- 최신
- 최다 투표
- 가장 많은 댓글
In case of cross vpc access to your microservices, you can use VPC Peering or Transit gateway instead of restricting access to one public vpc. Its a more flexible configuration. But if its not for you in my opinion you must use alb for ingress and the NAT Gateway for egress.
Hello. You can try use ALB instead NLB it`s it is more suitable for use together with ecs https://docs.aws.amazon.com/AmazonECS/latest/userguide/create-application-load-balancer.html
Best regards, Andrii
Thanks for the answer Andrii! Current ECS Farget service is using ALB only but we need a way to provide static IP to it so that with newer deployments everything works including the allowed inbound IP in other VPCs. We have the same thing in ECS Farget and Lambda but due to limitations in lambda, we need to move everything in ECS. In lambda we have static IP but not sure what is missing here.
Is there any way to assign a static elastic IP to the ECS Farget service or CIDR block with a range of IPs that can work?
No, ECS currently doesn't support Elastic IP, you can only have an auto-assigned public IP. Moreover, an Elastic IP is assigned randomly and cannot be specified with CIDR range either.
I have a web app in ECS Farget and I need to connect databases in other VPCs as outbound traffic
However, if you simply need a static IP because you need it to be within a CIDR range to have it allowed by a certain security group's inbound/outbound rules, you can simply use a inbound/outbound rule that allows a certain source/destination security group (e.g.,, the one that is attached to your ECS Service) instead of CIDR IP block.
I read this answer how-to-use-elastic-ip-for-aws-ecs-with-farget-without-using-network-loadbalancer but cname records cannot be used for adding as IPs.
No, CNAME records cannot have a static IP as value. Instead, you need to either use CNAME record and set its value to LB's domain name, or use A record and set its value to the static IP or alias if the target service supports it.
관련 콘텐츠
AWS 공식업데이트됨 2년 전
Thanks, Andrii, Please can you elaborate on the flow for this? "you must use alb for ingress and the NAT Gateway for egress." We are doing something but not working. I will be very grateful if you can also explain the flow a bit.