By using AWS re:Post, you agree to the AWS re:Post Terms of Use

Type of the load balancer used to route external traffic to ECS tasks hosted in Private Network

0

I am willing to deploy my backend Container on Amazon ECS , and I have gone through some of the questions asked here on AWS knowledge Center and am facing the same Issue as described here https://repost.aws/questions/QU6wyUfAxRSFyDLz1YEUlWag/deploying-ecs-task-definition-through-is-stuck-on-provisioning , and after checking the answer , it turned out that ECS Tasks have to be launched in a private Subnet with a NAT gateway to the Internet.

When hosting tasks that use the awsvpc network mode on Amazon EC2 Linux instances, your task ENIs aren't given public IP addresses. To access the internet, tasks must be launched in a private subnet that's configured to use a NAT gateway. For more information, see NAT gateways in the Amazon VPC User Guide. Inbound network access must be from within a VPC that uses the private IP address or routed through a load balancer from within the VPC. Tasks that are launched within public subnets do not have access to the internet.

so I have done that , but my ECS Task need to communicate with an RDS Instance hosted in another account , So I have set up VPC peering between both VPCs , and I expect that my backend logic will need to Interact with RDS Instance so , The task will need Inbound Connections from outside , and the task has to be set in a private subnet , and in this case it need to be attached to load balancer to route external traffic to the ECS Task as a target group . My question Is when I create a load balancer , what would be the type of the target group , In my case I need the load balancer to route the traffic to the ECS Task , so should I choose Instance type or Ipaddresses type taking into consideration that ECS tasks use networking in the AWS VPC to provide each task with its own elastic network interface and its own IP address.

1 Answer
0

Hi

Choose IP addresses as the target group type. This is crucial because: Dynamic IPs: ECS tasks using awsvpc networking mode have dynamic private IP addresses assigned to their elastic network interfaces (ENIs). IP-Based Targeting: The ALB can effectively route traffic to your tasks' ENIs using their IP addresses.

https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-load-balancing.html

For services with tasks using the awsvpc network mode, when you create a target group for your service, you must choose ip as the target type, not instance. This is because tasks that use the awsvpc network mode are associated with an elastic network interface, not an Amazon EC2 instance

Add on Info: I would like to add one of the point i have experienced recently with ECS, You may have interfaces issues because based on the instance types you will have less number of the network interface which may affect your applications so here is the solution for this,

Enable trunking Enable the ECS elastic network interface trunking feature to increase the number of network interfaces that can be attached to supported EC2 container instance types. You must meet the following prerequisites before you can launch a container instance with the increased network interface limits:

  • Your account must have the AWSServiceRoleForECS service-linked role for ECS.
  • You must opt into the awsvpcTrunking account setting.

https://aws.amazon.com/blogs/compute/optimizing-amazon-ecs-task-density-using-awsvpc-network-mode/

profile picture
EXPERT
answered 8 months ago
profile picture
EXPERT
reviewed 8 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions