How can I use a static or Elastic IP address for an Amazon ECS task on Fargate?

Last updated: 2022-08-12

I want to use a static or Elastic IP address for an Amazon Elastic Container Service (Amazon ECS) task on AWS Fargate.

Short description

You can't add a static IP address or Elastic IP address directly to a Fargate task. To use a static IP or Elastic IP with Fargate tasks, you must first create a Fargate Service with a Network Load Balancer. You can then attach the Elastic IP address of the task to the Load Balancer.

Choose one of the following options:

  • To create a static IP address for a Fargate task for inbound traffic, complete the following steps in the Resolution section.
  • To create a static IP address for a Fargate task for outbound traffic, create a NAT gateway. In this scenario, a static IP address is required by the downstream consumer. You must place your Fargate task on a private subnet. You can use the NAT gateway IP address for an IP allow list.


Create a network load balancer, and then configure routing for your target group

  1. Open the Amazon EC2 console.
  2. In the navigation pane, under Load Balancing, choose Load Balancers.
  3. Choose Create Load Balancer.
  4. On the Select load balancer type page, choose Create for Network Load Balancer.
  5. On the Create Network Load Balancer page, for Load balancer name, enter a name for your load balancer.
  6. For Scheme, select either Internet-facing or internal.
  7. For IP address type, select IPv4.
  8. In the Network mapping section, for VPC, select the Amazon Virtual Private Cloud (Amazon VPC) for your Fargate task.
  9. For Mappings, select at least one Availability Zone and one subnet for each zone.
    Note: Enabling multiple Availability Zones increases the fault tolerance of your applications. For internet-facing load balancers, you can select an Elastic IP address for each Availability Zone. This provides your load balancer with static IP addresses. Or, for an internal load balancer, you can assign a private IP address from the IPv4 range of each subnet instead of letting AWS assign one for you.
  10. In the Listeners and routing section, keep the default listener or add another listener.
    Note: The default listener accepts TCP traffic on port 80. You can keep the default listener settings, modify the protocol or port of the listener, or choose Add listener to add another listener.
  11. For Protocol, select your protocol.
  12. For Port, select your port.
  13. Under Default action, choose Create target group.
    Note: The target group is used by the Network Load Balancer listener rule that forwards the request to the target group.
  14. On the Specify group details page, for Choose a target type, select IP addresses.
    Note: The target type Instances isn't supported on Fargate.
  15. For Target group name, enter a name for your target group.
  16. In the Health checks section, keep the default settings.
  17. Choose Next.
    Note: Load balancers distribute traffic between targets within the target group. When a target group is associated with an Amazon ECS service, Amazon ECS automatically registers and deregisters containers with the target group. Because Amazon ECS handles target registration, you don't need to add targets to your target group.
  18. On the Register targets page, choose Create target group.
  19. Navigate to the Create Network Load Balancer page.
  20. In the Listeners and routing section, for Forward to, select the target group that you created.
  21. Choose Create load balancer.

Create an Amazon ECS service

Create an Amazon ECS service. Be sure to specify the target group in the service definition when you create your service.

When each task for your service is started, the container and port combination specified in the service definition is registered with your target group. Then, traffic is routed from the load balancer to that container.

Did this article help?

Do you need billing or technical support?