How can I use a static or Elastic IP address for an Amazon ECS task on Fargate?

4 minute read
0

I want to use a static or Elastic IP address for an Amazon Elastic Container Service (Amazon ECS) task on AWS Fargate.

Short description

You can't add a static IP address or Elastic IP address directly to a Fargate task. To use a static IP or Elastic IP with Fargate tasks, first create a Fargate Service with a Network Load Balancer. Then, attach the Elastic IP address of the task to the Load Balancer.

Choose one of the following options:

  • To create a static IP address for a Fargate task for inbound traffic, complete the following steps in the Resolution section.
  • To create a static IP address for a Fargate task for outbound traffic, create a NAT gateway. In this scenario, a static IP address is required by the downstream consumer. You must place your Fargate task on a private subnet. You can use the NAT gateway IP address for an IP allow list.

Resolution

Create a network load balancer, and then configure routing for your target group

  1. Open the Amazon EC2 console.
  2. In the navigation pane, under Load Balancing, choose Load Balancers.
  3. Choose Create Load Balancer.
  4. On the Select load balancer type page, choose Create for Network Load Balancer.
  5. On the Create Network Load Balancer page, for Load balancer name, enter a name for your load balancer.
  6. For Scheme, select either Internet-facing or internal.
  7. For IP address type, select IPv4.
  8. In the Network mapping section, for VPC, select the Amazon Virtual Private Cloud (Amazon VPC) for your Fargate task.
  9. For Mappings, select at least one Availability Zone and one subnet for each Availability Zone.
    Note: Turning on multiple Availability Zones increases the fault tolerance of your applications. For internet-facing load balancers, select an Elastic IP address for each Availability Zone. This provides your load balancer with static IP addresses. Or, for an internal load balancer, assign a private IP address from the IPv4 range of each subnet instead of letting AWS assign one for you.
  10. In the Listeners and routing section, keep the default listener or add another listener.
    Note: The default listener accepts TCP traffic on port 80. You can keep the default listener settings, modify the protocol or port of the listener, or choose Add listener to add another listener.
  11. For Protocol, select your protocol.
  12. For Port, select your port.
  13. Under Default action, choose Create target group.
    Note: The target group is used by the Network Load Balancer listener rule that forwards the request to the target group.
  14. On the Specify group details page, for Choose a target type, select IP addresses.
    Note: The target type Instances isn't supported on Fargate.
  15. For Target group name, enter a name for your target group.
  16. In the Health checks section, keep the default settings.
  17. Choose Next.
    Note: Load balancers distribute traffic between targets within the target group. When a target group is associated with an Amazon ECS service, Amazon ECS automatically registers and deregisters containers with the target group. Because Amazon ECS handles target registration, you don't need to add targets to your target group.
  18. On the Register targets page, choose Create target group.
  19. Navigate to the Create Network Load Balancer page.
  20. In the Listeners and routing section, for Forward to, select the target group that you created.
    Note: You must select the reload button to see the new target group after it has been created.
  21. Choose Create load balancer.

Create an Amazon ECS service

Create an Amazon ECS service. Be sure to specify the target group in the service definition when you create your service.

When each task for your service is started, the container and port combination specified in the service definition is registered with your target group. Then, traffic is routed from the load balancer to that container.


Related information

Service load balancing

AWS OFFICIAL
AWS OFFICIALUpdated 2 years ago
4 Comments

Would it kill you to discuss static IPs for Ec2 tasks on ECS? Why is it always Fargate that gets officially documented?! Not everything can run on Fargate!

replied 10 months ago

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

profile pictureAWS
MODERATOR
replied 10 months ago

I followed this tutorial but was having a lot of trouble. It turns out, if you have anything besides very open security group settings, your ELB and your ELS tasks will struggle to communicate. The solution is to set up two security groups, and allow the ELS group to accept inbound requests from the ELB group. More details from more trial and error here: https://stackoverflow.com/questions/78004237/setting-up-a-load-balancer-to-assign-an-elastic-ip-to-a-fargate-ecs-service-caus/78009797#78009797

Taylor
replied a month ago

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

profile pictureAWS
MODERATOR
replied a month ago