Task networking with the bridge network mode
Amazon ECS tasks that use the bridge network mode use Docker's built-in virtual network, which runs inside each container. The bridge is an internal network namespace that allows each container that's connected to the same bridge network to communicate with each other. It also provides an isolation boundary from containers that aren't connected to the same bridge network.
With the bridge network mode, you use static or dynamic port mappings to map ports in the container with ports on the Amazon EC2 host. For more information, see Choosing a network mode in the Amazon ECS Best Practices Guide .
Thanks for letting us know we're doing a good job!
If you've got a moment, please tell us what we did right so we can do more of it.
Thanks for letting us know this page needs work. We're sorry we let you down.
If you've got a moment, please tell us how we can make the documentation better.
- Stack Overflow Public questions & answers
- Stack Overflow for Teams Where developers & technologists share private knowledge with coworkers
- Talent Build your employer brand
- Advertising Reach developers & technologists worldwide
- About the company
Collectives™ on Stack Overflow
Find centralized, trusted content and collaborate around the technologies you use most.
Q&A for work
Connect and share knowledge within a single location that is structured and easy to search.
Health check on container port and host port in ECS + ALB
I have a problem with my deployment in ECS.
I try to deploy 4 instances of 2 docker images on 2 EC2 instances with an ALB in front.
So in my tasks definitions, I use the dynamic port mapping (2 Nginx on container port 80).
This creates a trouble in the Health check of my target group. In fact, for each instance, I have a health check on the dynamics port (that is ok) and on the container port (80).
So can you help me ton find why I have that type of error (this error make my server terminated each 5 minutes....)
Thanks in advance for your help :D
- Turn on logging for your instances. When this has happened to me it meant the instance was throwing an error. – George Whitaker May 29, 2017 at 11:01
2 Answers 2
So to me it looks like you aren't completely using dynamic port mapping. For dynamic port mapping you have
Client -> ALB (port 80) -> EC2 host (dynamic port) -> container (dynamic port) -> nginx (port 80)
None of your healthchecks should be hitting port 80 since the only thing that uses port 80 is external connection into your application and nginx (but it is mapped to a different port). For ALB healthchecks all you really need is a path to hit and the port will default to the port that it connects on.
See the host port mapping in this doc: http://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_PortMapping.html
ALB Health Check Docs: http://docs.aws.amazon.com/elasticloadbalancing/latest/application/target-group-health-checks.html
I found the solution with the AWS support.
So there are two problems here:
To disable the health which kill the EC2 instance, go to the auto scaling group and switch health check to "EC2" type
To remove the health check on port 80, go to the auto scaling group, and under "Target groups" section, removes the target groups managed by ECS
- 1 Thanks bud, It doesn't make any sense. You have not solved any problem worth solving really. Just removed a listener. – Decebal Aug 23, 2018 at 15:16
Sign up or log in, post as a guest.
Required, but never shown
Not the answer you're looking for? Browse other questions tagged amazon-web-services amazon-ec2 amazon-ecs health-monitoring elastic-load-balancer or ask your own question .
- The Overflow Blog
- How Intuit democratizes AI development across teams through reusability sponsored post
- The nature of simulating nature: A Q&A with IBM Quantum researcher Dr. Jamie...
- Featured on Meta
- We've added a "Necessary cookies only" option to the cookie consent popup
- Launching the CI/CD and R Collectives and community editing features for...
- Staging Ground Beta 1 Recap, and Reviewers needed for Beta 2
- The [amazon] tag is being burninated
- Temporary policy: ChatGPT is banned
Hot Network Questions
- How can I detect that \centering is in effect?
- Is it suspicious or odd to stand by the gate of a GA airport watching the planes?
- A limit involving the quotient of two sums
- Does a summoned creature play immediately after being summoned by a ready action?
- About an argument in Famine, Affluence and Morality
- Copyright issues when journal is defunct
- Movie with vikings/warriors fighting an alien that looks like a wolf with tentacles
- nicematrix: add ttfamily in the last-col
- Follow Up: struct sockaddr storage initialization by network format-string
- The region and polygon don't match. Is it a bug?
- Why are Suriname, Belize, and Guinea-Bissau classified as "Small Island Developing States"?
- Acidity of alcohols and basicity of amines
- How do particle accelerators like the LHC bend beams of particles?
- QGIS - Countif function
- Topological invariance of rational Pontrjagin classes for non-compact spaces
- Euler: “A baby on his lap, a cat on his back — that’s how he wrote his immortal works” (origin?)
- Is there a solutiuon to add special characters from software and how to do it
- What can a lawyer do if the client wants him to be acquitted of everything despite serious evidence?
- What is the purpose of this D-shaped ring at the base of the tongue on my hiking boots?
- Does Counterspell prevent from any further spells being cast on a given turn?
- Theoretically Correct vs Practical Notation
- "We, who've been connected by blood to Prussia's throne and people since Düppel"
- Why are trials on "Law & Order" in the New York Supreme Court?
- Do roots of these polynomials approach the negative of the Euler-Mascheroni constant?
Port mappings allow containers to access ports on the host container instance to send or receive traffic. Port mappings are specified as part of the container definition. If you use containers in a task with the awsvpc or host network mode, specify the exposed ports using containerPort.
Open the Amazon ECS console, and then set the host port to 0 for the task definition that you're creating or updating. Be sure to set the container port mappings for your application. Important: The host and awsvpc network modes do not support dynamic host port mapping.
It also provides an isolation boundary from containers that aren't connected to the same bridge network. With the bridge network mode, you use static or dynamic port mappings to map ports in the container with ports on the Amazon EC2 host. For more information, see Choosing a network mode in the Amazon ECS Best Practices Guide.
ECS uses 4 networking modes. awsvpc, bridge, host and none. None is not relevant here as there is no networking there. For awsvpc, the container gets its own ENI. Which means that your container will act as a host and the port that you expose will be the port that you serve on.
For dynamic port mapping you have Client -> ALB (port 80) -> EC2 host (dynamic port) -> container (dynamic port) -> nginx (port 80) None of your healthchecks should be hitting port 80 since the only thing that uses port 80 is external connection into your application and nginx (but it is mapped to a different port).