Client VPN + Local docker-compose amazon-ecs-local-container-endpoints 169.254.170 being routed through VPN

Question

I followed [this](https://aws.amazon.com/blogs/compute/a-guide-to-locally-testing-containers-with-amazon-ecs-local-endpoints-and-docker-compose/) guide to set up a local dev env with Docker-compose + local IAM auth. Additionally, I am trying to connect to a resource inside our VPC using the AWS client VPN (split tunnel mode).

When running each of these individually, there are no issues. However, when combining them, the requests being made to the local ECS endpoint for auth (169.254.170/24) is being redirected through the VPN and failing to pull back valid creds.

Is it possible to keep all 169.254.170/24 traffic local? Is it possible to use a different ip range for the local container?

Answer

It appears that you are having a problem configuring your Docker Compose.
You may find that your problem is not configuring each container with a unique IP address. The IP for the local ECS endpoint should be 169.254.170.2. You should refer to the link to help configure your endpoints.
     
https://aws.amazon.com/blogs/compute/a-guide-to-locally-testing-containers-with-amazon-ecs-local-endpoints-and-docker-compose/

Additionally, here is a link to a site that discusses Amazon ECS Local Container Endpoints:

https://github.com/awslabs/amazon-ecs-local-container-endpoints
     
If you encounter further errors, please reach out to premium support. Cheers!

Client VPN + Local docker-compose amazon-ecs-local-container-endpoints 169.254.170 being routed through VPN

관련 콘텐츠