Hey everyone,
I currently have an App Mesh setup that consists of three ECS Fargate services and also a virtual service/node in order to connect to Elasticache. This is all working properly. The final piece which we are having trouble with is communication from one of our services to Cognito.
We saw from some forum posts that App Mesh will only flawlessly communicate with AWS services which have url's that end in amazon.com. Accessing Cognito user pools unfortunately has url's which end in amazoncognito.com and for some reason that's not currently supported by App Mesh.
From advice found online it was reccomended to setup a virtual service/node for each cognito user pool url that our service needs to communicate with, similiar to what we did in order to communicate with Elasticache. We setup a virtual service and named it the exact DNS name of the cognito user pool url ([userPoolName].auth.us-east-1.amazoncognito.com). The virtual node is listening via TCP protocol on port 443. We also created a backend referencing this new virtual service in the source virtual service which we can call auth service.
After applying these changes and testing we are seeing the following error from our auth service. After doing so and attempting to communicate Cognito we receive that following error: System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. ---> System.IO.IOException: Unable to read data from the transport connection: Connection reset by peer. ---> System.Net.Sockets.SocketException (104): Connection reset by peer --- End of inner exception stack trace A note that our auth service is handling the TLS negotiation.
Anyone have any ideas on how I can get this working properly?
Thanks so much.
AWS 官方已更新 2 年前