stackoom
  简体   繁体   中英

ECS Fargate container cannot reach Route 53 URL

 原文  2022-06-16 16:13:17       amazon-web-services/ amazon-ec2/ amazon-ecs/ amazon-route53/ aws-fargate

Question

I have an ECS container on Fargate that needs to connect to an EC2 instance that hosts a web service. Both the Fargate container and the EC2 instance are on the same VPC and subnet, and the subnet is public.

If I provide the container the Private IPv4 DNS name of said EC2 instance, the connection is successful. However, the EC2 instance is connected to an ALB, and that has a Route 53 name connected to it (which also works fine).

If I provide the Route 53 DNS name to the Fargate container, the connection is unsuccessful.

What configuration do I need to look into to get the Fargate container to resolve the Route 53 DNS name to the EC2 instance?

So, for example, I have a Route 53 A record: https://my-app.com . This record is bound to an ALB, which in turn is bound to the EC2 instance that's hosting APP-1. This record works as expected on the browser.

My Fargate container, hosting APP-2, in its configuration you can provide the URL to connect to APP-1.

When providing APP-2 with the URL ip-10-0-0-10.us-east-1.compute.internal (this representing the private DNS name), it does resolve (as expected), since the VPC has both enableDnsHostnames and enableDnsSupport enabled.

When providing APP-2 with the URL https://my-app.com (the Route 53 A record), it does not resolve (times out). The subnet (where both the EC2 and Fagate container resides) has an Internet Gateway set up in the route table.

1 answers

solution1
 0  2022-09-06 04:30:46

To configure HTTPS DNS addresses to an instance/task you must have a TLS certificate for the same domain. For Example, if you want to host application on https://app.com , then create an ACM certificate on Domain name "app.com" . You can create and manage TLS/SSL certificates on AWS ACM. You can find more here: https://aws.amazon.com/certificate-manager/

Once it is finished, you have to attach the certificate to the respected load balancer.

  1. Open Load Balancer
  2. click on Add listener
  3. Add a 443 TLS port
  4. Add target group
  5. Add the Certificate!

像这样添加证书!

Now you can access the task by the Record.

Hope this helps, Thanks!

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Expose an endpoint for a ECS Fargate container that is using port 8545, through AWS Route 53,ALB ECS container cannot reach database aws ecs docker container cannot reach the internet AWS ECS Fargate container ordering with Terraform AWS ECS Fargate Container Healthcheck command How to Increase ECS FARGATE Container Storage Is it possible to fetch container ID or Name of ecs fargate? ECS Fargate : Logstash container sharing volumes Cannot talk to another container inside same task on ECS Fargate using awsvpc networking type AWS ECS Fargate: What is the role of ECS Container Instance
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM