Do lightsail container services have a public IP?

1

Nothing in the web UI, the CLI, nor documentation mentions networking details for lightsail containers. Lightsail instances get a public IP (and the documentation even mentions that there is no such thing as a private subnet for lightsail), but I cannot determine anything for containers.

My issue is that the service I am deploying tries to connect to another service on the internet but results in a read timeout. It is extremely difficult to debug since you cannot connect to the container, nor view any network info. And apparently lightsail runs its own VPC in a separate AWS account that you cannot view in any way. I tried turning on "vpc peering", but to no avail.

So are lightsail containers completely blocked off from the internet (outbound traffic)?

已提問 2 年前檢視次數 677 次
2 個答案
0

As far as I can tell from reviewing the following documents, it appears to be possible to connect to the Internet. [1]

[1] Container services in Amazon Lightsail | Lightsail Documentation
https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-container-services#container-services-endpoints-domains

profile picture
mn87
已回答 2 年前
  • It is definitely true that they can receive inbound traffic from the internet, which is what that link describes (a public "endpoint" seems like a load balancer in front of the container(s)), but my question is about outbound traffic.

0

Yes, container services do have public IPs, but they're not stable. When setting up a custom domain, you'll want to point your custom domain to your container service by means of a CNAME record or an ALIAS record. Route53 and Lightsail Domains have special support for ALIAS records and some third-party DNS providers support ALIAS records as well.

Lightsail container services can connect to anything on the public internet that accepts the connection. You may want to check your connection string for typos, make sure that the resource you're trying to connect to is reachable from the public internet, and add logging to your application so that you can get more information about the issue.

AWS
Alex
已回答 2 年前
  • No amount of logging inside a container can diagnose a socket timeout error. Something at the OS or network layer is an issue (maybe there is no route outside of the subnet?). Just to verify, I created an EC2 instance (with a public IP assigned), installed docker, and ran the same container image. Outbound connections worked with no change.

    Adding an ALIAS record in my 3rd party DNS worked great for inbound traffic on the lightsail container, but at this point I have given up on it getting outbound traffic. Making things simple also means that it isn't flexible or transparent.

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南