I have an architecture similar to https://github.com/aws-samples/ecs-refarch-cloudformation
I would like to know if I can have an AutoScalingGroup with instances in private subnets without using NAT Gateway?
I was experimenting with removing the NATs and adding VPC endpoints but I always end up with problem like this:
2022-08-21 10:55:07 UTC+1000 <MY_ECS_TEMPLATE> CREATE_FAILED The following resource(s) failed to create: [ECSAutoScalingGroup].
2022-08-21 10:55:07 UTC+1000 ECSAutoScalingGroup CREATE_FAILED Received 0 SUCCESS signal(s) out of 1. Unable to satisfy 100% MinSuccessfulInstancesPercent requirement
2
Answers
Sadly no. But you can create a vpc interface endpoints for ecs which will enable communication with ecs from your private subnets, without the need for internet and nat.
But the error can be also from cloudformation (CFN) which can’t get information back if ec2 instanses launched correctly. So you may need to add vpc endpoints for CFN as well.
I had similar issue. We use AWS Batch, which is based on AutoScaling Groups. We use squid proxy for internet access from private subnets. After I created few endpoints as mentioned before, spot VM started. Next I had to update AMI for these VM and set proper proxy/noproxy. And it works.