How to use SSL/TLS on ECS Fargate

Question

I am trying to use SSL/TLS for Python Flask/Waitress server running the ECS Fargate. I haven't found a solution for our use case.

Here are the designs for the ECS Fargate:

Container will only interacts with backend AWS Lambda
Public IP disabled, only private ip is enabled.
No use of load balancer. The Python server is stateful and spinning a new container when requested is more cost effective.

How should I make a HTTPS request from Lambda to the ECS Fargate?

score 2 · Accepted Answer · answered Feb 18 '22 at 21:11

2

Solved the issue:

Create a self-signed cert using OpenSSL in Flask server
Trust self-signed certs in Lambda

answered Feb 18 '22 at 21:11

EzyHoo

301
2
14

Can you please elaborate with steps? – yogeshhkumarr Mar 30 '23 at 09:30

score 1 · Answer 2 · answered Feb 10 '22 at 18:28

1

Why do even need to make an HTTPS request from the lambda?

Answer to your question

Enable the security group port 443 on your ecs fargate instance and you should be able to make requests even without ssl certs as browsers only block them,

2nd thing is if for any reason you need a SSL cert on localhost you can use this library https://github.com/FiloSottile/mkcert

answered Feb 10 '22 at 18:28

priyanshu kumar

76
1
6

The Lambda and Fargate are in the same VPC/cluster. The traffic from lambda to Fargate is in HTTP using Fargate's private IP. In case the attackers got into the VPC, the traffic will be encrypted if it is HTTPS request. The browser doesn't call Fargate instance. Only Lambda calls Fargate instance. – EzyHoo Feb 10 '22 at 18:59

How to use SSL/TLS on ECS Fargate

2 Answers2