By using AWS re:Post, you agree to the Terms of Use
/How to route HTTP traffic from external internet to an AppMesh ECS Fargate service/

How to route HTTP traffic from external internet to an AppMesh ECS Fargate service

1

Our traffic is coming from the public internet to WAF then to external ALB then to ECS service in Fargate via a Target Group. This TG IP address target is updated by ECS every time a service is redeployed.

But the new microservice is in AppMesh, and microservice traffic routing is done by Service Discovery rather than ALB. We tried to route traffic from external ALB to ECS Fargate AppMesh service but found literally zero examples of how to do it properly with no downtimes during redeployments.

When AppMesh microservice is deployed it does not update IP address in the above mentioned TG, but only in the Service Discovery.

We can't point our Target Group to an AppMesh service! If we point to an IP address it will change with next deployment.

How to route HTTP traffic from external internet to an AppMesh ECS Fargate service in a maintainable way, so that we can reconfigure or redeploy or reroute our services at will with zero downtime?

2 Answers
1

Hello, I had done just that in the past, haven't used much of AppMesh for a little while, and really wish I had documented it !

But in a nutshell, you can do it in at least 2 ways:

the service(s) that is behind the ALB, have the Listener Rules send the traffic to the containers, regardless of whether they use AppMesh or not. Then for the rest of the traffic between the services, it will work of its own accord, following the Mesh rules (services, routers etc.) that are defined.

Second option could be to use an AppMesh gateway, have the LB send all the traffic to that service, and then again, AppMesh will take over for the rest of the traffic to follow.

I will try to dig out the examples I had. I did all that using x-appmesh in ECS Compose-X but due to very little use-cases / need coming the AppMesh way, I haven't given it much love for a little while.

Just get the traffic from your ALB to your containers, it will work just fine (says he not touching it in a year).

answered 24 days ago
  • Hello John. Thanks for the answer!

    way 1) You say "have the Listener Rules send the traffic to the containers". That is easy via TG as IP address. But after service redeploys in AppMesh the IP will change, the TG won't be updated with the new IP, so the traffic won't go any more. Or I didn't understand what you mean.

    way 2) I looked up "AppMesh gateway" and found nothing in the internet. What do you mean exactly? NGINX or something?

  • Hey @Vasyl So, here is what I meant by gateways: https://docs.aws.amazon.com/app-mesh/latest/userguide/virtual_gateways.html And for your first comment, I am not too sure to follow. Sure your TG will update the target to send traffic to the container, if you configured your ECS service to automatically use a target group, ECS will take care of updating the TG Targets IP as they go.

  • Thank you John! We're digging further both your recommendations.

  • I did some digging John. Basically, it was never implemented for AppMesh: https://github.com/aws/aws-cdk/issues/19842

0

Hello again @Vasyl,

I just reworked/re-enabled x-appmesh this weekend and updated my demo apps to test/showcase.

python3 -m venv venv
source venv/bin/activate
pip install pip -U; pip install "ecs-composex>=0.22.0"
git clone https://github.com/compose-x/composex-testing-apps
cd composex-testing-apps
# Optionally use image specific tag
#export IMAGE_TAG=2022-06-13

# Render the templates
 ecs-compose-x render -d templates --format yaml -f docker-compose.yaml -f x-appmesh.yaml  -n demo-appmesh

# Deploy to AWS # will create VPC/DNS/CloudMap/IAM/Services - basically everything it needs
 ecs-compose-x up -d templates --format yaml -f docker-compose.yaml -f x-appmesh.yaml  -n demo-appmesh

The ingress from the "internet" is done via the ALB that will send the traffic to app01 which is our ingress service.

Hope this helps in your ECS + AppMesh journey.

answered 20 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions