I have a Docker container with a service which I want to run through AWS ECS with Fargate. Unfortunately the service I want to run needs to access an SFTP server of a partner where the IP needs to be whitelisted.
My question is now: How is it possible to assign a static IP (IPv4) to a AWS ECS Fargate Task? I've already setup a VPC, the subnets, internet and NAT gateway and assigned them to each other. But the biggest problem I see is that for each execution of the task with Fargate a new ENI with an different IP is assigned.
Would be great to get some help! :)
There is interesting GitHub repo which explain the use case plus how to achieve the static IP for fargate service.
A third party may want to whitelist your application's IP. Most of the steps are covered using-static-ip-addresses-for-application-load-balancers
Using the wizard create the cluster.
Along with the cluster it will create a VPC and Security group. Find them and give them useful names.
In your security group for VPC set your inbound for HTTP and HTTPS.
Find it under EC2 > elastic IPs
Allocate two static IPs. One for each availability group.
Find it under EC2 > Load Balancers
Create NLB. Under availability zones assign it the VPC and elastic IPs you created earlier.
Create a new target group with target type IP and protocal TCP.
Leave IP blank. Next.
Add existing security group from the VPC.
Create a new target group. Type IP. Protocol TCP.
Leave IP blank. Next.
Create a new service in your cluster.
Choose application load balancer you created.
Choose existing ALB target group.
We're currently having the same issue, the solution we found is to whitelist the whole subnets CIDR (eg 10.11.12.13/24) and it worked fine, but still we feel it's insecure.
I found a response suggesting using a NAT Gateway to nat your container's IP address. Here's the link for the use case with Lambda, still have to test it for fargate.
This worked for me:
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.