Should incoming traffic to an ECS service go through service connect for monitoring purposes?

Hello

Thank you for your interest in ECS.

I understand you wish to understand how you can monitor the ECS traffic. specifically the requests coming into your containers.

Please allow me to convey that the document you have linked, Amazon ECS CloudWatch metrics is specific for ECS. Here the metrics you are looking for "ActiveConnectionCount", "NewConnectionCount", "RequestCount", etc are linked to containers, and in case of ECS the newly introduced ECS SERVICE CONNECT uses proxy container as side-car to route requests to your app container and also gathers the above metrics, hence if you wish to look at metrics in the same CW Namespace "ECS" then, you have to configure service connect for intercommunication between different ECS Services in the same namespace.

On contrary, since you are already using ELB, you are sending public traffic from ELB to ECS Task as TARGET, then in this case the metrics are also stored but in different namespace for ALB and/or NLB CloudWatch metrics for your Application Load Balancer and CloudWatch metrics for your Network Load Balancer. Using the above ELB metrics, you can get detailed understanding of the requests and other network related metrics in depth.

What are the drawbacks (if any) of passing load balancer traffic via service connect for the publicly exposed services? Is there any other way than this to get a full picture of the incoming requests for a service?

I cannot think you drawbacks but to help understand it is recommended to use ELB for serving public requests directly to your containers, while service connect should be used when you need inter-communication between different containers of same or different services, like payment service container needs to talk to order-confirmation service container to send emails, etc.

Please let me know if you need any help related to above query. Thank you! Have a great day ahead.