By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Client VPN + Local docker-compose amazon-ecs-local-container-endpoints 169.254.170 being routed through VPN

0

I followed this guide to set up a local dev env with Docker-compose + local IAM auth. Additionally, I am trying to connect to a resource inside our VPC using the AWS client VPN (split tunnel mode).

When running each of these individually, there are no issues. However, when combining them, the requests being made to the local ECS endpoint for auth (169.254.170/24) is being redirected through the VPN and failing to pull back valid creds.

Is it possible to keep all 169.254.170/24 traffic local? Is it possible to use a different ip range for the local container?

Topics
Networking & Content Delivery
Tags
Amazon VPCNetworking & Content Delivery
Language
English
AWS-User-4657835
asked 2 years ago884 views
1 Answer
0

It appears that you are having a problem configuring your Docker Compose. You may find that your problem is not configuring each container with a unique IP address. The IP for the local ECS endpoint should be 169.254.170.2. You should refer to the link to help configure your endpoints.

https://aws.amazon.com/blogs/compute/a-guide-to-locally-testing-containers-with-amazon-ecs-local-endpoints-and-docker-compose/

Additionally, here is a link to a site that discusses Amazon ECS Local Container Endpoints:

https://github.com/awslabs/amazon-ecs-local-container-endpoints

If you encounter further errors, please reach out to premium support. Cheers!

Josh_F
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content