Currently, I have an infrastructure with ECS Fargate, where my services are in a private subnet. I want to integrate with a service that requires DPoP (Demonstration of Proof-of-Possession) and a range of IPs to make requests.
I've been researching possible solutions such as using a proxy or utilizing a service to meet these requirements.
The main problem lies in managing public and private keys for DPoP and handling a range of IPs, as when using Fargate, my entry is through an application load balancer and the requests my application makes go through a NAT.
I attempted to configure service connect but it's not clear to me how to set up my service.
- How to define the keys and how to define the IP range that the integration should use are unclear to me.
- I'm not sure how to configure the task definition of the service to use service connect (whether I should add another container alongside my application, if it should be a separate service, or if simply placing the task definition of my application in the service with service connect should work).
- Another idea I had would be to use an EC2 instance to function as a proxy.
Yes, we have already connected other integrations and used a NAT. The issue with this integration is the type of connection it requires, utilizing a key (public and private key) and the range of IPs.
The Pub and Private keys on your Fargate tasks?
Or are we talking mutual TLS?