ALTELMA
commented
4 years ago +1
Open mmerchant opened 4 years ago
ALTELMA
commented
4 years ago +1
Aekanum
commented
4 years ago +1
wilcurt
commented
4 years ago Creating dummy ENIs in each subnet to "reserve" non-whitelisted IPs such that the Fargate container will receive one of the "available" IPs that is a whitelisted IP.
Can you provide more info on how this is performed?
tarfeef102
commented
3 years ago The proposed solution would work, and so would allowing us to make /32 subnets, if that's easier. Just need a way to get static local IPs for outbound traffic.
tarfeef102
commented
3 years ago Creating dummy ENIs in each subnet to "reserve" non-whitelisted IPs such that the Fargate container will receive one of the "available" IPs that is a whitelisted IP.
Can you provide more info on how this is performed?
If you somehow still need to know, if you have a /28, you have 16 available addresses. So create a 15 ENIs which will use all but 1 of the IPs in the subnet, then when you tell fargate "use this subnet", it will only have 1 choice, so therefore you can be confident the task will only be given that IP every time it's started (assuming no other tasks/services can come in and steal it)
luweilevi
commented
12 months ago i need this because we have a ecs task got triggered every two minutes, and we have aws config turn on. The recreation of eni caused a significant increase of configuration items in aws config, which largely increases the cost of aws config.
Tell us about your request What do you want us to build?
Using Cloudformation when creating an ECS service for Fargate I'd like to be able to provide a list of Elastic Network Interfaces (ENI) for the Network Configuration such that the Fargate ran container will have consistent IPs.
Which service(s) is this request for? Fargate/ECS
Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard? What outcome are you trying to achieve, ultimately, and why is it hard/impossible to do right now? What is the impact of not having this problem solved? The more details you can provide, the better we'll be able to understand and solve the problem.
We have a 3rd party server that we connect to over an AWS managed VPN. This 3rd party service requires that the client making the request (i.e. the fargate container) be a whitelisted IP in their Access Control List (ACL) and cannot whitelist multiple /28.
Are you currently working around this issue? How are you currently solving this problem?
Creating dummy ENIs in each subnet to "reserve" non-whitelisted IPs such that the Fargate container will receive one of the "available" IPs that is a whitelisted IP. The other option is to not use Fargate and use traditional ECS whereby we attach ENIs to the managed EC2 instances.