Connect to Fargate Task from Bastion (and another fargate task)


I am trying to make one fargate task connect to another task in the task group. I am using what seems to be the correct hostname.

Additionally, my bastion server seems unable to connect to fargate tasks directly by their IP address. I am trying to connect on a listening TCP port via http. This works fine through an internal Alb - but I have a definite use case whereby I need to address tasks directly with known hostnames.

Is it a security group issue maybe?

Hi @nickoslester
can you share (the relevant parts of) the CloudFormation template that wires the modules together?

We use 2 stacks: Base stack has Bastion Module:

    Type: 'AWS::CloudFormation::Stack'
        VpcModule: !GetAtt 'Vpc.Outputs.StackName'
        IAMUserSSHAccess: true
        InstanceType: 't2.nano'
        KeyName: "ec21"
        LogGroupRetentionInDays: 14
        SubDomainNameWithDot: 'ssh.'
      TemplateURL: './node_modules/@cfn-modules/ssh-bastion/module.yml'

Tried exporting thethe module to use as a parameter in the other stack to use as ClientSgModule2 in the fargate task:

    Value: !GetAtt BastionModule.Outputs.StackName
      Name: !Sub '${AWS::StackName}-BastionModule'

So second stack:

Parameter specified:

    Type: String

The fargate task:

    Type: AWS::CloudFormation::Stack
        AlertingModule: !GetAtt 'Alerting.Outputs.StackName'
        VpcModule: !Ref VpcStackName
        ClusterModule: !GetAtt 'Cluster.Outputs.StackName'
        TargetModule: !GetAtt 'TargetIntProcessRaw.Outputs.StackName'
        ClientSgModule1: !Ref MskStackName
        ClientSgModule2: !Ref BastionModuleStackName
        AppEnvironment1Key: KAFKA_BOOTSTRAP_SERVERS
        AppEnvironment1Value: !Ref KafkaBootstrapUrls
        AppEnvironment2Key: SCHEMA_REGISTRY
        AppEnvironment2Value: !Sub 'http://${AlbInt.Outputs.DnsName}:8081'
        AppImage: <hidden>
        AppPort: '8898'
        Cpu: '0.25'
        Memory: '0.5'
        DesiredCount: '2'
        MaxCapacity: '2'
        MinCapacity: '2'
        LogsRetentionInDays: '14'
        SubnetsReach: Private
        AutoScaling: 'false'
        HealthCheckGracePeriodSeconds: '1200'

Meant to add. I can’t see why one Fargate Task can’t see another and why Bastion Host can’t see any Fargate Task.

Its important that tasks can see each other as they operate in a kafka streams cluster and need to be able to ‘talk’ to each other.

Your config looks very unusual. What module is TargetIntProcessRaw?

Let me understand what you try to accomplish.

  • :white_check_mark: Bastion host wants to connect to Kafka cluster
  • Bastion host wants to connect to Fargate service
  • Fargate service A wants to connect to Fargate service B


Hi Michael

TargetIntProcessRaw is the Alb load balancer Target (sorry for not adding it)

First two points correct. (Though Bastion can already connect to MSK brokers)
Last one is more like

Fargate Task A wants to connect to Task B (both are Tasks in the same service.

Many thanks!

I have an update. I created a client-sg and attached it to the service as ClientSgModule3. Then (manually in AWS web application I added inbound rules for the port in question) - and it works. However I need to figure out if we can achieve this with the cfn templates.

I believe that we have two missing features that you require:

  1. Bastion host support:
  2. Task-to-task communication within a service

A missing feature that is not your requirement:

  1. Service A wants to talk to Service B

Let me know if this covers your use case and I can work on that next week.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.