- Newest
- Most votes
- Most comments
Hello :) FYI you don't need to open the security group of your container to itself if it is going to make calls internally over localhost etc., however, you definitely need to have the LB SG granted access to your application. If it is only to the frontend, use the frontend ports.
As for the localhost:5000, I am not sure why this is not working for you. Connection refused could be because your gunicorn API is not actually running? Eitherway, to be able to scale properly, I would recommend to use a different ECS Service, one for your frontend, one of your backend. Then you can use ECS Connect or AppMesh to perform frontend-to-backend API calls routing. You can also use very basic DNS based routing for that, I just think that using something like AppMesh can give you a lot more features out of the box.
Relevant content
- Accepted Answerasked 5 months ago
- Accepted Answerasked 3 years ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 4 months ago
Thanks for the answer. The gunicorn API is most definitely working as I'm able to connect using the public IP of the task. Really puzzled by this as it's my understanding that inter container communication should work out of the box with AWSVPC network mode within the same task.
Okay, this is very odd then. I have had many applications do exactly that with typically NGINX pass to localhost to another app etc. Have you maybe bound your gunicorn app only on the
eth0
which is quite possible. Check that your gunicorn listens both on "eth0" and the loopback interface