I have prometheus task running on ECS Fargate and an EC2 instance where I installed Influxdb to store prometheus metrics for data persistence in case of prometheus ECS task restarts.
I configured remote read and remote write URL's in prometheus.yml and deployed it.
Here when I opened 8086 port from anywhere the connectivity from ECS task to EC2 VM happening successfully and data is written into InfluxDB. But when I changed the security group to open 8086 port only for the security group where EC2 VM and ECS task are running then I am getting error as -
ts=2022-09-23T04:40:18.441Z caller=dedupe.go:112 component=remote level=warn remote_name=33b2e7 url="http://x.x.x.x:8086/api/v1/prom/write?db=prometheus" msg="Failed to send batch, retrying" err="Post \"http:/x.x.x.x:8086/api/v1/prom/write?db=prometheus\": context deadline exceeded"
Both ECS cluster and EC2 VM are in same VPC and same security group.
Related
I have a container application running on ECS Fargate (Network awsvpc), And tried to connect MySQL database set up on EC2 instance... But it is not happening.
I can connect same database (on EC2) from local machine with same containerized application running.
Trying so hard to solve this issue, if you know please help me.
Tried other things I know:
Security group inbound as ECS service security group (also tried opening all traffic access to EC2 instance)
ECS tasks running into private subnet or public subnet (EC2 and Fargate apps, all are in same VPC)
I am trying to setup AWS Nitro Enclave with ECS using AWS Cloudformation but I am struggling with assigning a launch template to an ECS service.
As far as I know, we can specify a launchType with the value of EC2 while creating the ECS Service but there is no way to manipulate the launch parameters.
Any help with examples will be appreciated.
The Nitro Enclave is part of the EC2 server. An ECS service is just a docker container running on the EC2 server. The EC2 server has to already be up and running (with things like Nitro Enclave already configured) before the ECS service is started on the server. The launchType parameter of the ECS Service just specifies if it should run on Fargate or EC2.
You can't configure your cluster's EC2 servers through an ECS service configuration. You would configure the EC2 servers in the ECS cluster through the cluster's Capacity Provider configuration. Specifically, since you are using EC2 instead of Fargate, you would need to configure the capacity provider with an EC2 auto-scaling group which is configured with an EC2 launch template that handles the Nitro Enclave setup.
To be clear, I've never heard of anyone using Nitro Enclaves with ECS, and I don't think you can actually run ECS services inside the Nitro Enclave. At most you could have ECS services running on the same server that also has a Nitro Enclave running some other process.
I am using Jenkins Fargate Plugin(https://plugins.jenkins.io/amazon-ecs/) for builds and push. I have an EC2 machine and in this machine I have Jenkins master, nexus repository and sonarqube. And with this jenkins fargate plugin I create fargate containers for jenkins workers. And this workers in same subnet in EC2 machine and same vpc. But when I use whistlist on 443 port for nexus and sonarqube created fargate container cant access to nexus and sonarqube but they are on same public subnet. What should I do for the connection. I use different security groups for EC2 machine and fargate conrtainers but subnets and vpc is same.
I need to close jenkins master nexus and sonarqube login pages so ı need to use whistlist right other way can close? what should I do for comminication fargate container and EC2 machine?
Update:
Subnet is public subnet.
Security group for fargate outbound rules is all open.
The error is "Connection time out".
A node server is running on Fargate ECS. The server needs to connect to a Redis database when it starts using node-redis.
The ECS service and the ElasticCache Redis is in the same VPC, and they are in the same private IP range (10.0.0.x, 10.0.0.y).
However, connection timeout error is always returned.
Also, I created a EC2 instance within the same VPC, and successfully connected to the Redis service.
Please help, thanks a lot.
I've launched a golang based http server into AWS Fargate and I can see from the cloudwatch logs that it is up and running. However I created the Service without an ELB. Is an ELB required to 'ping' or communicate with my running app? I don't see any other way of accessing the running processes. What is the public IP?
In the ECS Cluster:
Click the Task ID
Look for the network section, specifically ENI ID
Click ENI ID, you should now be in the Network Interface section of EC2
Look for IPv4 Public IP