I have a setup of 2 services: A and B. There is a requirement that:
- Service B should be able to access service A
- Users inside the corporate VPN can access service B
I have provisioned the setup using Terraform ECS service discovery, where I specified service A with a service_registries section. The aws_service_discovery_private_dns_namespace and aws_service_discovery_service are specified as followed.
resource "aws_service_discovery_private_dns_namespace" "example" {
name = "hoge.example.local"
description = "example"
vpc = aws_vpc.example.id
}
resource "aws_service_discovery_service" "example" {
name = "example"
dns_config {
namespace_id = aws_service_discovery_private_dns_namespace.example.id
dns_records {
ttl = 10
type = "SRV"
}
routing_policy = "MULTIVALUE"
}
health_check_custom_config {
failure_threshold = 1
}
}
I can see a CloudMap entry created, with the correct namespace, and service name pointing to the correct IP address. When I access this IP address directly http://10.1.0.16:9000 (under VPN), I can access service A, but when I use http://example.hoge.example.local:9000, then the browser wait indefinitely for a response. I read from a few documents that SRV record lookup is different from A record lookup, but I have no clue how to fix this.
The diagram of the setup is included.
Many thanks!
