5

I have built a Fargate cluster which is running my website. The service starts the task for the website properly but stops when it gets to trying to connect to my database instance.

MongoError: failed to connect to server [123.456.789.0:27017] on first connect [MongoError: connection 0 to 123.456.789.0:27017 timed out]

How do I add the Fargate cluster to the security group on my database instance. I don't have a public ip address for the fargate cluster that I can find or a range. I can't find any proper guides on the aws documentation that go over this.

chrisaitken
  • 51
  • 1
  • 4
  • This is a great question, because... what the hell is the IP of the Fargate thing? – rjurney Jun 28 '18 at 22:59
  • late to the party (2022) but the way to to this is not using IP addresses but, instead, by adding the ECS SecurityGroup to the inbound rules of whetever we're trying to accecss (ex: RDS). Same for inbound to ECS: we need to add the ECS SecurityGroup to the LoadBalancer SecurityGroup (if our trafic is inbound from an ALB), So, in the SG rules, instead of using IP addresses, you enter the other security group in the inbound rules. – Pierre Mar 24 '22 at 13:54

2 Answers2

1

If mongo is running outside your vpc

  1. If you are running fargate inside private subnet of VPC. The ip address will be NAT ip address found here NAT GATEWAY
  2. If it's running inside public subnet. You can assign public ip address to your fargate task using network interfaces.
Somit Srivastava
  • 11
  • 2
  • Some more background here for my application. The task that needs to connect to my database is inside my ecs fargate cluster. The service that runs that task has allowed vpc and allowed subnets the same as where my database instance is running. It also has a security group with all outbound traffic allowed. I was able to connect to a mongo instance running in a sandbox on mlab, so it doesn't seem to be an issue with communicating with an outside server. I am very stumped on why it seems to be my database instance specifically it can't connect to. – chrisaitken Jan 05 '18 at 15:21
  • I also opened the port 27017 which my task is trying to connect on, open to the world on my mongo instance and the connection was still unable to be made with my task. – chrisaitken Jan 05 '18 at 15:23
  • We are running few services on fargate which connect to both mongo setup in EC2 and to RDS as well. Try allowing all inbound and outbound for fargate and mongo and give it a try. – Somit Srivastava Apr 05 '18 at 12:04
1

Late to the party (2022) but the way to to this is not using IP addresses but, instead, by adding the ECS SecurityGroup to the inbound rules of whatever we're trying to access (ex: RDS). So, in the RDS inbound SecurityGroup rules, instead of using IP addresses, you'd enter the ECS SecurityGroup identified (example: sg-asdkmh778e7tugfkjhb).

Pierre
  • 2,335
  • 22
  • 40