New to fargate. Trying to understand how to separate tasks connections.
We have multiple Fargate tasks, like Frontend task, Backend task, and other tasks created by different teams.
How to restrict incoming and outgoing traffic to other services so that other team's tasks cannot communicate with frontend or backend.
In order to restrict or allow traffic, we can use Security Groups
In fact, when we create a Fargate task from the AWS console, we are greeted with the following options:
This step will explicitly create either one security group allowing inbound traffic on port 80 for HTTP or two security groups in case if we put a load balancer in front of the task. In case if we have a load balancer, the security group attached to the load balancer will allow traffic from the outside on port 80, while the security group attached to the task will allow traffic only from the load balancer.
Obviously the inbound/outbound rules of a security group can be further customized if we go into EC2 console and search for our security group.
Besides security groups, we can allow or restrict traffic on the VPC level using NACLs.
