Currently, I'm trying to figure out how to configure communication between ECS services. I'm planning to have the following setup:
- Backend service
- Fronted service
- One application load balancer
I have the following options in my mind:
- Configure 2 target groups for ALB and forward requests according to path. For instance,
alb.amazonaws.com/backend/
will forward a request to thebackend-target-group
which will supply the request to the backend ECS tasks. - In each ECS task run a script which will retrieve IP addresses of running tasks using AWS cli and service discovery. Not sure if this will work and it is relatively hard to test.
None of them seems like the right way to do it. I don't want to use a separate ALB for each service because of financial limits. What I'm thinking of is some kind of internal DNS name for ECS services. I've examined the following links, but can't figure out how to apply it to my case.
- https://docs.aws.amazon.com/cloud-map/latest/dg/what-is-cloud-map.html
- https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-discovery.html
- https://aws.amazon.com/blogs/aws/amazon-ecs-service-discovery/
- https://aws.amazon.com/blogs/compute/task-networking-in-aws-fargate/
Related issue: AWS ECS container communication
So, ideally what I would like to achieve is: having an internal DNS name for the backend services and send requests from the fronted services to the backend.
You've pretty much covered the options right.
ECS Service Discovery would be my first pick - all containers will automatically register in the service discovery domain and will be accessible that way. Easy, transparent, cheap.
Internal Application Load Balancer with different paths for different target groups would be my second choice. You don't want to mix your external-facing and internal traffic on one ALB, but having two - internal and external - is a perfectly valid architecture. May be worth the extra $20/month or so for one more ALB.
AWS App Mesh - I haven't worked with that personally but looks like it may well do what you need. The title says Application-level networking for all your services
API Gateway is also an option. Your backend may need some slight changes to work with that but nothing major.
Hope that helps :)