[ECS] [Feature]: Metadata Endpoint V4 to add subnet ID

[JohnPreston]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Tell us about your request The ECS Metadata does not surface the Subnet ID the container is running into. We would like it to. SImilar to #832 , we are missing this information in order to be able to determine without having to reverse engineer, which subnet our container is into. Presently on the AZ is surfaced.

Which service(s) is this request for? ECS

Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard? Want to be able to have our application AWS Network aware by using the ECS Metadata. Right now the only way around it is to create a service per zone with the same task definition, almost, as you'd need to change labels or tags per AZ/Subnet.

The subnet ID should be surfaced at the same level as the VPC ID in the metadata, preferably, or be added to the networks definition

See https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-metadata-endpoint-v4.html

Are you currently working around this issue? Have to create multiple services.

[JohnPreston]

Should add that this should be added for EC2 hosted containers AND Fargate We run 1000s of containers on Fargate.

[otterley]

Can you tell us more about your use case?

[JohnPreston]

Sorry I missed that question. But like pointed and asked about in other tickets, the idea is that right now it takes a whole series of queries to figure out what the zone ID of the container is. Also because the zone names change from customer to customer and somehow the fact that VPC can be shared was missed out, one can't even rely on the describe zone availabilites. Today to get the accurate zone ID the container is running into all the time one needs to

• get the subnet CIDR Range from the networks[] defined in the metadata v4
• find the right subnet that uses that exact CIDR, pair it with the VPC in case there were 2 VPCs in the same account+region using the same ranges (rare I guess, but not impossible)
• describe the EC2 Subnet

This is very possible to do but then each require additional things to be installed in the docker images

• libraries one doesn't need (not all service workloads on ECS that interacts with AWS services, so don't need the AWS SDK for example)
• install the AWS CLI in the container -- an additional thing I don't need

Use-case is whatever I want it to be but it comes down the having something simple to know which zone ID I am into so that if I have meshes, private links and have all the services be zone aware so that I can favor services in the same zone ID not to pay for cross-az traffic.

As a MSK customer, if I want to set the client.rack to match the broker.rack and leverage that in order to avoid cross-az traffic, I can, but it takes extra steps that the IAM Execution role could do for me as it already has the IAM permissions needed to do all the API calls for me to surface that information.

EDIT: I go on about the zone ID, but if at least I can skip over "finding" the subnet ID that's already a win.