I have deployed an AWS batch job which creates an ECS Fargate task in the background. This is all deployed in a public subnet with internet access. I have verified that running the docker container in a standalone EC2 instance in the same subnet has internet connectivity and everything works fine. After reading the AWS documentation I cannot determine why my ECS docker container is not able to access the internet. Is there some special configuration needed for this to work?
Asked
Active
Viewed 1,766 times
5
-
there is no such configuration. Look around your set up. What is the Network Mode? is your docker image Windows/Linux? Did you checked the security grp assigned to your service - doesn't have a blocking output rule? – OK999 May 07 '19 at 18:23
-
1@OK999 AWS Batch defaults the network mode to awsvpc and it does not look like I have the option to change that. The docker image is based on Linux 18.04. The security group is open 0.0.0.0/0 for outbound. – medium May 07 '19 at 18:46
-
1AWS Fargate runs only in awsvpc mode and we cannot change that. Quick clarification, By the way, your container is not able to talk to the internet or you are not able to access your container from the internet? – Haran May 09 '19 at 04:36
-
4Following up to help with anyone else who experiences this issue. The problem was due due to my job being a multinode job. Multinode batch jobs deploy ECS containers within the awsvpc network. For multinode jobs to reach out to the internet they must be deployed in a private subnet with a NAT gateway attached. The AWS Batch documentation does not mention this. You have to look in the ECS documentation and even then it is not very clear. – medium May 17 '19 at 13:32
-
@medium, I faced the same issue. I had added a route to internet gateway for the fargate subnets to test some external api calls, but the requests wouldn't go through. But they started to flow just after adding a NAT gateway route to the subnets. You should add your comment as an answer. – Shabin Muhammed Sep 16 '20 at 08:15