Hi, Indeed as Carl said, you want to use ECS Execute Command, not SSH for containers in ECS. Much more secure, easier to audit, and far less faffing around to get it working.
On the public access side, did you put your service in a public subnet ? That'd be a subnet with the internet gateway as the default route. Did you enable granting an EIP to the container (not enabled by default)? You most likely already have opened the Security Group accordingly to do all that.
Note thought that, unless there is a very, very good reason for that, I wouldn't recommend to expose your services directly, and keep them behind an ALB (or NLB), for the simple reason that this enables a wealth of other features: ACM for TLS, WAF, audit logs, etc.
An acquaintance of mine who's using ECS Compose-X needed only to have egress to the internet access, to retrieve data, and publish it back elsewhere. So we put his service on a public subnet, with a VPC without NAT or anything (so no VPC costs incurred) and his service gets an EIP automatically. But there is no ingress to that service needed, which more or less makes it a Lambda function running via ECS ^^
Well no. I want a bastion to jump to the RDS. For this I need a container that accepts SSH and redirects to the RDS.
Fargate not being able to do this just means I need to spin up a EC2.
- Accepted Answerasked a year ago
- AWS OFFICIALUpdated a year ago
- How can I troubleshoot issues when I use the AWS Load Balancer Controller to create a load balancer?AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 2 years ago
- EXPERTpublished 4 months ago