Questions tagged with AWS Fargate
Sort by most recent
Browse through the questions and answers listed below or filter and sort to narrow down your results.
AWS architecture for Low latency trading system
What architecture would one use to design a low latency trading application? w.r.t: Compute: Serverless vs EC2/ Fargate vs EKS (on EC2 or Fargate) wr.t. DB/ Caching/ Streams/ Global Accelators/Local zones. Pointers to any case studies I can reference or does someone have experience with developing a low latency trading system? Thanks!
Which AWS architecture solution is used to validate the client's certificate ?
For example, we are using **Route 53** + **ACM** + **ALB** + **ECS**. With this set of services, could you explain how to **enable client's certificate validation** ? **More precisely :** The goal is to establish a **mutual authentication** between the application and the clients : the application entry point is the Application Load Balancer, the clients come from the Internet. The application needs to guarantee the client identity from their certificate. We know that we can create an HTTPS listener for the Application Load Balancer (ALB). Now, how to go further and establish mutual authentication, i.e. to require and to validate client certificates ? *Thank you for your expertise.*
Is it possible to create a QueueProcessingFargateService with read-only root filesystem with cdk?
AWS Foundational Security Best Practices v1.0.0 has a high risk check [ECS.5] ECS containers should be limited to read-only access to root filesystems. The remediation explains how to change this in the console. However, I haven't found a way to do this for a QueueProcessingFargateService using CDK. If a QueueProcessingFargateService could be created without an image, this could have been solved by calling add_container on the task definition, but image is mandatory so that doesn't work. Does anyone know if it is possible to create a QueueProcessingFargateService with read-only root filesystem and if so, how?
Is it possible to connect aws fargate with task ip instead of load balancer DNS?
I implemented a web server in fargate. The web server connection through the application load balancer DNS went well. However, when I connected to the task public ip, I couldn't connect. I checked that the ip and port are set properly in the service security group. In my opinion, fargate doesn't directly connect to public ip like ssh can't access. Am I right?
Looking for an ecs/eks fargate + cloudwatch + sqs example
Hello all, I'm looking for a complete working example for ecs/eks fargate + cloudwatch + sqs architecture (see Fig 5) that is described in this article - https://aws.amazon.com/blogs/architecture/rate-limiting-strategies-for-serverless-applications/ Any pointers is very much appreciated.
CI/CD on ECS Fargate
Hi AWS, I am following this blog post https://aws.amazon.com/blogs/containers/ci-cd-pipeline-for-testing-containers-on-aws-fargate-with-scaling-to-zero/ to learn about building CI/CD pipelines for containers on ECS Fargate but while accessing the CloudFormation Template and Dockerfile stored in the zipped format I am getting the following error. Here is the URL for the files stored: https://d268s23yov0ww.cloudfront.net/aws-autostart-pipeline.zip and here is the error screenshot: ![Enter image description here](/media/postImages/original/IMx8RvGVrxRcWF4QLdlmXCJw) Please acknowledge this as I am stucked because of the same. Thank you
How to make HTTPS ALB that targets other TCP port of a fargate service?
I would like to make a HTTPS fargate service that is in a docker container with port 4000. I set up as follows. ``` Task definition/Port mapping of the container -Host port: 4000 -Container port: 4000 Target group -Target type: IP -Protocol: HTTPS (port 443) -IPv4 address: None Application load balancer -Listener protocol: HTTPS (port 443) -Default action: the TG above ECS service -Task definition: the definition above -Load balancer: the ALB above -Container to load balance: the container above -Production listener port: HTTPS (443) -Target group name: the TG above Route 53 A record -alias: the ALB above ``` However, when I access to the url of the A record, I got "503 Service Temporarily Unavailable" or "504 Gateway Time-out". I can access to the service if I do not use ALB and connect to the IP:4000 directly. What is the correct way to set up ALB and TG that connect to the container port 4000 via HTTPS?
can a s3 object creation event trigger an existing fargate job?
I have a set up where an s3 object creation event triggers a lambda and i process the file in s3 with this lambda. as the lambda has a timeout, i'm looking to see, if i can create a fargate job and have same or similar set up. such that a s3 object creation event can trigger this fargate task. I am looking for help on how to hook up the s3 object creation event and the fargate job, such that it triggers the task .
using of NLB for HA
Hi Team, In my architecture I will use NLB : API GW => VPCLink => NLB => ECs fargate, for high availability in the prod environment do I need to spin up 2 NLBs, on each AZ, so my NLB is not a single point of failure? or is AWS NLB highly available by default? so I need only one NLB in my architecture for the whole region Thank you.
Can't access webpage with fargate's ip?
I have implemented a web server on fargate. Connection via elb DNS address worked fine. If you look at the success, the security settings seem to be fine, but if I connect directly to the IP of the fargate task, the connection is not possible. Is it not possible to connect to the original fargate's task ip? Or am I setting it up wrong?