By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

VPC Endpoint Fargate to CodeCommit

0

I'm using Amplify, and in the VPC created by Amplify, I've created a VPC Endpoint to CodeCommit. DNS Hostnames are enabled on the VPC, DNS Resolution is enabled on VPC, Private DNS Names are enabled for the endpoint. The DHCP Option set attached to the VPC uses the AmazonProvidedDNS name servers. The Fargate task is run in the given VPC, on the same subnets as the endpoint is configured for. For some reason, however, when looking up the service by it's name (git-codecommit.us-east-1.amazonaws.com), DNS resolution fails. I can see that name in both the Private DNS as well as the regular DNS names for the VPC Endpoint. It seems that everything should be properly configured, but the container in Fargate cannot resolve the service using DNS.

Topics
Networking & Content DeliveryServerlessContainersFront-End Web & Mobile
Tags
Amazon VPCAWS FargateAWS AmplifyNetworking & Content DeliveryAmazon Route 53
Language
English
John S
asked 2 years ago257 views
1 Answer
0

is the issue happening only from container in Fargate ? did you test it from an EC2 instance in the same subnet ? Could you share the error that you are getting during the DNS resolution ?

profile pictureAWS
AWS-User-0271691
answered 2 years ago
  • John S
    2 years ago

    This is the error:

    2022/07/15 02:43:44 [error] 31#31: *10 git-codecommit.us-east-1.amazonaws.com could not be resolved (110: Operation timed out), client: 10.0.0.33, server: git-proxy, request: "GET /myrepo/info/refs?service=git-upload-pack HTTP/1.1", host: "amplify-app.execute-api.us-east-1.amazonaws.com"

    I haven't tested through EC2 instances, mainly because there is no internet gateway on this VPC. Ingress is through API Gateway.

  • AWS-User-0271691
    2 years ago

    Could you try do a dig to the Amazon DNS server directly from the container. Please use the below command.

    dig git-codecommit.eu-west-3.amazonaws.com @<Amazon DNS server i.e VPC CIDR+2>

  • John S
    2 years ago

    Running into issues doing that. I keep getting errors when trying to deploy updated container. Only thing I've changed is the inclusion of the dig command, and I keep getting generic errors without much information like this:

    { "errorType": "Error", "errorMessage": "The execution didn't succeed", "stack": [ "Error: The execution didn't succeed", " at Runtime.exports.handler (/var/task/index.js:102:13)", " at processTicksAndRejections (internal/process/task_queues.js:97:5)" ] }

    I had dealt with this before, and I know it's either related to building or possibly running the image, but I don't have any issues locally when building and running the image. So, without any real details in the error log I can't tell what's going on and why I can't deploy this updated image to check DNS...

    This is my Dockerfile:

    FROM nginx:alpine RUN apk add bind-tools COPY ./nginx.conf /etc/nginx/conf.d/default.conf EXPOSE 80 CMD ["sh","-c","dig git-codecommit.us-east-1.amazonaws.com @10.0.0.2 && nginx -g 'daemon off;'"]

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content