I need help to assign domain from namecheap to newly created fargate tasks. I’ve setup codepipeline inside the AWS that builds and deploys my project. Now I am facing the multiple solutions for my problem and I can’t choose which one to follow. The problem that I am facing is that everytime new task is spawn it gets new IP and I can’t create static A record for it inside Route 53.
I’ve tried creating Network Balancer following this guide I’ve found -> https://repost.aws/knowledge-center/ecs-fargate-static-elastic-ip-address. but nothing more than that because I am wasting AWS resources making this work.
2
Answers
Normally with ECS, I would create an application load balancer (ALB) to front ECS tasks. You can associate that LB to your domain and ACM certificate for the domain. If the namecheap domain isn’t in route53, you can still point to the public IP of your ALB.
Doing this eliminates all maintenance when your cluster scales up or down and provides you with a better security foot print as your ALB will terminate TLS (NLBs won’t) and you can use WAF/Shield to protect you from incoming traffic.
You have multiple solutions. First you can configure an Application Load Balancer or Network Load Balancer (either will work). You use the loadBalancers request parameter to hook up the Service with the ALB Target Group: https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_CreateService.html. For TLS, you can register a certificate with AWS Certificate Manager. And then you will create an ALIAS Record inside Route 53 Hosted Zone which points to the AWS specific Resource. Alias Record is a special Record Type in Route 53 that allows you to point to AWS Resources like ALBs, S3 Buckets, Cloudfront Distributions, etc. There are use cases to use NLB over ALB, particularly if you are leveraging AWS PrivateLink to connect to an external service and that services uses an Interface VPC Endpoint.
Now if you have inter-instance communication and you want your instances to communicate privately via a hostname, then you can use AWS Cloud Map and configure a private hosted zone in Route 53, specifying a namespace and service and it will automatically create an A record when an instance registers to the cloudmap service.