2

I'm trying to reach a service running in ECS which have service discovery enabled. Currently, I cannot resolve the dns. Been stuck on this for over 16hours...

All the links in google are purple :D I'm actually considering looking at page 2 of the google results!

Joking aside, I'm pretty sure I'm missing a very simple stupid detail to make it all work. Anyone has an idea what I should be looking at? Is there a required policies I could be missing?

Here a few keypoint of my situation. Can provide more information if required.

  • Everything is created with terraform
  • I'm using a private namespace
  • The same vpc is set for the lambda and the service
  • Record is SRV and listed in route53 when the service is running
  • The service is accessible if I use the ip defined under the record in route53
  • The network mode is 'bridge'
  • The lambda is in python so I tried dnspython to get more info. All I get is NXDOMAIN error.
  • I launch an ec2 in the same vpc and used dig and also got a NXDOMAIN error.
Gabb
  • 71
  • 5
  • can you share your service discovery configuration? it might be configured local (i.e. resolvable in VPC only). If this is the case, your lambda will need to run inside VPC as well. – sayboras Nov 16 '19 at 04:31
  • This is the case. It's a private namespace and the ecs service and lambda are in the same vpc. I know it can be reached as using the ip address assigned for the dns works, I get a successful communication. It's the name resolving part that doesn't work. – Gabb Nov 16 '19 at 12:16
  • Are you using the AWS internal name or have you assigned a custom domain in Route53? If you are using a custom name, has it been properly registered? Since you can access via IP address, it indicates an issue in the name resolution. – NorthernDev Nov 16 '19 at 15:33
  • My terraform configuration has a name field defined for both the service discovery and the namespace. So I would guess that translate to a custom domain name in aws. – Gabb Nov 16 '19 at 15:38

1 Answers1

3

The issue was two missing flags on the vpc resource in terraform

resource "aws_vpc" "vpc" {
  cidr_block  = "10.0.0.0/16"
  **enable_dns_support**   = true
  **enable_dns_hostnames** = true
}
Gabb
  • 71
  • 5