Score:1

AWS ECS Fargate, container to container communication

cn flag

I'm having trouble exposing ports on my ECS Fargate containers.

I have applied port mapping on container level for my task definition, like so:

enter image description here

On the containers themselves, it looks like there is no specific mapping enabled, or am I reading this wrong? enter image description here

The containers need to intercommunication with each other (Clustered software)

I fetch the IP from the meta container configuration per container, e.g.

  "Networks": [
    {
      "NetworkMode": "awsvpc",
      "IPv4Addresses": ["172.31.22.46"],

In this case, 172.31.22.46:8080 should be open for communication, within the ECS cluster. That does however not happen. the endpoints are unreachable and nodes cannot communicate.

Are there more things I need to do to allow this to work? e.g. open up some security setting somewhere?

Sorry for the fairly cryptic question, but I don't know how to explain this better.

Score:3
gp flag
Tim

I'm not sure if this is the answer, but it's worth checking, as I was caught out by this once.

A security group is a firewall around a single ENI (Elastic Network Interface). Each ENI effectively has a security group that filters communications from all other ENIs. There is no automatic communication between resources in a security group - you have to explicitly allow it.

The solution in this case is to allow ingress into the security group from the security group, by named security group. You obviously have to allow egress as well, this can be done with the an explicit rule that names the security group but from memory I think the default 0.0.0.0/0 would be sufficient - try it and see.

enter image description here

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.