How do I set up dynamic port mapping for Amazon ECS?
Last updated: 2020-05-12
I want to set up dynamic port mapping for my container instance in Amazon Elastic Container Service (Amazon ECS).
The Classic Load Balancer doesn't allow you to run multiple copies of a task on the same instance. Instead, with the Classic Load Balancer, you must statically map port numbers on a container instance. However, an Application Load Balancer uses dynamic port mapping, so you can run multiple tasks from a single service on the same container instance.
To set up dynamic port mapping, complete the following steps:
- Create an Application Load Balancer and a target group.
Important: To route health check traffic correctly when you create a target group, choose Target Groups, and then choose Actions. Choose Edit health check. For Port, choose traffic port.
- Open the Amazon ECS console, and then set the host port to 0 for the task definition that you're creating or updating.
Important: Be sure to set the container port mappings for your application.
- Open the Amazon Elastic Compute Cloud (Amazon EC2) console, and then confirm that the security group and network access control list (network ACL) allow traffic from the load balancer to the instances over the ephemeral port range.
Note: For more information about configuring security groups, see Create a Security Group Rule for Your Container Instances. For more information about ephemeral port ranges, see PortMapping.
- Open the Amazon ECS console, and then configure your service to use the Application Load Balancer that you created.
Important: You can add a load balancer only during the creation of the service. After you create a service, you can't change the target group's Amazon Resource Name (ARN), container name, or the container port specified in the service definition. You can't add, remove, or change the load balancer configuration of an existing service. If you update the task definition for the service, then the container name and container port specified when the service was created must remain in the task definition. For more information, see Service Load Balancing.
- Open the Amazon EC2 console, choose Target Groups, and then choose the Targets view to check what port is used for the task in the service that you created.
If dynamic port mapping is set up correctly, then you see the registered targets in the target group and the assigned port for the task. You also see the task in the registered targets for the following ephemeral port ranges: 49153–65535 and 32768–61000.