Launch Amazon ECS Cluster in a private subnet with extra care!
Let’s start this post with the description of an unusual behavior I got to see while launching an ECS Cluster in a private subnet through the ECS Console. The instance launched in this cluster was still having a public IP instead of residing in the private subnet. Strange, isn’t it?
After hours of struggle, it came to notice that when an ECS Cluster is launched it creates a CloudFormation stack to create a AutoScaling Group and AutoScaling LaunchConfiguration, which by default has the following property set: associatePublicIpAddress. This forces your Instance to have a Public IP associated on launch. So, the next question which follows is — How to disable Public IP allocation for ECS Cluster instances?
There are two ways of doing this —
1. Create an empty cluster using the ECS Console and then manually create Auto Scaling Group and Launch Configuration to attach with the empty cluster.
But it may seem a lengthy approach to some people(like me!) for the cluster creation. No worries, there is a simpler way of doing the same with the use of few commands. Here’s the second alternative-
2. Use the ecs-cli to create the cluster which provides an option ` —no-associate-public-ip-address` with `ecs-cli up` command. If you haven’t used the ecs-cli before then you can get stared in three simple steps-
→ 1. Install ecs-cli
Refer to the aws docs at this link and install ecs-cli as per your system requirements.
→ 2. Configure the ECS CLI
The Amazon ECS CLI requires some basic configuration information before you can use it, such as your AWS credentials, the AWS region in which to create your cluster, and the name of the Amazon ECS cluster to use.
Command to configure:
ecs-cli configure --cluster <cluster_name> --region <region_name>
→3. Create the ECS Cluster
Use ecs-cli up command to create the cluster with the cluster name you configured in the previous step.
Command:
ecs-cli up --keypair <Key-pair name> --capability-iam --size <no_of_instances> -- subnets <subnet-id> -- vpc <vpc-id> --instance-type <instance_type> --no-associate-public-ip-address --launch-type <launch_type> -- cluster <Cluster_name> --region <region_name>
Note — There are other options which you can use with this command. Refer official docs for more information.
That’s it! As we specified in our last command --no-associate-public-ip-address yes so now no instance in the cluster will have a public IP. It took me time to get the root cause of problem and resolve it so I found it worth sharing.
If you found the post helpful then please do Clap :)
