Cannot Select Correct Address for AWS ECS Node

[celestialorb]

I have an AWS ECS cluster that I'd like to be able to SSH into via Boundary, but cannot configure the host set AWS plugin to select the proper address of the host node.

Each of my AWS ECS nodes has two private addresses, one for the host itself and one for what I assume is the CNI on the node. However, Boundary seems to always select the CNI address and not the host address. Both of these exist in the same subnet CIDR ranges, so using the preferred_endpoints with a CIDR specification will not help.

I have tried using the dns specification in preferred_endpoints with both dns:ip-* and dns:* but neither seem to work and I can't find any documentation for it so I'm not positive that is a proper option.

Is there anyway that I can configure it to select the proper address? Could the plugin check the address against the private DNS name and always prefer the one matching the host if no preferred_endpoints is set?

Am I missing something?

[celestialorb]

Looks like the plugin is pulling in both DNS names for both addresses as well, so that explains why the dns selectors didn't make a difference.

[celestialorb]

Yeah, I think the only solution to this, aside from reworking our networking setup, would be to make the IP address / DNS name that matches the instance's address as the first preference unless otherwise stated by the preferred_endpoints attribute.

Either that or an additional attribute for the plugin. A boolean value describing whether or not to only source the instance's address and to ignore any other additional network interfaces on it.

Something along the lines of: instance_primary_interface_only: true?

[justenwalker]

I've attempted to address this with #22 I am running into this with node groups on EKS. So far it hasn't been possible to get boundary to select the right ip when I want to use it for SSH because the additional ips added by VPC CNI keep getting in the way.