ECS Orchestration Part : Service to Service Communication

By /

Listen to this Post

The Elastic Container Service (ECS) on AWS is a powerful solution for running containerized workloads without the overhead of managing a control plane. When services within ECS need to communicate, AWS provides two primary methods: ECS Service Discovery and ECS Service Connect.

ECS Service Discovery

This method uses AWS Cloud Map to enable DNS-based service discovery. Services are mapped to IP addresses, allowing seamless communication via familiar DNS queries.

ECS Service Connect

A more advanced approach, ECS Service Connect, leverages Envoy proxy sidecars to manage traffic between services. It supports features like mTLS (mutual TLS) for secure communication, similar to service meshes like Istio.

You Should Know:

1. Terraform Setup for ECS Service Discovery

resource "aws_service_discovery_private_dns_namespace" "example" {
name = "example.local"
vpc = aws_vpc.main.id
}

resource "aws_service_discovery_service" "example" {
name = "example-service"
dns_config {
namespace_id = aws_service_discovery_private_dns_namespace.example.id
dns_records {
ttl = 10
type = "A"
}
}
}

2. Enabling ECS Service Connect with Terraform

resource "aws_ecs_service" "example" {
name = "example-service"
cluster = aws_ecs_cluster.example.id
task_definition = aws_ecs_task_definition.example.arn
service_connect_configuration {
enabled = true
namespace = aws_service_discovery_private_dns_namespace.example.arn
service {
client_alias {
port = 80
}
port_name = "http"
discovery_name = "example-service"
}
}
}

3. Key AWS CLI Commands

  • List ECS services:
    aws ecs list-services --cluster my-cluster
  • Describe service discovery namespaces:
    aws servicediscovery list-namespaces
  • Check Envoy proxy logs in ECS:
    aws logs tail /ecs/example-task --log-group-name /ecs/example-group

4. Linux Networking Debugging Commands

  • Check DNS resolution:
    dig example-service.example.local
  • Verify mTLS connectivity:
    openssl s_client -connect example-service:443 -showcerts

What Undercode Say

AWS ECS provides flexible service communication options, from traditional DNS-based discovery to modern Envoy-powered Service Connect. Using Terraform automates deployment, while AWS CLI and Linux networking tools help troubleshoot. Secure communication via mTLS ensures compliance, making ECS a robust choice for microservices.

Expected Output:

  • Functional ECS service discovery via Cloud Map.
  • Secure service-to-service communication with Envoy and mTLS.
  • Automated infrastructure provisioning using Terraform.

Reference:

ECS Orchestration Part 2: Service to Service Communication

References:

Reported By: Darryl Ruggles – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Related Posts: