2

I have a set of services in ECS set up as Tasks hooked into Services that each have their own TargetGroup inside an Application Load Balancer (ALB). The Tasks needs to be able to connect to each other, for which they would need ingress access to the ALB.

The only way i can get this to work is by opening up the ALB Security Group to all incoming traffic. Or by allowing public ip's for each instance in ECS, which is a difficult set up to automate.

Ideally i would be able to allow incoming requests to the ALB from the EC2 Instance Security Group, but since that only works for private IP's it does not resolve.

nauman hafiz
  • 350
  • 2
  • 8
  • 1
    You can do this with an ELB by making it an internal load balancer. http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-internal-load-balancers.html However it doesn't look like you can create an internal ALB. – Mark B Jan 03 '17 at 22:30
  • @MarkB ah yes, that would work. And it looks like you can now create an internal ALB. http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-loadbalancer.html#cfn-elasticloadbalancingv2-loadbalancer-scheme Thanks! – nauman hafiz Jan 03 '17 at 23:43
  • Will one of you post this as the answer -- and @MarkB -- can you please accept it so that others can find your solution easily when searching the topic? – Dave Maple Jan 03 '17 at 23:46

1 Answers1

0

Looks like you can do this using an "internal" Application Load Balancer since it routes traffic to the private ip's.

Both Classic and Application Load Balancers now support the "internal" scheme.

Thanks for your help @MarkB

nauman hafiz
  • 350
  • 2
  • 8