Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

ECS cluster network changes

0

I'm trying to modify the networking configuration for my ECS cluster. During the creation process, I was able to specify the VPC and subnets, but I did not see an option to specify a security group. How can I specify a security group for my ECS cluster, and how can I add additional security groups to the cluster after it has been created? Thank you.

Topics
ContainersAWS Well-Architected Framework
Tags
Amazon Elastic Container ServiceSecurity
Language
English
asked 3 years ago2.1K views
3 Answers
0

The below might help you.

https://stackoverflow.com/questions/57827251/change-aws-ecs-services-security-groups

AWS
answered 3 years ago
0

To specify a security group for the EC2 instances in your ECS cluster, you can use the launch template or launch configuration that you used to create your EC2 instances. You can specify a security group in the launch template or launch configuration, and any EC2 instances launched with that template or configuration will have the specified security group.

To add additional security groups to your ECS cluster after it has been created, you can modify the launch template or launch configuration to include the additional security group(s), and then update your EC2 instances using the updated template or configuration.

Alternatively, you can add the additional security group(s) directly to the EC2 instances in your cluster using the EC2 console or AWS CLI. To do this, locate the EC2 instances in your cluster and modify their security group settings to include the additional group(s).

Keep in mind that when you modify the security groups associated with your EC2 instances, you may also need to update the security group settings for any load balancers or other resources that communicate with the instances.

answered 3 years ago
0

To update the security groups (and other network configurations) for a service in your ECS cluster, you can use the aws ecs update-service command. Here's an example:

Using a single command

aws ecs update-service --cluster <cluster-name> --service <service-name> --network-configuration '{"awsvpcConfiguration": {"subnets": ["subnet-abcd","subnet-efgh","subnet-wxyz"], "securityGroups": ["sg-blabla"],"assignPublicIp": "ENABLED"}}'

Using json file

aws ecs update-service --cluster ClusterName --service ServiceName --network-configuration file://c:\json\networkConfig.txt

Where your networkConfig.txt file contains

{
  "awsvpcConfiguration": {
    "subnets": ["subnet-***","subnet-***"],
    "securityGroups": ["sg-***"],
    "assignPublicIp": "ENABLED"
  }
}

To update ELB settings:

  1. Create a json file named "elb.json" as below :
[
    {
        "targetGroupArn": "arn:aws:elasticloadbalancing:<Region>:<account-ID>:targetgroup/<target-group-name-1>/a046521740a93df2",
        "containerName": "<container-name>",
        "containerPort": <container-port>
    },

    {
        "targetGroupArn": "arn:aws:elasticloadbalancing:<Region>:<account-ID>:targetgroup/<target-group-name-2>/10312964732aa4e8",
        "containerName": "<container-name>",
        "containerPort": <container-port>
    }                
]
  1. Run the "update-service" command as below :

aws ecs update-service --cluster <cluster-name> --service <service-name> --load-balancers file://elb.json

Important note: When using this command, include all desired subnets and security groups (existing and new) in the respective arrays, as specifying only new ones will override the entire existing configuration.

[+] https://docs.aws.amazon.com/AmazonECS/latest/developerguide/register-multiple-targetgroups.html

[+] https://docs.aws.amazon.com/cli/latest/reference/ecs/update-service.html

AWS
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content