How to add a Fargate Service to Inbound Security Rules?

Question

I have a Fargate Service running in AWS. I use it to run multiple tasks. Some of the tasks connect to an RDS database to query the database.

How can I add the Fargate Service to my inboard rules of a Security Group for the RDS database? - Is there a way to associate an Elastic IP with the Fargate Cluster?

score 4 · Accepted Answer · answered Oct 03 '18 at 16:43

Might have misunderstood something here... But the ECS allows you specify a security group at the service level.

Go to https://docs.aws.amazon.com/cli/latest/reference/ecs/create-service.html And search for the --network-configuration parameter

So surely you just need to set the source on your inbound rule of the RDS security group to be that security group ID?

score 2 · Answer 2 · answered Sep 24 '18 at 23:16

2

Fargate doesn't support associating Elastic IPs with clusters. Clusters which runs in Fargate mode operate on instances which are not yours, it's the opposite of classic ECS stacks. That means you can't manage networking of host instances.

There is a way to associate IP with stack by having a Network Load Balancer in front of cluster. Then you could add a rule which allows connect your cluster through NLB.

answered Sep 24 '18 at 23:16

michail_w

4,318
4
26
43

By using a Network Load Balancer will this allow me to use that IP for the Inbound Rule of services that the Fargate cluster is using? I'm currently using an Application Load Balancer - would this have a similar feature? – fuzzi Sep 25 '18 at 13:56
You have to assign Elastic IP to your Network Load Balancer on creation time, but in general it would allow to add rule based by IP. – michail_w Sep 27 '18 at 12:24

How to add a Fargate Service to Inbound Security Rules?

2 Answers2