New user sign up using AWS Builder ID is currently unavailable on re:Post. To sign up, please use the AWS Management Console instead.
How do I use a static or Elastic IP address for an Amazon ECS task on Amazon EC2?
I want to use a static or Elastic IP address for an Amazon Elastic Container Service (Amazon ECS) task that runs on my Amazon Elastic Compute Cloud (Amazon EC2) container instances.
Resolution
You can't add a static or Elastic IP address directly to an Amazon ECS task.
Instead, take one of the following actions:
- For static IP addresses for outbound traffic, create a NAT gateway.
Note: If the downstream user requires a static IP address, then place your container instances in a private subnet that has the NAT gateway. Then, use the NAT gateway IP address in an IP address allowlist. - For static IP addresses for inbound traffic, use the host and bridge network modes. Then, associate an Elastic IP address with the Amazon EC2 container instance that hosts the task.
If your tasks are spread across multiple container instances, then complete the following resolution to use a static IP address for inbound traffic.
Note: The following resolution is for tasks that use Amazon ECS optimized Amazon Linux Amazon Machine Images (AMIs) with host, bridge, or awsvpc network modes.
Create a target group
Create a target group. For Choose a target type, choose Instances and for Protocol, choose TCP.
Important: If your service's task definition uses the awsvpc network mode, then select IP addresses for Choose a target type.
Configure a Network Load Balancer to use your target group
Note: Your load balancer's security group rules must allow outbound traffic to the container instances or task elastic network interface on the traffic and health check ports. The rules must also allow inbound traffic from clients on the listener ports. If you set up dynamic port mapping, then the security group must allow outbound traffic on the ephemeral ports (typically 32768-65535).
Attach your target group to a Network Load Balancer, and configure the following settings:
- For IP address type, choose IPv4.
- For VPC, select the container instance's virtual private cloud (VPC).
(Optional) Activate cross-zone load balancing for the Network Load Balancer node to distribute traffic across the registered targets in all Availability Zones.
Create an Amazon ECS service
Create an Amazon ECS service to launch tasks on EC2 instances that are registered to your clusters. Specify the Network Load Balancer and the target group that you created in the service definition.
The container instance or task network interface security group must allow inbound traffic from the load balancer on the traffic and health check ports. Also, when you use dynamic port mapping, the security group must allow inbound traffic from the load balancer on the ephemeral port range.
When tasks in your service start, Amazon ECS registers the container instance or IP address and port in the service definition with your target group. Then, the load balancer routes the traffic to that container instance or IP address. Use the load balancer's static IP address as a fixed entry point for your tasks.
Related information
Relevant content
- AWS OFFICIALUpdated a month ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 7 months ago
