Hello,
I have created an ECS service. Specifically I've created it following these instructions https://github.com/dagster-io/dagster/tree/master/examples/deploy_ecs
The service was created properly and I can access it.
However, it was created with a security group that has a 0.0.0.0/0 TCP inbound rule.
When I remove the rule, and replace it with rules for my specific IP address, I can no longer access my application.
I've verified that it is the correct IP address; I've tried multiple IP addresses from multiple people at multiple physical locations; I've tried with devices that don't have firewalls or vpns or proxies; I've tried IPV4 and IPV6.
I tried enabling access logs within the load balancer but that seems like the wrong approach as it only logs TLS not TCP.
I don't have any other ideas for what could be causing this issue. As soon as I re-add the 0.0.0.0/0 rule it works again, which seems to eliminate a lot of the possible issues I've come accross. I'm new to ECS and would appreciate some help!
AWS 공식업데이트됨 2년 전
Hm, I'm using a Network Load Balancer which I think doesn't have any security group attached.
Ok that makes sense. So your ecs security group will have to allow the ip addresses from your NLB. These will be internal ip addresses from the subnet that your NLB is attached too. You can’t lock this down to your own IP addresses!!
The only way round this is too move to an ALB with your Ecs services registered to target groups and follow my answer to support what your trying to achieve.