By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

fargate service for which public ip disabled in public subnet , not able to connect to internet

0

i have a fargate servcice whose public ip is disabled , and its inside a public subnet , in order for the service to work, i need my fargate service to access the internet and talk to the other service which is on the internet , but the faragte container is draining because of connection timeout issue , i have an internet gateway for my service as well and all the secuirty group rules and cofigurations have been thoroughly checked by team , but still the same issue persists.also there is a load balancer that i have created specifically to access the service . when i am enablic the public ip for the service, things are working great , but as soon as the public ip is disabled thing breaks, by any means can i connect my fargate service to connect to the internet service . and if possibe refer a doc or provide me with some steps that i should carry out,

Topics
Networking & Content DeliveryContainersSecurity, Identity, & Compliance
Tags
Amazon VPCNetworking & Content DeliveryAmazon Elastic Container ServiceAWS Certificate Manager
Language
English
rePost-User-7892093
asked a year ago474 views
2 Answers
1

You can connect your tasks to internet using either public subnet and internet gateway (with public IP) or private subnet and NAT gateway. The public IP is required to be able to reach out public internet endpoints.

If the selected subnet is a private subnet, the NAT gateway (which has a public IP on its interface attached on public subnet) will allow your task running on this private subnet to reach out to internet endpoints.

To ilustrate:

Using a public subnet and internet gateway

Public subnet and internet gateway

Using a private subnet and NAT gateway

Private subnet and NAT gateway

Please refer this Best Practices documentation to read more about Connecting your ECS tasks to the internet.

profile pictureAWS
Henrique Santana
answered a year ago
0

I assume the LB is in the public subnet for the services configured in fargate. You don't want the fargate pods to have public IP but also want those pods to connect outbound on the internet.

In that case launch the fargate pods in private subnet where the outbound traffic is routed via NAT. That should suffice for your requirement.

Any instance without public IP but launched in public subnet wont have outbound connection to internet. So the behaviour you are observing is normal

--Syd

profile picture
Syd
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content