amazon-web-servicesamazon-ecsamazon-vpcaws-fargateaws-vpn

AWS - Private static IP address for Fargate task


I have the following situation. I have a VPC on AWS. In this VPC, I have an ECS Fargate cluster with multiple different tasks running. Additionally, I have a Site-to-Site VPN for one of my partners set up in this cluster.

Now, this partner has to send HTTP POST (SOAP in fact) requests to one of my Fargate tasks. This should be possible only through VPN, so the task can't be public-facing. For some reason which I can't control this partner requires a static IP to which requests have to be sent, so ALB is not an option. So I need a way to assign a private (within VPC) static IP to the Fargate task.

I've tried to achieve it with NLB, but not sure if I can send HTTP requests to NLB since it's L4 vs L7. Now my only option seems to be an EC2 instance with NGINX which would simply forward all requests to the task's ALB. I don't like this option because I have not much experience with NGINX configuration.

Do you think there are any other options for me to achieve what I need?

Thanks in advance


Solution

  • I've tried to achieve it with NLB, but not sure if I can send HTTP requests to NLB since it's L4 vs L7.

    NLB is L3. But off course you can use it for HTTP or HTTPS. The only difference is that you won't be able to setup http-type listener rules, because NLB is for TCP/UDP. But it does not stop you from using it to distribute HTTP/HTTPS traffic among your fargate tasks.