I have some services running on ECS which need to communicate with another service running on EC2 in the same account. We are currently using EKS and looking to migrate these services to ECS. How can the ECS fargate tasks communicate with the app deployed in the EC2 instance (not using ECS/Fargate)?
ECS does not provide your services with client certificates. The AWS service for creating and verifying certificates in a mutual-TLS environment is Amazon Certificate Manager private certificate authority. This service is relatively expensive though, so it may not meet your needs. To use it you would have your ECS services request a certificate from the private CA on startup, before the rest of your container's startup script runs.
Alternatively you could create a self-signed certificate that you store somewhere like Secrets Manager or in a locked-down S3 bucket, or obtain a certificate from a third-party service and store it similarly, and have your ECS tasks pull that down on startup.