Reputation: 41
ECS Service Discovery from other service outside VPC
Can one service in ECS cluster c1 can call another service in cluster c2 using ECS service discovery (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-discovery.html). As they are both in different cluster they will be in different vpc as well.
Upvotes: 2
Views: 1468
Answers (3)
Reputation: 191
You need to enable dns resolution on peering connection: Aws doc
Upvotes: 0
Reputation: 21
I've run into similar issue and the following worked for me:
- set up vpc peering for VPCs
- update route tables and security groups
- associate route53 zone with service discovery dns records with both VPCs (e.g. via https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association)
Upvotes: 2
Reputation: 2127
I ran into this same question and requirement (with private DNS discovery) and contrary to what I thought it's not possible at the moment, below are all the steps I followed to sort out connectivity/networking between 2 VPCs in an AWS environment and also some requirements to get your ECS service discovery up and running, hopefully, this clarifies:
- Be sure your VPC has DNS hostnames enabled (so it will resolve your DNS internally).
- Create a VPC peering connection for your VPCs
- Be sure to update all the route tables needed to route the traffic through the peering connection
- Be sure to update any security group needed to allow traffic from the VPC and the specified port
From this point, I validated that service-discovery was working within my first VPC (let's called A) by using telnet, nslookup, or any other tool from another Task running in the A-VPC. Then I tested from an instance in B-VPC to ping and telnet directly to the private IP assigned to my Task in A-VPC and as expected the connection was successful, but when tried using the private DNS which is the all point I got the error: Unknown service (the error may vary depending on the tool used). After looking deeper into the issue I found out that CloudMap (which is one of the services used underneath for service discovery) will query for your DNS only within your VPC, for more information you can look into this considerations provided by AWS.
A possible solution for this is to use a Network Load Balancer or similar to route the connection to your service, but is a bit annoying because you could prescind from service-discovery and just use a Load Balancer solution.
Upvotes: 0
Related Questions
- It's possible to use AWS service discovery within a private VPC?
- Not able to make AWS ECS services communicate over service discovery
- Exposing a ECS Service to the net
- ECS public subnet service communication with private subnet service
- Access a service exposed by AWS ELB from AWS Lambda
- ECS with Route 53 Service discovery
- Cannot connect two ECS services via Service Discovery
- Accessing AWS Elasticsearch VPC endpoint through VPC peering
- Alternative service discovery without ELB for ECS-service
- Accessing ECS instances from AWS Lambda running in VPC