Is it possible to connect aws fargate with task ip instead of load balancer DNS?

Question

I implemented a web server in fargate.

The web server connection through the application load balancer DNS went well.

However, when I connected to the task public ip, I couldn't connect.

I checked that the ip and port are set properly in the service security group.

In my opinion, fargate doesn't directly connect to public ip like ssh can't access. Am I right?

Accepted Answer

Hi,
Indeed as Carl said, you want to use ECS Execute Command, not SSH for containers in ECS. Much more secure, easier to audit, and far less faffing around to get it working.

On the public access side, did you put your service in a public subnet ? That'd be a subnet with the internet gateway as the default route. Did you enable granting an EIP to the container (not enabled by default)? You most likely already have opened the Security Group accordingly to do all that.

Note thought that, unless there is a very, very good reason for that, I wouldn't recommend to expose your services directly, and keep them behind an ALB (or NLB), for the simple reason that this enables a wealth of other features: ACM for TLS, WAF, audit logs, etc.

An acquaintance of mine who's using [ECS Compose-X](https://docs.compose-x.io) needed only to have egress to the internet access, to retrieve data, and publish it back elsewhere. So we put his service on a public subnet, with a VPC without NAT or anything (so no VPC costs incurred) and his service gets an EIP automatically. But there is no ingress to that service needed, which more or less makes it a Lambda function running via ECS ^^

Answer

Well no.
I want a bastion to jump to the RDS.
For this I need a container that accepts SSH and redirects to the RDS.

![Enter image description here](/media/postImages/original/IML2H0vSi8RyCIY0jQRrqyrQ)

Fargate not being able to do this just means I need to spin up a EC2.

Is it possible to connect aws fargate with task ip instead of load balancer DNS?

관련 콘텐츠