AWS Fargate can't resolve Private DNS Route 53

1
votes

I have a Cloudformation that creates a AWS Fargate on ECS Cluster, in this way:

  TaskDefinition:
    Type: 'AWS::ECS::TaskDefinition'
    Properties:
      RequiresCompatibilities:
        - FARGATE
      Cpu: !Ref ContainerCpu
      Memory: !Ref ContainerMemory
      ExecutionRoleArn: !Ref ExecutionRole
      TaskRoleArn: !Ref ExecutionRole
      ContainerDefinitions:
        - Name: !Sub ${ContainerName}
          Image: 'image-url-here'
          Essential: true
          HealthCheck:
            Command: ["CMD-SHELL", "test -f hc.log"]
          LogConfiguration:
            LogDriver: awslogs
            Options:
              awslogs-region: !Sub '${AWS::Region}'
              awslogs-group: !Sub '${FeatureName}-${MicroServiceName}'
              awslogs-stream-prefix: !Ref MicroServiceName
      Family: !Sub 'family-${FeatureName}-${MicroServiceName}'
      NetworkMode: awsvpc
    DependsOn: CloudWatchLogGroup
    
  ExecutionRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: !Join ['', [!Ref MicroServiceName, ExecutionRole]]
      AssumeRolePolicyDocument:
        Statement:
          - Effect: Allow
            Principal:
              Service: ecs-tasks.amazonaws.com
            Action: 'sts:AssumeRole'
      ManagedPolicyArns:
        - 'arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy'

My ECS Task Fargate need to access a API that is running in a EC2 , so I created a DNS Private Hosted Zone with the following address: api.localaccount. But when I try to access this API from my Fargate i got the following error:

System.Net.Http.HttpRequestException: Name or service not known

I know that this error is because my AWS Fargate can't resolve DNS, but I don't know why. If I access this same DNS (api.localaccount) from EC2 everything works fine, so I think my DNS Route 53 is ok.

3
amazon-web-servicesamazon-cloudformationamazon-route53aws-fargate
The task should run using the same VPC as the DNS Private hosted zone. Can you confirm if the service is configured to used that VPC? - Omar Rosadio
Yes, I confirmed twice that my Task and Service are in same VPC that my api.localaccount is running. And other important thing is that I just have one VPC in my account. - Ronaldo Lanhellas
Could be application-level issue. Can you run your app on an instance, instead of fargate, and confirm that it correctly resolves private dns names? - Marcin
I'm trying right now and will return here, good point @Marcin. - Ronaldo Lanhellas
The problem was my application @Marcin, thanks for your help, I was pointing to wrong url. - Ronaldo Lanhellas

3 Answers

1
votes

Based on the comments.

The issue was due to the use of a wrong link in the application. Thus, it was application-level problem, not ECS Farage issue.

0
votes

To use private hosted zones, you must set the following Amazon VPC settings to true:

  • enableDnsHostnames

  • enableDnsSupport

0
votes

ECS Service by default can't resolve DNS. You have to explicitly enable it during service creation part. Once you enable it, you have option to select the Namespace and record type.

*All of this should be done after setting up Route53 and VPC config. In this case you've already done those.

ECS Service Discovery