How do I use a Network Load Balancer with Elastic IP addresses for Amazon ECS tasks on Fargate?

Resolution

You can't assign a static IP address or Elastic IP address to a Fargate task. To use static IP addresses with Fargate tasks, create a Fargate service with a Network Load Balancer and attach Elastic IP addresses to the load balancer.

Choose one of the following options based on your traffic requirements:

• For outbound traffic, create a NAT gateway on a private subnet where your Fargate task resides. The NAT gateway's static IP address can be used for IP allow lists. For more information, see Connect Amazon ECS applications to the internet.
• For inbound traffic, create a Network Load Balancer with Elastic IP addresses and configure it to route traffic to your Fargate tasks. Complete the steps in the following sections.

Create a Network Load Balancer with a target group

1. Open the Amazon Elastic Compute Cloud (Amazon EC2) console.
2. In the navigation pane, under Load Balancing, choose Load Balancers.
3. Choose Create Load Balancer.
4. For Compare and select load balancer type, choose Create for Network Load Balancer.
5. For Load balancer name, enter a name for your load balancer.
6. For Scheme, select Internet-facing or Internal.
7. For IP address type, select IPv4.
8. In the Network mapping section, for VPC, select the Amazon Virtual Private Cloud (Amazon VPC) for your Fargate task.
9. For Availability Zones and subnets, select at least one Availability Zone and one subnet for each Availability Zone.
   Note: Turning on multiple Availability Zones increases the fault tolerance of your applications. For internet-facing load balancers, select an Elastic IP address for each Availability Zone to provide your load balancer with static IP addresses. For internal load balancers, assign a private IP address from the IPv4 range of each subnet or let AWS assign one for you.
10. For Listeners and routing, keep the default listener or add another listener.
    Note: The default listener accepts TCP traffic on port 80. You can keep the default listener settings, modify the protocol or port of the listener, or choose Add listener to add another listener.
11. For Protocol, select your protocol.
12. For Port, select your port.
13. Under Forward to target group, choose Create target group.
    Note: The target group is used by the Network Load Balancer listener rule that forwards the request to the target group.
14. For Target type, select IP addresses.
    Note: The target type Instances isn't supported on Fargate.
15. For Target group name, enter a name for your target group.
16. Under Health checks, keep the default settings.
17. Choose Next.
    Note: Load balancers distribute traffic between targets within the target group. When a target group is associated with an Amazon ECS service, Amazon ECS automatically registers and deregisters the task from the target group. Because Amazon ECS handles target registration, you don't need to add targets to your target group.
18. Choose Create target group.
19. Navigate back to the Create Network Load Balancer tab.
20. Under Listeners and routing, for Target group, select the target group that you created.
    Note: You must select the refresh target groups button to see the new target group after it has been created.
21. Choose Create load balancer.

Create an Amazon ECS service with the Network Load Balancer

Create an Amazon ECS service and specify the target group in the service definition. When each task for your service starts, Amazon ECS registers the container and port combination specified in the service definition with your target group. The load balancer then routes traffic to that container.

Related information

Use load balancing to distribute Amazon ECS service traffic

Use a Network Load Balancer for Amazon ECS

Amazon ECS task networking options for Fargate

Create a Network Load Balancer

Connect Amazon ECS applications to the internet