ECS - EC2 Instance Type, Bridge Network mode can't connect private subnet

Question

I'm trying to run Spring Application with EC2 Instance Type in ECS service. This EC2 Instance Type is located on the Public Subnet.

This Spring Application connects to the RDS located on the Private Subnet, and logs that fail each time are checked. Security groups are open on both sides and both are inside the same VPC.

If you change the network mode to awsvpc, the connection between Spring and RDS is made, but the port of the container and the EC2 Host port are not mapped, which is a problem.

There are two questions I would like to ask for help, and if I can get an answer from either of them, I would like to use it to solve the problem.

1. Why is Public Subnet's Spring Application unable to connect to Private Subnet's RDS in Bridge Network Mode and solutions

2. How to map host ports and container ports in awsvpc mode

Thanks for your help!

Answer

Recommend that you move your EC2 to the Private Subnet and you either use an Application Load Balancer or API Gateway to provide external access to your application.
The subnets are meant to be configured so that Private has access to Public but not the other way around. Here's more information on this - 
https://www.learnaws.org/2022/06/22/public-private-subnets/#:~:text=a%20public%20subnet.-,When%20to%20use%20Public%20%26%20Private%20Subnets%3F,created%20in%20a%20public%20subnet.

Here's the document on how to setup the application as I described: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-example-private-subnets-nat.html

Hope this helps.

ECS - EC2 Instance Type, Bridge Network mode can't connect private subnet

関連するコンテンツ