I'm attempting to make an AmazonEC2Client SDK call from a .NET program running in a FARGATE container in a Private Subnet:
using (var vpcClient = new AmazonEC2Client(_awsCredentials, _regionEndpoint))
{
var listSubnets = await vpcClient.DescribeSubnetsAsync(new DescribeSubnetsRequest()
{
Filters = new List<Filter>()
{
new Filter()
{
Name = "vpc-id",
Values = new List<string> { _vpcId }
}
}
});
}
The code works OK from my development laptop, but it stops cold making the request when deployed to AWS.
The network mode on the FARGATE container is:
"networkMode": "awsvpc",
What am I missing here? A security group configuration?
I set "All Traffic" for the VPC CIDR in both in Inbound and Outbound rules for the security group used by the FARGATE container.
A resource running in a private subnet of your VPC doesn't have access to anything outside of the VPC. The AWS API which you are trying to interact with via the AWS SDK exists outside of the VPC.
Your options are to either add a NAT Gateway in a public subnet of the VPC, and configure a route to that NAT Gateway in the private subnet(s). Or, create an AWS Private Link VPC Endpoint in your VPC for the specific AWS service you are trying to interact with.
It looks like you are trying to interact with the VPC service. I think, due to legacy reasons, the VPC service is actually accessed through the AWS EC2 API, so you would need to create a VPC endpoint for the EC2 service.