使用 AWS re:Post 即表示您同意 AWS re:Post 使用條款

HTTPS for a backend application with ECS Fargate

0

I would like to get a little help with a particular case, I have a docker image in my ECR and from here I created a clubster and a service with said image in ECS, for the service I attached my VPC and my security group that allows https and http , do not attach any alb, simply map the port that I needed, in this case 3000, I was able to do the deployment optimally, however I see that when I access the url of the container I cannot access it through htpps, I would like to know how I can do it in an optimal way. more effective? Yes with an alb or with route53 and cloudfront?

2 個答案
0

The easiest way will be to use an ALB with an certificate from ACM. Other options would be to build LetsEncrypt client into your container image and script the certificate request.

Hope this helps.

profile pictureAWS
專家
已回答 7 個月前
profile picture
專家
已審閱 7 個月前
  • Keep in mind that my application is not that big from Monday to Friday, it handles a maximum of 500 requests and a maximum of 50 people use it, so initially I did not add an ALB, however I understand that for security it is good practice that the server is only through https taking this into account if the ALB is necessary?

  • I certainly understand your concern given the load. I suspect you would get much better cost/value for this type of workload on a t3a/t4g EC2 instance running Docker and using LetsEncrypt.

  • I understand your answer and I had considered it, can you tell me, based on your experience, which is the best practice and in which the performance of my application would be better? I am very grateful in advance for your help.

  • Best practice and performance would both be to use ALB with ACM however you have to weigh that with the cost and importance of your solution. I use low-end instances with Docker/LetsEncrypt for some personal dashboards and self hosted stuff but I would never do this for a business critical production workload.

  • If I wanted to hibernate the container, that is, turn it off so that it does not charge while it is not in use and turn it on again when they make an https request from the front again, how could I do it?

0

An alternative to using Elastic Load Balancer is to use the AWS API Gateway together with AWS Cloud Map. An overview for this approach is described in this blog post Field Notes: Serverless Container-based APIs with Amazon ECS and Amazon API Gateway

Since you have relatively few requests, and since AWS API Gateway is not priced at an hourly rate like Elastic Load Balancer, it may provide a lower total cost.

AWS
已回答 6 個月前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南