1 Answer
- Newest
- Most votes
- Most comments
0
Hello,
Here are some questions/things to consider:
- Assuming your ECS cluster is in a private subnet behind an ALB, do you have a NAT Gateway configured in a public subnet with security groups allowing the default traffic to the NAT?
- Is you Route 53 zone setup correctly? As in are you using the appropriate Alias/CNAME records? Is your hosted zone in route 53 public?
- Are your security groups configured to allow the traffic or are there any firewalls or NACLs blocking traffic?
- Have you enabled FlowLogs and checked to see if you see the incoming traffic to your ECS cluster or not?
- If using an ALB, do you have logging enabled for that as well?
answered 2 years ago
Relevant content
- asked a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated a year ago
i don't use ALB as i wanted actually to use service discovery feature instead.
the public hosted zone is the public domain name we already use for our platform, there i should create a subdomain mapped to the ecs service discovery record created in the private hosted zone, after enabling service discovery, cloud map service creates a private hosted zone with 4 record, i should acutally map the public sub-domain to the SRV record in the private hosted zone.
ec2 security group and subnets NACL are open to most of traffic.
i did not have enabled flow logs but i can access the service through the service discovery endpoint in local vpc
i don't use ALB