As the name suggests, I've setup a simple application stack with a Java (Spring Boot) backend and another Mongo Express client with ECS Fargate. The Mongo DB is setup in a completely separate host and it's accessible from the Fargate stack without issue. So far everything is working fine - both Java and Mongo Express clients connect to the database successfully during start up (I check the logs). I have setup correct inbound rules in the SG (security group) allowing both ports for Java and Mongo Express.
However, I can only access the Java app via its port (8080) and Mongo Express port (8081) is hanging when I try to connect.
Do I need to setup a reverse proxy or some sort (Nginx?) to route network to Mongo Express? As far as I know, I could directly communicate to the port (8081 in this case) without Nginx as long as a routing method is implemented in the application, like in Express server. I don't know much about Mongo Express or Node.js but I can see from documentation it needs Node.js to run.
Anyone got any idea why I cannot access the Mongo Express client using http://<public_ip>:<port>? I appreciate any clue so I can think through to figure this out.
Below are the ECS task definition and service definition.
Task Definition
{
"family": "service-connect-backend-task",
"executionRoleArn": "*************************",
"taskRoleArn": "************************",
"networkMode": "awsvpc",
"containerDefinitions": [
{
"name": "java",
"image": "********************************",
"cpu": 256,
"memory": 512,
"portMappings": [
{
"name": "java-8080",
"containerPort": 8080,
"protocol": "tcp",
"appProtocol": "http"
}
],
"essential": true,
"environment": [
{
"name": "DB_HOST",
"value": "****************"
},
{
"name": "SPRING_ACTIVE_PROFILE",
"value": "develop"
}
],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-create-group": "true",
"awslogs-group": "/ecs/service-connect-java-backend",
"awslogs-region": "********",
"awslogs-stream-prefix": "java"
}
},
"healthCheck": {
"command": [
"CMD-SHELL",
"echo HealthOk"
],
"interval": 5,
"timeout": 2,
"retries": 3,
"startPeriod": 10
}
},
{
"name": "mongo-express",
"image": "mongo-express",
"cpu": 256,
"memory": 512,
"portMappings": [
{
"name": "mongoexpress-8081",
"containerPort": 8081,
"protocol": "tcp",
"appProtocol": "http"
}
],
"essential": true,
"environment": [
{
"name": "ME_CONFIG_BASICAUTH_PASSWORD",
"value": "****************"
},
{
"name": "ME_CONFIG_MONGODB_AUTH_USERNAME",
"value": " ****************"
},
{
"name": "ME_CONFIG_MONGODB_SERVER",
"value": "****************"
},
{
"name": "ME_CONFIG_BASICAUTH_USERNAME",
"value": "****************"
},
{
"name": "ME_CONFIG_MONGODB_AUTH_PASSWORD",
"value": "****************"
},
{
"name": "ME_CONFIG_MONGODB_AUTH_DATABASE",
"value": "admin"
}
],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-create-group": "true",
"awslogs-group": "/ecs/service-connect-mongo-express",
"awslogs-region": "******",
"awslogs-stream-prefix": "mongo-express"
}
}
}
],
"cpu": "512",
"memory": "1024"
}
Service Definition
{
"cluster": "ce-develop-cluster",
"deploymentConfiguration": {
"maximumPercent": 200,
"minimumHealthyPercent": 100
},
"deploymentController": {
"type": "ECS"
},
"desiredCount": 1,
"enableECSManagedTags": true,
"enableExecuteCommand": true,
"launchType": "FARGATE",
"networkConfiguration": {
"awsvpcConfiguration": {
"assignPublicIp": "ENABLED",
"securityGroups": [
"****************"
],
"subnets": [
"****************"
]
}
},
"platformVersion": "LATEST",
"propagateTags": "SERVICE",
"serviceName": "service-connect-backend-service",
"serviceConnectConfiguration": {
"enabled": true,
"services": [
{
"portName": "java-8080",
"clientAliases": [
{
"dnsName": "backend",
"port": 80
}
]
},
{
"portName": "mongoexpress-8081",
"clientAliases": [
{
"dnsName": "mongo-express",
"port": 81
}
]
}
],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-create-group": "true",
"awslogs-group": "/ecs/service-connect-backend-proxy",
"awslogs-region": "********",
"awslogs-stream-prefix": "service-connect-backend-proxy"
}
}
},
"taskDefinition": "service-connect-backend-task"
}
Edit 1: I've used ECS Service Connect here aiming for some more applications to be added to the stack in future - like a React client that can talk to the backend via service connect namespace. But I don't know whether it has an impact when accessing a container directly from internet.
Edit 2: I disabled the service connect and updated the service and I still get the same result.