0

I have an ECS container on Fargate that needs to connect to an EC2 instance that hosts a web service. Both the Fargate container and the EC2 instance are on the same VPC and subnet, and the subnet is public.

If I provide the container the Private IPv4 DNS name of said EC2 instance, the connection is successful. However, the EC2 instance is connected to an ALB, and that has a Route 53 name connected to it (which also works fine).

If I provide the Route 53 DNS name to the Fargate container, the connection is unsuccessful.

What configuration do I need to look into to get the Fargate container to resolve the Route 53 DNS name to the EC2 instance?

So, for example, I have a Route 53 A record: https://my-app.com. This record is bound to an ALB, which in turn is bound to the EC2 instance that's hosting APP-1. This record works as expected on the browser.

My Fargate container, hosting APP-2, in its configuration you can provide the URL to connect to APP-1.

When providing APP-2 with the URL ip-10-0-0-10.us-east-1.compute.internal (this representing the private DNS name), it does resolve (as expected), since the VPC has both enableDnsHostnames and enableDnsSupport enabled.

When providing APP-2 with the URL https://my-app.com (the Route 53 A record), it does not resolve (times out). The subnet (where both the EC2 and Fagate container resides) has an Internet Gateway set up in the route table.

Xanagandr
  • 723
  • 2
  • 9
  • 19
  • You have DNS configured to return the public IP address. You should use the private IP address for network traffic within the VPC. Either use the `xxx.internal` hostname or set up a Route 53 private hosted zone for the domain. https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/hosted-zone-private-creating.html – John Hanley Jun 17 '22 at 08:49
  • How do you know this is a DNS resolution issue? A timeout indicates a network firewall or routing issue. I would expect to see a "host not found" or something similar if it was a DNS issue. – Mark B Jun 19 '22 at 14:35
  • @Xanagandr - Did you manage to resolve this? – SunainaDG Jun 15 '23 at 15:41

1 Answers1

0

To configure HTTPS DNS addresses to an instance/task you must have a TLS certificate for the same domain. For Example, if you want to host application on https://app.com, then create an ACM certificate on Domain name "app.com". You can create and manage TLS/SSL certificates on AWS ACM. You can find more here: https://aws.amazon.com/certificate-manager/

Once it is finished, you have to attach the certificate to the respected load balancer.

  1. Open Load Balancer
  2. click on Add listener
  3. Add a 443 TLS port
  4. Add target group
  5. Add the Certificate!

Add the certicificate like this!

Now you can access the task by the Record.

Hope this helps, Thanks!

Afroz S
  • 16
  • 5