By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

HTTPS for a backend application with ECS Fargate

0

I would like to get a little help with a particular case, I have a docker image in my ECR and from here I created a clubster and a service with said image in ECS, for the service I attached my VPC and my security group that allows https and http , do not attach any alb, simply map the port that I needed, in this case 3000, I was able to do the deployment optimally, however I see that when I access the url of the container I cannot access it through htpps, I would like to know how I can do it in an optimal way. more effective? Yes with an alb or with route53 and cloudfront?

Topics
Security, Identity, & ComplianceContainersNetworking & Content Delivery
Tags
Security, Identity, & ComplianceAmazon Elastic Container ServiceElastic Load BalancingContainersSecurity Group
Language
English
Andres
asked 24 days ago280 views
2 Answers
0

The easiest way will be to use an ALB with an certificate from ACM. Other options would be to build LetsEncrypt client into your container image and script the certificate request.

Hope this helps.

profile pictureAWS
EXPERT
iBehr
answered 24 days ago
profile picture
EXPERT
Gary Mclean
reviewed 24 days ago
  • Andres
    24 days ago

    Keep in mind that my application is not that big from Monday to Friday, it handles a maximum of 500 requests and a maximum of 50 people use it, so initially I did not add an ALB, however I understand that for security it is good practice that the server is only through https taking this into account if the ALB is necessary?

  • iBehr EXPERT
    23 days ago

    I certainly understand your concern given the load. I suspect you would get much better cost/value for this type of workload on a t3a/t4g EC2 instance running Docker and using LetsEncrypt.

  • Andres
    23 days ago

    I understand your answer and I had considered it, can you tell me, based on your experience, which is the best practice and in which the performance of my application would be better? I am very grateful in advance for your help.

  • iBehr EXPERT
    23 days ago

    Best practice and performance would both be to use ALB with ACM however you have to weigh that with the cost and importance of your solution. I use low-end instances with Docker/LetsEncrypt for some personal dashboards and self hosted stuff but I would never do this for a business critical production workload.

  • Andres
    19 days ago

    If I wanted to hibernate the container, that is, turn it off so that it does not charge while it is not in use and turn it on again when they make an https request from the front again, how could I do it?

0

An alternative to using Elastic Load Balancer is to use the AWS API Gateway together with AWS Cloud Map. An overview for this approach is described in this blog post Field Notes: Serverless Container-based APIs with Amazon ECS and Amazon API Gateway

Since you have relatively few requests, and since AWS API Gateway is not priced at an hourly rate like Elastic Load Balancer, it may provide a lower total cost.

AWS
Trevor Schiavone
answered 16 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content