Howdy, I'm losing my mind trying to get my Fargate...
# getting-started
Howdy, I'm losing my mind trying to get my Fargate/ECS container to be able to access external services. It seems like any request that uses an external service is failing while other api request are working fine. Is there an egress security group I need to add or something similar?
There's an example in the docs that contains an
block -- have you tried this?
Do you tasks have public IPs, or in a subnet routed via a NAT GW?
Let me just attach the code I'm currently using.
Copy code
const cluster = new awsx.classic.ecs.Cluster('cluster');

export const alb = new 'net-lb', {
  external: true,
  securityGroups: cluster.securityGroups
const atg = alb.createTargetGroup('app-tg', { port: 4000, deregistrationDelay: 0, protocol: 'HTTP' });
export const webHTTPS = atg.createListener('webHTTPS', {
  external: true,
  port: 443,
  protocol: 'HTTPS',
  sslPolicy: 'ELBSecurityPolicy-2016-08',
  certificateArn: config.certificateArn

const fargateSecurityGroup = new aws.ec2.SecurityGroup('fargateSecurityGroup', {
  egress: [
      fromPort: 0,
      toPort: 0,
      protocol: '-1',
      cidrBlocks: [ '' ],
      ipv6CidrBlocks: [ '::/0' ]

const appService = new awsx.classic.ecs.FargateService('app-svc', {
  securityGroups: [, => ],
  taskDefinitionArgs: {
    container: {
      image: img.imageUri,
      cpu: 102 /*10% of 1024*/,
      memory: 50 /*MB*/,
      portMappings: [
        // webHTTP,
  desiredCount: 1
Basically have an ALB forwarding https traffic to the port used by the container. Not really sure if I should convert this to awsx instead of classic but the example I started this project with was using classic.
You need to provide networking configuration
To the FargateService? The non classic ones have a parameters
. Is that what you are talking about?
c Personally I would not recommend using
- they're a poorly document / maintained abstraction compared to the core packages.