Service discovery using ECS Fargate

Question

I have 2 services within ECS Fargate running.

I have set up service discovery with a private dns namespace as all my services are within a private subnet.

When I try and hit my config container from another I am getting the following error.

http://config.qcap-prod:50050/config: Get "http://config.qcap-prod:50050/config": dial tcp: lookup config.qcap-prod on 10.0.0.2:53: no such host

Below is my Terraform

resource "aws_service_discovery_service" "config" {
  name = "config"

  dns_config {
    namespace_id = aws_service_discovery_private_dns_namespace.qcap_prod_sd.id

    dns_records {
      ttl  = 10
      type = "A"
    }
  }

  health_check_custom_config {
    failure_threshold = 1
  }
}

Is there another step I need to do to allow me to hit my container from another within ECS using Fargate?

My terraform code for my namespace is:

resource "aws_service_discovery_private_dns_namespace" "qcap_prod_sd" {
  name        = "qcap.prod"
  description = "Qcap prod service discovery"
  vpc         = module.vpc.vpc_id
}

How are you handling resolving that DNS zone? Can you share the Terraform code for `aws_service_discovery_private_dns_namespace.qcap_prod_sd` as well please? Are both services in the same VPC? Do you have the Route53 resolver endpoint (eg `172.31.0.2`) enabled for DNS for the VPC? — ydaetskcoR, Apr 30 '20 at 12:13
I've added the Terraform code, both services are in the same VPC. I don't have the Route53 resolver (I don't think) Is that something I have to enable in the vpc module? — N P, Apr 30 '20 at 12:25
It's the default on a VPC so should be enabled unless you're doing something like setting your DNS servers to use other DNS servers such as in another data centre or making your own DNS instances for some reason. You can see if you look at the output of `aws ec2 describe-dhcp-options` and check that `domain-name-servers` is set to `AmazonProvidedDNS`. — ydaetskcoR, Apr 30 '20 at 13:58
My corporate VPC is setup to resolve DNS at a server setup in another data center (or legacy DNS server I believe). The scenerio @ydaetskcoR describes. Do I have any hope to get this to work in that scenario without having to make changes to the corporate networks DNS server or on-prem resolver rules they have setup? Is there another resource I need to setup in AWS or something I can do in my tasks to make it aware of the Route 53 Private Zone and try to resolve queries there in addition to what is setup in the corporate on-prem DNS server? — Dude0001, Jul 17 '21 at 16:16
@Dude0001 that probably deserves a separate question that you might want to link back to in it. Ultimately I think the answer is going to involve forwarding the DNS request for the zone back to AWS but if you can provide more information in a question then someone should be able to answer that more fully. — ydaetskcoR, Jul 18 '21 at 14:37

score 3 · Accepted Answer · answered Apr 30 '20 at 17:05

3

The fix for this was to add

module "vpc" {
  enable_dns_support = true
  enable_dns_hostnames = true
}

In the module block within the vpc module to allow the DNS hostnames to be resolved within my VPC

answered Apr 30 '20 at 17:05

N P

2,319
7
32
54

Service discovery using ECS Fargate

1 Answers1