Hi, i've got an ECS Fargate service with tasks on personal VPC behind an App load balancer. All works great but i'm not confident with the security group outbound rules i set and i don't know which range of TCP ports need to be really open. At the moment all TCP ports are open on outbounds rules and if i change this, deployment doesn't work. I want to know which ports are really needed to make my ECR image to be automatically deployed on tasks.
I spend a little bit of time searching on the internet but responses don't work for me. I read some persons with 32000-65000+ tcp ports open but seems a litlle bit the same as all TCP ports for me.
I try this setup : HTTP 80 (LB) , TCP 3001 (my app), and the TCP range 51678 - 51680 for the ECS agent container (i found this on the doc) but doesn't work and tasks are not deployed. With all tcp port open and http 80, image is deployed nicely.
I'm really not an expert but a real rookie, and i'm pretty sure openning all outbound TCP ports in my security group is not a good idea. Is it really a security problem ?
Any advices will be really helpfull. Thank you !
Really thank you for your quick help, it works perfectly ! Bravo !
443 is https and 53 is dns. Both need to be open.