I have two fargate tasks running in two different clusters, the first one is running on port 3000 and can receive requests from anyone, the second one is running on port 8080 and can be accessed only by the first one. Both are in the same Security Group and VPC.

I created an inbound rule to allow public access for the first one, then I tried to create other inbound rule to enable the access for the second through security group ingress. But when the first service tries to access the second, I receive an Timeout Error.

When I allow the public access to the second service, the communication works properly, but I cannot allow it for forever.

Each service has a loadbalancer configured, but I already tried to access the service by his task public ip without success too.

Anyone has any idea what I am doing wrong?? The inbound rules for the security group can be checked in this image

CodePudding user response：

If the first service tries to access the second service by the second service's public IP, then the traffic will to out to the Internet and back, which will destroy the association with the network traffic's association with the origin security group.

To keep the traffic inside the VPC, and to make sure the security group rules apply as intended, the first service needs to connect to the second service via the second service's private IP.

If you are using a load balancer for the second service, then it needs to be an internal load balancer, not an external load balancer.