ECS - Deny communication between 2 services in the same namespace

Question

Hello,
I'm design an application using ECS and Service Connect and it's not clear for me how to prevent the communication between 2 services that are part of the same namespace.

I have 3 services:
* Gateway
* Core
* Auth

and all of them are part of the same namespace **namespace1**.

* Gateway can speak with Auth;
* Gateway can speak with Core;
* Core cannot communicate with Auth and viceversa.

What options do I have to prevent Core to reach Auth?

Thanks,
Francesco

Accepted Answer

Since ECS Service Connect is built on top of AWS Cloud Map for service discovery and AWS App Mesh for the networking control, you'll be leveraging these services to achieve your goals. To prevent the Core service from communicating with the Auth service in AWS ECS using the same namespace, you can use AWS App Mesh to control traffic flow. Here's a simplified approach:
1. Define your services (Gateway, Core, Auth) as virtual services within App Mesh.
2. Create routes that specifically allow:
* Gateway to communicate with Core and Auth.
* Prevent Core from communicating with Auth by not defining any route between them in App Mesh.

This approach focuses on using AWS App Mesh's capabilities to control and route traffic between your services, effectively isolating Core and Auth from each other while still allowing both to communicate with Gateway.

For ref:
https://docs.aws.amazon.com/app-mesh/latest/userguide/what-is-app-mesh.html

ECS - Deny communication between 2 services in the same namespace

관련 콘텐츠