which ECS task network mode?

Max

11/21/23, 8:52 PM

I have an Application Load Balancer in a private subnet (used by API Gateway) that targets an ECS task. I want that task to only be accessible from inside the VPC, not from the internet, but I do have to call 3rd party APIs, so I need outgoing internet access. Which network mode and configuration would be best for this?

As I see it:

awsvpc forces me to put my task in a private subnet and use a NAT gateway, which is expensive. I could use an egress-only IPv6 internet gateway but most services don't seem to use IPv6 (and I think Mongo Atlas which I need doesn't as well)
host doesn't seem to allow me to set a security group so my instance is freely accessible from the internet
the same is true for bridge mode I think

Do I really have to use awsvpc with a NAT gateway? Or can I somehow set a security group for host/bridge, maybe directly on the instance instead of the task? If so, how would I set this up (preferably with Terraform)? Or is there a completely different solution I'm not seeing?

Any help would be really appreciated!

127

0 + 0

amazon-web-services

amazon-vpc

amazon-ecs

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: which ECS task network mode?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.