Static outbound IP for AWS ECS Fargate task

Question

I have a Docker container with a service which I want to run through AWS ECS with Fargate. Unfortunately the service I want to run needs to access an SFTP server of a partner where the IP needs to be whitelisted.

My question is now: How is it possible to assign a static IP (IPv4) to a AWS ECS Fargate Task? I've already setup a VPC, the subnets, internet and NAT gateway and assigned them to each other. But the biggest problem I see is that for each execution of the task with Fargate a new ENI with an different IP is assigned.

Would be great to get some help! :)

FYI: There's a really good blog with full detail here: medium.com/@gboyegadada/… — JohnLBevan

Adiii Adiii · Accepted Answer · 2019-09-15T02:41:43

There is interesting GitHub repo which explain the use case plus how to achieve the static IP for fargate service.

Why?

A third party may want to whitelist your application's IP. Most of the steps are covered using-static-ip-addresses-for-application-load-balancers

Create Fargate cluster

Using the wizard create the cluster.

Along with the cluster it will create a VPC and Security group. Find them and give them useful names.

In your security group for VPC set your inbound for HTTP and HTTPS.

Elastic IPs

Find it under EC2 > elastic IPs

Allocate two static IPs. One for each availability group.

Network Load Balancer

Find it under EC2 > Load Balancers

Create NLB. Under availability zones assign it the VPC and elastic IPs you created earlier.

Create a new target group with target type IP and protocal TCP.

Leave IP blank. Next.

Application Load Balancer

Add existing security group from the VPC.

Create a new target group. Type IP. Protocol TCP.

Leave IP blank. Next.

Fargate service

Create a new service in your cluster.

Choose application load balancer you created.

Choose existing ALB target group.

The architecture diagram will less or more likely this