En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation

HTTPS for a backend application with ECS Fargate

0

I would like to get a little help with a particular case, I have a docker image in my ECR and from here I created a clubster and a service with said image in ECS, for the service I attached my VPC and my security group that allows https and http , do not attach any alb, simply map the port that I needed, in this case 3000, I was able to do the deployment optimally, however I see that when I access the url of the container I cannot access it through htpps, I would like to know how I can do it in an optimal way. more effective? Yes with an alb or with route53 and cloudfront?

2 réponses
0

The easiest way will be to use an ALB with an certificate from ACM. Other options would be to build LetsEncrypt client into your container image and script the certificate request.

Hope this helps.

profile pictureAWS
EXPERT
répondu il y a 7 mois
profile picture
EXPERT
vérifié il y a 7 mois
  • Keep in mind that my application is not that big from Monday to Friday, it handles a maximum of 500 requests and a maximum of 50 people use it, so initially I did not add an ALB, however I understand that for security it is good practice that the server is only through https taking this into account if the ALB is necessary?

  • I certainly understand your concern given the load. I suspect you would get much better cost/value for this type of workload on a t3a/t4g EC2 instance running Docker and using LetsEncrypt.

  • I understand your answer and I had considered it, can you tell me, based on your experience, which is the best practice and in which the performance of my application would be better? I am very grateful in advance for your help.

  • Best practice and performance would both be to use ALB with ACM however you have to weigh that with the cost and importance of your solution. I use low-end instances with Docker/LetsEncrypt for some personal dashboards and self hosted stuff but I would never do this for a business critical production workload.

  • If I wanted to hibernate the container, that is, turn it off so that it does not charge while it is not in use and turn it on again when they make an https request from the front again, how could I do it?

0

An alternative to using Elastic Load Balancer is to use the AWS API Gateway together with AWS Cloud Map. An overview for this approach is described in this blog post Field Notes: Serverless Container-based APIs with Amazon ECS and Amazon API Gateway

Since you have relatively few requests, and since AWS API Gateway is not priced at an hourly rate like Elastic Load Balancer, it may provide a lower total cost.

AWS
répondu il y a 6 mois

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions