ECS Networking – (awsvpc, bridge, host, none)

Hello of us, Elastic Container Service is without doubt one of the container choices from AWS. ECS helps us to run any variety of docker containers throughout a managed cluster of EC2 situations. It helps to isolate our workloads and helps obtain sooner time to market with environment friendly scaling in place. It’s safe and you may simply migrate your on prem container workload to ECS and again.

Let’s deep dive and look into the completely different community sorts on ECS and see how they’re completely different from each other.



Now we have 4 Community modes in ECS:

  • awsvpc: It allocates a seperate Elastic Community Interface (ENI) to the duty and likewise allocates a major IPV4 tackle to it. The duty networking behaves identical as an EC2 occasion networking.

On this you’ll be able to see a warning which says the containers within the activity will share an ENI and port mappings can solely specify container ports.

Image description

We can’t set host port mappings because the community mode is awsvpc.

When you create the service we will verify within the activity, an ENI is assigned to the duty and all of the containers inside it.

Image description

If we SSH into the occasion and curl the non-public IP related to the duty ENI, we will entry the web site working on the container.
Image description

On this community mode we can’t entry the web site utilizing the Job Host (EC2) Public or Personal IP.

  • bridge: In Bridge Community mode, the duty makes use of the built-in Docker VNet (Digital Community) which additionally permits the duty to speak with different duties.

Image description

As soon as we choose the bridged community mode for the duty we will see an related host port mapping obtainable with the container port.

Image description

If we verify activity networking the container doesn’t have any extra community because it makes use of solely the Docker Digital Community.

Image description

We will entry the web site working on the container utilizing the DockerHost IP (Amazon EC2).

Image description

  • host: Host community mode facilitates the duty to bypass the Docker built-in VNet (Digital Community) and maps the container port on to the duty host (Amazon EC2) ENI. In consequence, we can’t run a number of situations of the identical activity when Port Mappings are used and the community mode is host.

Image description

The container shall be utilizing on this case the occasion community stack.

Image description

We are able to entry the web site working on the container utilizing the Docker Host Public IP (EC2 Occasion Public IP).

Image description

  • none: Blackhole, the duty doesn’t have any exterior community connectivity.

Image description

You shall see a message stating that the container won’t have any exterior connectivity within the community part of the duty.

Image description

I hope this has helped you get an concept of ECS networking. Comply with me for extra blogs on AWS & DevOps.
Be happy to attach with me on LinkedIn!

Add a Comment

Your email address will not be published. Required fields are marked *