Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How can you launch ECS Fargate containers having a public DNS?

I've built an AWS CodePipeline to build and deploy containers into Fargate managed EC2 instances. Ref AWS CodePipeline

One of the services is a web server and I'm attempting to access it from the public which is possible via a public assigned IP address; however, that's not very useful as each deployed container receives a fresh IP address.

I understand it's possible to setup Elastic IP addresses or point a domain to the container service but I'd think there is an easier way.

EC2 instances can be launched with the option of providing a Public DNS...

Is it possible to launch container services with a static public DNS record? If so, how?

like image 247
webish Avatar asked Dec 13 '18 17:12

webish


People also ask

Does fargate need public IP?

You can run Fargate tasks in private subnets. However, based on your use case, you might require internet access for certain operations, such as pulling an image from a public repository. Or, you might want to prevent any internet access for your tasks.

How do I access my fargate containers?

To access an Amazon ECS container on AWS Fargate or Amazon EC2, you need to enable ECS Exec on the task definition of your containers. Next update the task IAM role to include the required SSM permissions. Then run the AWS ECS execute command in the AWS CLI to log in to the Amazon ECS container.


2 Answers

Although it's not free, normally if you want a public DNS name to an ECS service (fargate or EC2) you'd front it with a load balancer (which can also do SSL termination, if you so desire).

Because of that, AWS makes it easy to create a load balancer or add your service to an existing target group when you're setting up a service. I don't think you can change that after the fact, so you may need to recreate the service.

Finally, when you have a load balancer in front of the ECS service, you just need to set up a CNAME or an A ALIAS in Route53 (if you're using Route53) to direct a DNS name to that load balancer.

AWS has a walkthrough from 2016 on the AWS Compute Blog quickly describing how to set up an ECS service and expose it using an Application Load Balancer.

There is another path -- using ECS Service Discovery and AWS CloudMap, you can use an API Gateway. Your load balancing options are more limited, but API Gateways are billed based on usage rather than hours, so it can potentially save costs on lower-volume services. You can also use a single API Gateway in front of multiple ECS services, which some people are going to want to do anyway. This approach is less commonly employed, but might be the right path for some uses.

like image 66
Geoffrey Wiseman Avatar answered Sep 22 '22 23:09

Geoffrey Wiseman


You can use ECS Service Discovery for registering your containers in a private DNS namespace - unfortunately this is not possible with public DNS.

But, what you can do, is to have a script

  • fetch your containers' public IP after redeployment and
  • upsert your public Route 53 record set with that IP.

In this article, we describe how to do exactly that by using a generic lambda function.

like image 38
Andreas Pasch Avatar answered Sep 22 '22 23:09

Andreas Pasch