AWS ECS Frontend & Backend Communication

Question

Based on AWS ECS architecture

@Marcin purposed an interesting idea, but I cannot wrap my head around how the ALB knows which target group to forward to, as my attempts with 2 listeners (HTTP 80 → Frontend & HTTP 5000 → Backend) did not work.

Let's say I have the following (as @Marcin purposed)

                                   |---> Target Group 1 ---> ECS Services for Frontend (private subnet)
Client ---> ALB (public subnet) ---|
                                   |---> Target Group 2 ---> ECS Service for Backend (private subnet)

Assume:

• the ALB is accessible via http://www.example.com and listens on:
• HTTP 80 → forward to target Group 1
• HTTP 5000 → forward to target Group 2
• frontend container is exposed on port 3000
• backend container is exposed on port 5000
• target group 1 maps to HTTP 3000
• target group 2 maps to HTTP 5000

Reasoning for the above setup was that if client wants a frontend resource, the access http://www.example.com (port 80), but if the frontend makes an API request to the backend, it does so via http://www.example.com:5000/<end_point> (note the :5000).

However, this hangs due to timeout

POST http://www.example.com:5000/check net::ERR_CONNECTION_TIMED_OUT

I can see that both target groups pass their respective health-checks in AWS console

Did I get something wrong with the above reasoning, or is this a setup issue?

Answer 1

Based on the comments.

The issue was with luck of a rule in ALB's security group to allow port 5000. Thus, the solution was to add the needed rule.