I have an Application Load Balancer in a private subnet (used by API Gateway) that targets an ECS task. I want that task to only be accessible from inside the VPC, not from the internet, but I do have to call 3rd party APIs, so I need outgoing internet access. Which network mode and configuration would be best for this?
As I see it:
awsvpcforces me to put my task in a private subnet and use a NAT gateway, which is expensive. I could use an egress-only IPv6 internet gateway but most services don't seem to use IPv6 (and I think Mongo Atlas which I need doesn't as well)hostdoesn't seem to allow me to set a security group so my instance is freely accessible from the internet- the same is true for
bridgemode I think
Do I really have to use awsvpc with a NAT gateway? Or can I somehow set a security group for host/bridge, maybe directly on the instance instead of the task? If so, how would I set this up (preferably with Terraform)? Or is there a completely different solution I'm not seeing?
Any help would be really appreciated!
