We are in an integration process and the company is asking for whitelisted static IP addresses. The suggested solution by AWS is to create new ECS that uses new subnets. Is it possible to change subnets in an existing cluster? Do we have to redeploy everything in a new cluster? Since, redeployment is a risky process for us, we need a easier solution for that.
Asked
Active
Viewed 557 times
0
-
Redeployment should be all automated, not risky. Just saying. – MLu Nov 24 '21 at 10:46
-
Can you explain it more please? Actually we are not working with the same tech team who deployed in the first place and current team hesitates to redeploy. – Buse B. Nov 24 '21 at 11:18
-
As @MLu says you should be able to redeploy. If not you should make it a priority to be able to. I understand there might be external dependencies, but you should be able to deploy to a different/new account and verify that all is well before redeploying. – Gomibushi Nov 29 '21 at 07:39
1 Answers
0
You probably need to be more explicit about 1) the current configuration you have and 2) what is the main goal. On #1, it depends on what network mode you are using (bridge vs VPC). With the latter a cluster is not bound to a subnet/VPC and you can pick anything you want (inside the same cluster). You may need to redeploy the tasks/services though to move them. Not sure how this relates to "getting a static IP for outbound requests" though. If you need a known egress IP for all your tasks you would need to configure a NAT Gateway in the private subnet where your tasks live.
I assume your problem is that the existing tasks are on a public subnet with their own public IP and you need to move them to a private subnet with a NAT GW associated?
mreferre
- 426
- 1
- 5
-
Our subnets are public but the issue is that subnets don't make use of the NAT Gateway. Suggested solution is to create a new subnets with a NAT Gateway. It's claimed that we cannot change subnets in an existing cluster so we need to create a new cluster that uses new subnets. In this scenario, we need to redeploy everything in a new cluster. But not sure this is the only way to do it. – Buse B. Nov 24 '21 at 20:11
-
Yes NAT GW can't be attached to public subnets. There may be reasons why you can't add additional subnets to an existing VPC (you already consumed/configured all the IP space of your VPC etc). A few question: 1) is your application deployed as an ECS service? 2) Does it have a Load Balancer configured? 3) Is it deployed on EC2 or Fargate? If it's deployed on EC2 what is the network mode configured (Bridge or VPC)? – mreferre Nov 25 '21 at 08:11
-
1) ECS and networking done via VPC, 2) Load balancer configured, 3) ECS fargate. – Buse B. Nov 25 '21 at 10:32
-
If that is the scenario it is *possible* that by [creating a new task-set](https://docs.aws.amazon.com/cli/latest/reference/ecs/create-task-set.html) that points to a new VPC and LB and then [updating the ECS service](https://docs.aws.amazon.com/cli/latest/reference/ecs/update-service.html) you should be able to move your tasks to private subnets. In theory you could do it without recreating the cluster or even the ECS service but all tasks would need to move to a new VPC/LB). – mreferre Nov 25 '21 at 15:09