cannot reach EC2 instance in ECS cluster

2
votes

I have created an ECS cluster and task definition and managed to boot up a single container for my app (ec2 launch type). However, I can't reach the public ip listed.

  • EC2 Instance is green/running, status checks 2/2 passed. IPv4 public address listed.
  • The public subnet and security group it is linked to allows http access and ssh from my ip for now.
  • there is a database on a private subnet that the container should reach (private subnet SG allows incoming conns from the public subnet).

How can I troubleshoot and fix this? Thanks!

EDITS further info as requested:

  • NACL: {100 allow all, * deny all} in that order.
  • Subnet: auto-assign ipv4 address is on.
  • can confirm inside the container, curl localhost:PORT WORKS.
  • can confirm inside the container, ping <rds db endpoint> FAILS.
  • can confirm that outside the container, hitting public-ip:PORT FAILS.

EDITS 2 as requested:

CONTAINER ID        IMAGE            COMMAND                  CREATED             STATUS                     PORTS               NAMES
fa3dxxxxxxxx        xxx/xxx:latest   "docker-entrypoint.s…"   23 minutes ago      Up 23 minutes              3010/tcp            xxx
9766yyyyyyyy        amazon/ecs-agent:latest  "/agent"         24 minutes ago      Up 24 minutes (healthy)                        ecs-agent
011axxxxxxxx        xxx/xxx:latest   "docker-entrypoint.s…"   2 hours ago         Exited (137) 2 hours ago                       xxx

Can confirm curl local-ip:PORT FAILS: curl: (7) Failed to connect to 10.0.x.x port xxxx: Connection refused

1
amazon-web-servicesamazon-ec2amazon-ecs
is the instance in a public subnet?Marcin
Check your Security group and NACL. Also do you have fixed IP.? try opening source anywhere in SG just for test and checkSangam Belose
@Marcin yes public subnet @ Sangam Elose I don't know what you mean by fixed ip - i don't think so? it's an auto-assigned ip i believe. Thanks!yen
What network mode are u using? awsvpc?Marcin
@Marcin just default bridge network. I just found another issue: docker attach <containerid> just hangs :( so maybe the container itself is borked.yen

1 Answers

0
votes

So from the discussion, we investigate the issue.

The issue was in the task definition, the application was working inside the container but nor with host public and private IP address.

Publishing port in the task definition should resolve the issue.

{
  "ContainerPort" : 3010,
  "HostPort" : Integer,
  "Protocol" : 3010
}

The PortMapping property specifies a port mapping. Port mappings allow containers to access ports on the host container instance to send or receive traffic. Port mappings are specified as part of the container definition.

aws-containerdefinitions-portmappings