Recently, we had a customer who wants to run ECS Task on Fargate in a Private Subnet.

Here, at Bobcares, we assist our customers with several AWS queries as part of our AWS Support Services.

Today, let us see how we can run the task.

Run ECS Task on Fargate in a Private Subnet

It is possible for us to run the Fargate tasks in private subnets.

However, we make sure to have internet access for certain operations, like pulling an image from a public repository, etc.

We can provision the NAT gateway in public subnets to provide outbound internet access to Fargate tasks that don’t require a public IP address.

Resolution

Moving ahead, let us see the methods our Support Techs employ in order to perform the task.

Create a VPC

We have to create an Amazon VPC with a public and private subnet.

Create a NAT gateway

We use NAT gateway for instances in a private subnet to connect to services outside the VPC.

When we create it, we make sure that we:

• Place the NAT gateway inside the public subnet.
  
• Update the route table of the private subnet.

For Destination, we enter 0.0.0.0/0. Then for Target, we select the ID of the NAT gateway.

Create an Amazon ECS cluster and service

• Initially, we create an Amazon ECS cluster using the Networking only template (powered by Fargate).

• Then we create an Amazon ECS service.

When we configure the network for the service, we make sure to:

• Select the cluster that we created in step 1 for the cluster VPC.
  
• And then to select the private subnet from the NAT gateway.
  

Now, your new tasks will be launched in the private subnet.

[Need help with the steps? We are here for you]

Conclusion

To conclude, we can run the Fargate tasks in private subnets. Today, we saw how our Support Techs perform the same for our customers.