I am using Jenkins Fargate Plugin(https://plugins.jenkins.io/amazon-ecs/) for builds and push. I have an EC2 machine and in this machine I have Jenkins master, nexus repository and sonarqube. And with this jenkins fargate plugin I create fargate containers for jenkins workers. And this workers in same subnet in EC2 machine and same vpc. But when I use whistlist on 443 port for nexus and sonarqube created fargate container cant access to nexus and sonarqube but they are on same public subnet. What should I do for the connection. I use different security groups for EC2 machine and fargate conrtainers but subnets and vpc is same.
I need to close jenkins master nexus and sonarqube login pages so ı need to use whistlist right other way can close? what should I do for comminication fargate container and EC2 machine?
Update:
Subnet is public subnet.
Security group for fargate outbound rules is all open.
The error is "Connection time out".
Related
I have a container application running on ECS Fargate (Network awsvpc), And tried to connect MySQL database set up on EC2 instance... But it is not happening.
I can connect same database (on EC2) from local machine with same containerized application running.
Trying so hard to solve this issue, if you know please help me.
Tried other things I know:
Security group inbound as ECS service security group (also tried opening all traffic access to EC2 instance)
ECS tasks running into private subnet or public subnet (EC2 and Fargate apps, all are in same VPC)
I have two VPC's in the same account. VPC-A(has RDS installed), VPC-B has services installed through ECS EC2 deployment.
VPC-B has multiple subnets. Services deployed through ECS EC2 service couldn't integrate with RDS. It keeps getting the following error message("Is the server running on host "....")
Where as telnet on RDS database port from Ec2instance(E1) inc VPC-B subnet can connect to the database.
But, it couldn't start the server if the same services are installed through ECS. When manually trying to start the container it works(able to connect to the database).
I also set up a Peering connection between two VPC's but the connection problem exists only when the container is started through ECS EC2 deployment.
The dropdown for public IP has "Disabled" and no other options. Subnet's are public subnets.
Any help/thoughts will be highly helpful.
As per aws docs "awsvpc" launches in a private IP and to interact with external services nat gateway needs to be attached to subnet.
https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html#task-networking-considerations
The awsvpc network mode does not provide task ENIs with public IP addresses for tasks that use the EC2 launch type. To access the internet, tasks that use the EC2 launch type should be launched in a private subnet that is configured to use a NAT gateway.
"Auto assign public IP" mode is "Enabled" with "bridge" netowrking mode on on ECS EC2 launch.
Basically, I'm follow these two guides:
Deploying Hasura on AWS with Fargate, RDS and Terraform
Deploying Containers on Amazon’s ECS using Fargate and Terraform: Part 2
I have:
Postgres RDS Database deployed in 'Multi-AZ'
My python/flask app deployed in Fargate across multiple AZ's
I run a migration inside the task definition before the app
ALB Load balancing between the tasks
Logging for RDS, ECS and ALB into Cloudwatch Logs.
A NAT gateway with an Elastic IP for each private subnet to get internet connectivity
A new route table for the private subnets
NO certificates
I use terraform 0.12 for the deploy.
The repository is on ECR
But...
My app can't connect to the RDS database:
sqlalchemy.exc.OperationalError
(psycopg2.OperationalError): FATAL: password authentication failed for user "postgres"
These are the logs on pastebin-logs
I've already tried changing the password to a very simple one, before deploy, on the console directly, opening ports, turning access public, changing private to public subnet, etcetera, etcetera...
Please, I have a week with this error!!!
UPDATE
I inject the database credentials in this way:
pastebin-terraform
I cannot comment, but I mean this as a comment.
What does the security group egress look like on your ECS service that runs the task? You need to make sure it can talk to the RDS, usually on port 5432.
I have a spring boot application that is deployed to AWS Elastic Beanstalk and a Mongo database the is deployed on an EC2 instance.
I created two security groups: one for the EC2 instance and another one for Elastic Beanstalk to open the connection to each other.
However, the spring boot app still can't connect to Mongo (on the EC2 IP address).
Login to your AWS account and navigate to EC2 (Compute) dashboard.
Click the Security Group for the Ec2 instance in which MongoDB is installed
In the inbound tab, click edit
Add the private IP of the EC2 where beanstalk is running and the MongoDB port. This will allow the connectivity from your Spring boot application to MongoDB.
To test the connectivity, SSH into your EC2 where beanstalk is running and telnet the IP: port where MongoDB is running.
I've launched a golang based http server into AWS Fargate and I can see from the cloudwatch logs that it is up and running. However I created the Service without an ELB. Is an ELB required to 'ping' or communicate with my running app? I don't see any other way of accessing the running processes. What is the public IP?
In the ECS Cluster:
Click the Task ID
Look for the network section, specifically ENI ID
Click ENI ID, you should now be in the Network Interface section of EC2
Look for IPv4 Public IP