AWS ECS Cluster - Instances

Question

I have a "Custom VPC" with two subnets (A private subnet & a public subnet).

In ECS, when I try and create a cluster with "Custom VPC" and both subnets selected. The EC2 instances launched, are by default launched in the private subnets.

1. Why?, Is there a way to change the instance subnet after it is launched?
2. Should ECS cluster only have public subnets of a VPC? and launch an instance on the private subnet through the 'Launch instance' wizard?
3. Also, these instances have a public DNS even when the private subnet 'auto assign public IP' is disabled. Why?

Answer 1

Every instance in a VPC has a default network interface, called the primary network interface (eth0). You cannot detach a primary network interface from an instance. You can attach a new network interface.

To change the subnet of launched EC2 instance, you can follow this steps:

1. Create a new ENI (elastic network interface) with the new subnet you want to change. Notice that you cannot change VPC of an launched EC2 instance. If the same VPC or availability zone does not have other available subnets, you should create a new subnet first.
2. Go to your EC2 console and select the EC2 instance you want to change subnet.
3. In the Action menu above, go to Networking > Attach New Interface.
4. In the Network Interface menu, choose the network interface you just created.

You can reference to this document for how to create and attach a new network interface for an EC2 instance. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html

Answer 2

1: You need run ECS in the public subnets reference : https://docs.aws.amazon.com/AmazonECS/latest/developerguide/get-set-up-for-amazon-ecs.html

2: Yes or you need to create a private subnet with NAT gateway tied to it