Home > OS >  Will I need an ELB to access private ECS Containers or a NAT Instance/Gateway?
Will I need an ELB to access private ECS Containers or a NAT Instance/Gateway?

Time:04-07

I have just configured Octopus Deploy container in ECS in a private subnet. The database and ECS cluster both are in private subnets. I am using a bastion host to connect to the sql server and I am able to access the containerized octopus deploy web page from the bastion but not from my local computer. Would an ALB solve this or would I need both NAT gateway and elb? Or just a NAT instance? Both? I know I need them in a public subnet but do not want to over or under provision resources for this use case.

Thanks!

CodePudding user response:

You have three options:

  • Move the Octopus Deploy ECS task into a public subnet, and assign it a public IP address.
  • Create an ALB in a public subnet, that forwards traffic to the ECS container.
  • Port forwarding through the bastion host

A NAT Gateway is for outbound traffic originating inside the VPC. It provides your private resources with the ability to connect to the Internet. You are trying to initiate a connection from the Internet, so a NAT gateway won't help with that.

  • Related