How can I run an Amazon ECS task on Fargate in a private subnet?
Last updated: 2020-12-18
I want to run an Amazon Elastic Container Service (Amazon ECS) task on AWS Fargate in a private subnet.
You can run Fargate tasks in private subnets. However, Fargate tasks might require internet access for certain operations, such as pulling an image from a public repository or sourcing secrets. You can provision your NAT gateway in public subnets to provide outbound internet access to Fargate tasks that don't require a public IP address.
Create a VPC
Create a NAT gateway
When you create your NAT gateway, be sure that you:
- Place your NAT gateway inside the public subnet.
- Update the route table of the private subnet. For Destination, enter 0.0.0.0/0. For Target, select the ID of your NAT gateway.
Create an Amazon ECS cluster and service
- Create an Amazon ECS cluster using the Networking only template (powered by Fargate).
- Create an Amazon ECS service.
When you configure the network for the service, be sure that you:
- Choose the cluster that you created in step 1 for your cluster VPC.
- Choose the private subnet from your NAT gateway.
Now, your new tasks will be launched in the private subnet.