By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How to have serviceconnect/cloudmap create dns entries?

0

Hi,

I'm trying to get service connect working for two of our ECS services. The service instances are registering with cloudmap but as "API only" services. This makes it so that name resolution is happening through /etc/hosts, which is routing through the internal docker network (ie 127.x.x.x). In turn, this is causing session token validation issues when the two services are communicating with each other.

I've selected "client and server" in the service connect configuration settings for my service, set the port mappings/dns info up correctly, but I'm still not seeing any dns entries created. The hostnames do appear correct in /etc/hosts, etc. How can I get my service to register with cloudmap as both and api and dns service?

Thanks in advance! -David

Topics
Networking & Content DeliveryContainers
Tags
AWS Cloud MapAmazon Elastic Container Service
Language
English
David
asked 7 months ago351 views
2 Answers
1
Accepted Answer

It turns out, after deep diving into the AWS docs, that things work differently from expected.

There are two ways for CloudMap to get services mapped. One is with Service Connect, which will automatically create services under the CloudMap namespace. The other is with Service Discovery, which requires that services already be created under the CloudMap namespace.

What I've determined is that the Service Connect, at least when working with ECS, will NOT create a CloudMap service with DNS as an option, only API. The solution is to manually create the service under CloudMap first, setting it as DNS and API Calls (or use CloudFormation to do the same), and then when creating the ECS Service, add the following to the json template, specifying the srv ID.

"serviceRegistries": [
   {
      "registryArn": "arn:aws:servicediscovery:<region>:<act>:service/<srv-id>"
   }
],

Unfortunately, just like with TargetGroup/LoadBalancer settings on ECS Services, this can only be added on first creation of the service, and cannot be modified afterward.

EdT
answered 7 months ago
0

Hello,

Greetings!

The Service Connect feature creates a virtual network of related services. The same service configuration can be used across multiple different namespaces to run independent yet identical sets of applications. Service Connect defines the proxy container in the Amazon ECS service. This way, the same task definition can be used to run identical applications in different namespaces with different Service Connect configurations. Each task that the Amazon ECS service makes runs a proxy container in the task. Thus Service Connect simplifies communication between ECS services. With this, you don't have to configure Service Discovery or use Appmesh along with Service Connect.

However in document [1], we see the following line mentioned:

Amazon ECS Service Connect doesn't use or create DNS hosted zones in Amazon Route 53.

That being said Service connect will create the CloudMap namespace registered with discovery mode as "API only" . It will only use the recommended mode which is API and not use discovery mode as DNS hosted zone in R53.

Thank you!

References:

[1] https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html

AWS
rePost-User-9930743
answered 7 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content