Provide an example for a fully private cluster with Private Isolated Subnets and VPC Interface Endpoints #9
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
… it creates a VPC with only private subnets without NAT Gateway. - VPC Interface Endpoints to ECR, Docker and OCI client endpoints and Cloudwatch - VPC Gateway Endpoint for S3 This is to provide a fully private Cluster and access to the Service Endpoints internally. Also, I changed the ALB to be private by changing internetFacing variable to false on the attached file services.ts.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation:
I am a Support Engineer from AWS from the containers profile, and was helping a customer who was looking for an example of ECS Blue/Green in a cluster without Internet Gateway.
So I decided to provide an example to the customer by modifying this example.
Modified the file cluster.ts which creates the VPC Resources, and now it creates
This is to provide a fully private Cluster and access to the Service Endpoints internally.
Also, I changed the ALB to be private by changing internetFacing variable to false on the attached file services.ts.
In case this PR is accepted, I would suggest creating a new branch called privatecluster and merge the changes on this PR This will provide customers with an example of ECS blue/green in a fully private cluster with Private Isolated Subnets and VPC Interface Endpoints on this repository.
We can also change README to explain there is another branch with example for deployment in a private cluster.
I have tested a deployment in the fully private cluster and it works successfully, please see attached.
