I have a cluster with a mixture of services running on EC2 and Fargate, all being used internally. I am looking to deploy a new Fargate Service which is going to be publicly available over the Internet and will get around 5000 requests per minutes.
What factors do I need to consider so that I can choose if a new cluster should be created or if I can reuse the existing one? Would sharing of clusters also lead to security issues?
CodePudding user response:
Its better to create new cluster. You current cluster for internal use only, probably is running in a private subnet without any direct access from the internet. Thus, to add a public service to that cluster, you have to add a public subnet to your VPC, which is a security risk. For example, someone can launch a new internal service in a public subnet by accident if you keep mixing them. With dedicated cluster, thus dedicated VPC, a chance of such a mistake is limited.
CodePudding user response:
If your deployment is purely using Fargate, not EC2, then there's really no technical reason to split it into a separate ECS cluster, but there's also no reason to keep it in the same cluster. There's no added cost to create a new Fargate cluster, and logically separating your services into separate ECS clusters can help you monitor them separately in CloudWatch.