How can I use a static or elastic IP address for an Amazon ECS task on Fargate?
Last updated: 2020-12-17
I want to use a static or Elastic IP address for an Amazon Elastic Container Service (Amazon ECS) task on AWS Fargate.
You can't add a static IP address or Elastic IP address directly to a Fargate task. You must use a Network Load Balancer with an Elastic IP address and Fargate service to create a static IP address.
Choose one of the following options:
- To create a static IP address for a Fargate task for inbound traffic, complete the following steps in the Resolution section.
- To create a static IP address for a Fargate task for outbound traffic, create a NAT gateway. In this scenario, a static IP address is required by the downstream consumer. You must place your Fargate task on a private subnet. You can use the NAT gateway IP address for an IP allow list.
Create a network load balancer and configure routing for your target group
- Open the Amazon EC2 console.
- From the navigation pane, in the LOAD BALANCING section, choose Load Balancers.
- Choose Create Load Balancer.
- On the Select load balancer type page, choose Create for Network Load Balancer.
- On the Configure Load Balancer page, for Name, enter a name for your load balancer.
- For Scheme, choose either external or internal-facing.
- In the Listeners section, keep the default listener or add another listener.
Note: The default listener accepts TCP traffic on port 80. You can keep the default listener settings, modify the protocol or port of the listener, or choose Add listener to add another listener.
- In the Availability Zones section, for VPC, select the Amazon Virtual Private Cloud (Amazon VPC) for your Fargate task.
Note: To associate an Elastic IP address with the subnet, select the address from Elastic IP.
- Skip the Next: Configure Security Settings page, and then choose Next: Configure Routing.
- On the Configure Routing page, for Target group, choose New target group (the default).
Note: The target group is used by the Network Load Balancer listener rule, which forwards the request to the target group.
- For Name, enter a name for the target group.
- For Target type, select either Instance or IP.
Note: Choose IP if you want to register your targets with an IP address.
- For Protocol, enter your protocol.
- For Port, enter your port.
- In the Health checks section, keep the default settings.
- Choose Next: Register Targets.
Note: Load balancers distribute traffic between targets within the target group. When a target group is associated with an Amazon ECS service, then Amazon ECS automatically registers and deregisters containers with the target group. Because Amazon ECS handles target registration, you don't add targets to your target group.
- Skip the Register Targets page, choose Next: Review, and then choose Create.
Create an Amazon ECS service
Create an Amazon ECS service. Be sure to specify the target group in the service definition when you create your service.
When each task for your service is started, the container and port combination specified in the service definition is registered with your target group. Then, traffic is routed from the load balancer to that container.