By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Do lightsail container services have a public IP?

1

Nothing in the web UI, the CLI, nor documentation mentions networking details for lightsail containers. Lightsail instances get a public IP (and the documentation even mentions that there is no such thing as a private subnet for lightsail), but I cannot determine anything for containers.

My issue is that the service I am deploying tries to connect to another service on the internet but results in a read timeout. It is extremely difficult to debug since you cannot connect to the container, nor view any network info. And apparently lightsail runs its own VPC in a separate AWS account that you cannot view in any way. I tried turning on "vpc peering", but to no avail.

So are lightsail containers completely blocked off from the internet (outbound traffic)?

Topics
Networking & Content DeliveryComputeContainers
Tags
Amazon VPCAmazon LightsailContainers
Language
English
rePost-User-4746504
asked 2 years ago677 views
2 Answers
0

As far as I can tell from reviewing the following documents, it appears to be possible to connect to the Internet. [1]

[1] Container services in Amazon Lightsail | Lightsail Documentation
https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-container-services#container-services-endpoints-domains

profile picture
mn87
answered 2 years ago
  • rePost-User-4746504
    2 years ago

    It is definitely true that they can receive inbound traffic from the internet, which is what that link describes (a public "endpoint" seems like a load balancer in front of the container(s)), but my question is about outbound traffic.

0

Yes, container services do have public IPs, but they're not stable. When setting up a custom domain, you'll want to point your custom domain to your container service by means of a CNAME record or an ALIAS record. Route53 and Lightsail Domains have special support for ALIAS records and some third-party DNS providers support ALIAS records as well.

Lightsail container services can connect to anything on the public internet that accepts the connection. You may want to check your connection string for typos, make sure that the resource you're trying to connect to is reachable from the public internet, and add logging to your application so that you can get more information about the issue.

AWS
Alex
answered 2 years ago
  • rePost-User-4746504
    2 years ago

    No amount of logging inside a container can diagnose a socket timeout error. Something at the OS or network layer is an issue (maybe there is no route outside of the subnet?). Just to verify, I created an EC2 instance (with a public IP assigned), installed docker, and ran the same container image. Outbound connections worked with no change.

    Adding an ALIAS record in my 3rd party DNS worked great for inbound traffic on the lightsail container, but at this point I have given up on it getting outbound traffic. Making things simple also means that it isn't flexible or transparent.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content