServerlessContainers
Tags
Amazon VPCAWS FargateVPC Virtual Private GatewayIPv6Amazon VPC IP Address Manager
Language
English
Aditya
asked 7 months ago1698 views
4 Answers
1
Accepted Answer

In case of cross vpc access to your microservices, you can use VPC Peering or Transit gateway instead of restricting access to one public vpc. Its a more flexible configuration. But if its not for you in my opinion you must use alb for ingress and the NAT Gateway for egress.

profile picture
EXPERT
Andrii S
answered 7 months ago
  • Aditya
    7 months ago

    Thanks, Andrii, Please can you elaborate on the flow for this? "you must use alb for ingress and the NAT Gateway for egress." We are doing something but not working. I will be very grateful if you can also explain the flow a bit.

1

Hello. You can try use ALB instead NLB it`s it is more suitable for use together with ecs https://docs.aws.amazon.com/AmazonECS/latest/userguide/create-application-load-balancer.html

Best regards, Andrii

profile picture
EXPERT
Andrii S
answered 7 months ago
  • Aditya
    7 months ago

    Thanks for the answer Andrii! Current ECS Farget service is using ALB only but we need a way to provide static IP to it so that with newer deployments everything works including the allowed inbound IP in other VPCs. We have the same thing in ECS Farget and Lambda but due to limitations in lambda, we need to move everything in ECS. In lambda we have static IP but not sure what is missing here.

1

Is there any way to assign a static elastic IP to the ECS Farget service or CIDR block with a range of IPs that can work?

No, ECS currently doesn't support Elastic IP, you can only have an auto-assigned public IP. Moreover, an Elastic IP is assigned randomly and cannot be specified with CIDR range either.

I have a web app in ECS Farget and I need to connect databases in other VPCs as outbound traffic

However, if you simply need a static IP because you need it to be within a CIDR range to have it allowed by a certain security group's inbound/outbound rules, you can simply use a inbound/outbound rule that allows a certain source/destination security group (e.g.,, the one that is attached to your ECS Service) instead of CIDR IP block.

profile picture
HS
answered 7 months ago
1

I read this answer how-to-use-elastic-ip-for-aws-ecs-with-farget-without-using-network-loadbalancer but cname records cannot be used for adding as IPs.

No, CNAME records cannot have a static IP as value. Instead, you need to either use CNAME record and set its value to LB's domain name, or use A record and set its value to the static IP or alias if the target service supports it.

profile picture
HS
answered 7 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content