Hello,
I would greatly appreciate your input on the following issue: I have a Fargate task deployed in a private subnet with awsvpc network mode - which is successfully assigned a private IP within that subnet. Either so, I am not able to send requests to another service(EC@ instance) hosted in a different private subnet. A few facts:
- The aws path reachability analyzer from the Fargate task container ENI to the desired EC2 instance shows a GREEN pass: so SG, NCALs and routing tables should be all in place - and working fine.
- From the task container I am able to to reach the internet (NAT configured for the private subnet)
- From a different IP within the same private subnet as the Fargate task container I AM ABLE to reach the desired EC2 instance which resides in the other subnet.
- Routing table on the fargate task container:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.31.64.1 0.0.0.0 UG 0 0 0 eth1
169.254.169.254 0.0.0.0 255.255.255.255 UH 0 0 0 *
169.254.170.2 169.254.172.1 255.255.255.255 UGH 0 0 0 eth0
169.254.172.1 169.254.172.1 255.255.255.255 UGH 0 0 0 eth0
172.31.64. 0 0.0.0.0 255.255.240.0 U 0 0 0 eth1
I've exhausted all the troubleshooting ideas I had - and points where should I look forward?
I appreciate your help,
John
Hey John,
Could you please use the ECS Exec to check from the container itself what is the issue? If it is about DNS resolution, time out, or any other error.
https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-exec.html