How to enable Service to service communication

derbexuk · March 12, 2020, 6:27pm

That works, thanks Michael.

One more question if I may, my cluster has 2 services one needs to talk to the other, how does it refer to it? I ticked the ‘Service Discovery’ box in the ECS console and that did the trick, but what do I use in the templates?

Configuration is via an environment variable, I jut don’t know what to set the value to.

michael · March 12, 2020, 6:29pm

Hi Jeremy,

I moved your last post into a new topic to make it easier to search/find for others.

Let me ask one question: Do you need to ensure on the network layer that service b can only be reach from service a? or can both services be public and handle authentication in the application layer?

derbexuk · March 13, 2020, 8:10am

Hi Michael,

the first scenario, that service b can only be reached from service a, is the one I am after. So I guess a public and a private subnet and nat gateway so the containers can load perhaps?

michael · March 18, 2020, 10:26am

I’m working on a solution right now that requires two load balancers (see https://github.com/cfn-modules/alb-listener/pull/6 for status).

The public service would use the setup that we have in the book with one addition, add one parameter:

ClientSgModule1: !GetAtt 'ClientSg.Outputs.StackName'

The private service that can only be reached from the public service would look like this:

ClientSg:
    Type: 'AWS::CloudFormation::Stack'
    Properties:
      Parameters:
        VpcModule: !GetAtt 'Vpc.Outputs.StackName'
      TemplateURL: './node_modules/@cfn-modules/client-sg/module.yml'
  AlbPriv:
    Type: 'AWS::CloudFormation::Stack'
    Properties:
      Parameters:
        VpcModule: !GetAtt 'Vpc.Outputs.StackName'
        Scheme: internal
      TemplateURL: './node_modules/@cfn-modules/alb/module.yml'
  AlbPrivListener:
    Type: 'AWS::CloudFormation::Stack'
    Properties:
      Parameters:
        AlbModule: !GetAtt 'AlbPriv.Outputs.StackName'
        ClientSgModule: !GetAtt 'ClientSg.Outputs.StackName'
      TemplateURL: './node_modules/@cfn-modules/alb-listener/module.yml'
  AlbPrivTarget:
    Type: 'AWS::CloudFormation::Stack'
    Properties:
      Parameters:
        AlbModule: !GetAtt 'AlbPriv.Outputs.StackName'
        AlbListenerModule: !GetAtt 'AlbPrivListener.Outputs.StackName'
        VpcModule: !GetAtt 'Vpc.Outputs.StackName'
        AlertingModule: !GetAtt 'Alerting.Outputs.StackName'
        Priority: '2'
        HealthCheckPath: '/health-check.php' # TODO change to your health check!
      TemplateURL: './node_modules/@cfn-modules/ecs-alb-target/module.yml'
  PrivService:
    Type: 'AWS::CloudFormation::Stack'
    Properties:
      Parameters:
        TargetModule: !GetAtt 'AlbPrivTarget.Outputs.StackName'
        # [...]
      TemplateURL: './node_modules/@cfn-modules/fargate-service/module.yml'

We do not support AWS Cloud Map for service discovery at the moment.

michael · March 18, 2020, 3:32pm

You can find working example here: https://github.com/cfn-modules/docs/pull/32

derbexuk · March 18, 2020, 3:49pm

Thanks Michael,

I have a bit of code to get out of the door, but I will have a look as soon as I can.

Jeremy Hoyland

michael · June 4, 2020, 10:01am