By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Integration Challenges with ECS Fargate: DPoP Requirements and IP Range Handling

0

Currently, I have an infrastructure with ECS Fargate, where my services are in a private subnet. I want to integrate with a service that requires DPoP (Demonstration of Proof-of-Possession) and a range of IPs to make requests. I've been researching possible solutions such as using a proxy or utilizing a service to meet these requirements.

The main problem lies in managing public and private keys for DPoP and handling a range of IPs, as when using Fargate, my entry is through an application load balancer and the requests my application makes go through a NAT.

I attempted to configure service connect but it's not clear to me how to set up my service.

  • How to define the keys and how to define the IP range that the integration should use are unclear to me.
  • I'm not sure how to configure the task definition of the service to use service connect (whether I should add another container alongside my application, if it should be a separate service, or if simply placing the task definition of my application in the service with service connect should work).
  • Another idea I had would be to use an EC2 instance to function as a proxy.
Topics
ServerlessContainersNetworking & Content DeliveryApplication IntegrationBusiness Applications
Tags
AWS FargateAWS Direct ConnectNetworking & Content DeliveryAmazon Connect Tasks
Language
English
Yasmin
asked a month ago221 views
2 Answers
0

Are the Fargate tasks accessing services on the Internet with an APi Key?

If so, use NAT Gateways across the AZ's which assigns Elastic IPs which do not change and use them as the source IPs

profile picture
EXPERT
Gary Mclean
answered a month ago
  • Yasmin
    a month ago

    Yes, we have already connected other integrations and used a NAT. The issue with this integration is the type of connection it requires, utilizing a key (public and private key) and the range of IPs.

  • Gary Mclean EXPERT
    a month ago

    The Pub and Private keys on your Fargate tasks?

  • Gary Mclean EXPERT
    a month ago

    Or are we talking mutual TLS?

0

One way to handle the keys in my infrastructure is for the integration to receive the public key, allowing my app to validate it with the private key.

Yasmin
answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content