I have a cluster with a mixture of services running on EC2 and Fargate, all being used internally. I am looking to deploy a new Fargate Service which is going to be publicly available over the Internet and will get around 5000 requests per minutes.

What factors do I need to consider so that I can choose if a new cluster should be created or if I can reuse the existing one? Would sharing of clusters also lead to security issues?

CodePudding user response：

Its better to create new cluster. You current cluster for internal use only, probably is running in a private subnet without any direct access from the internet. Thus, to add a public service to that cluster, you have to add a public subnet to your VPC, which is a security risk. For example, someone can launch a new internal service in a public subnet by accident if you keep mixing them. With dedicated cluster, thus dedicated VPC, a chance of such a mistake is limited.

CodePudding user response：

If your deployment is purely using Fargate, not EC2, then there's really no technical reason to split it into a separate ECS cluster, but there's also no reason to keep it in the same cluster. There's no added cost to create a new Fargate cluster, and logically separating your services into separate ECS clusters can help you monitor them separately in CloudWatch.