[ECS] [request]: ENI trunking support on Windows container instances

[apgrucza]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Tell us about your request Elastic network interface trunking support on Windows container instances

Which service(s) is this request for? ECS (although it might also be required for Fargate)

Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard?

In July 2021, AWS launched the support of the awsvpc network mode for Windows workloads running in Amazon ECS. The benefits of this are described in this Amazon blog. However, because the limit on the number of network interfaces that can be attached to an Amazon EC2 instance is so low, we are unable to switch over to the awsvpc network mode without spreading our tasks over a drastically increased number of container instances. This would be very costly for us, especially with these being Windows instances.

ENI trunking would allow us to maintain our current task density, but it is not supported on Windows container instances.

The impact of not using the awsvpc network mode is that we continue to lack the fine-grained access control between our ECS tasks and our RDS instances, as described in https://github.com/aws/containers-roadmap/issues/907. In short, the awsvpc network mode is not of much use without ENI trunking.

Are you currently working around this issue? Right now, no. Utilisation and cost control is more important at present, so all services running on all EC2 container instances in the cluster can connect to any RDS instance.

[OHolzmann]

Please provide some timeline for this. We are very interested in this feature