ECS task in awsvpc network mode: ENI created but not associated

Question

I have created a service in ECS that starts a task with awsvpc networkMode. here is the relevant config for the task:

```
"portMappings": [
                {
                    "name": "harness-9090-tcp",
                    "containerPort": 9090,
                    "hostPort": 9090,
                    "protocol": "tcp",
                    "appProtocol": "http"
                }
            ],
"networkMode": "awsvpc",
```

The service start a Task on a Instance, and creates an ENI. I can see both in the "task details -- configuration" page in the aws console.
But the task exposed port 9090 is not reachable. I then checked the ENI details page, and the ENI in not associated with the instance where the task is running. I tried to associate the ENI to the instance manually, but I get an error because "I don't have permissions". What am I doing wrong?

To further clarify: the Task runs in a private subnet

Accepted Answer

So...
It seams that for a Task running in awsvpc mode, the created ENI is NOT seen as associated to the instance where the task is running "by design".
The root cause of my issue was a missing rule in Security Groups associated to the Task.

ECS task in awsvpc network mode: ENI created but not associated

相关内容