(aws-ecs): Assign public IP is not supported for this launch type

[mostafafarzaneh]

I am trying to create an ECS service using the EC2 launch type and want to assign a public IP address to it.

Reproduction Steps

task_definition = ecs.Ec2TaskDefinition(self, "TD",
                network_mode=ecs.NetworkMode.AWS_VPC,
                proxy_configuration=appmesh_config,
                task_role=iam.Role.from_role_arn(self, "TaskRole",
                                                 self.ecs_task_role.role_arn),
                )

service = ecs.CfnService(self, "SRV",
        capacity_provider_strategy=[ecs.CfnService.CapacityProviderStrategyItemProperty(
                base=0,capacity_provider=self.capacity_provider.ref,weight=1)],
        cluster=self.cluster.cluster_arn,
        desired_count=1,
        network_configuration=ecs.CfnService.NetworkConfigurationProperty(
                awsvpc_configuration=ecs.CfnService.AwsVpcConfigurationProperty(
                        subnets=self.network.vpc.select_subnets(subnet_type=ec2.SubnetType.PUBLIC).subnet_ids,
                        assign_public_ip="ENABLED",
                        security_groups=[self.ecs_host_security_group.security_group_id])),
        service_registries=[ecs.CfnService.ServiceRegistryProperty(
                    registry_arn=cloud_map.service_arn)], 
        task_definition=task_definition.task_definition_arn
        )

What did you expect to happen?

I want to assign public IP address to the EC2

What actually happened?

I get the Assign public IP is not supported for this launch type error

Environment

• CDK CLI Version : 1.91.0

Other

I should mention that because I use a capacity provider other than FARGATE, I have to use CfnService instead of Ec2Service API. here

---

This is 🐛 Bug Report

[SoManyHs]

Hi @mostafafarzaneh!

Do you have private and public subnets set up in the VPC you are trying to launch this in? It might be helpful to include the code you are using to spin up your ECS cluster, but this looks like you are trying to assign a a public IP address while using awsvpc network mode. However, as per the docs:

task ENIs are not given public IP addresses. To access the internet, tasks should be launched in a private subnet that is configured to use a NAT gateway.

Also, I would recommend using the Ec2Service construct rather than the raw CfnService construct, as that will come with more useful defaults and validations.

Let me know if that helps!

[mostafafarzaneh]

this looks like you are trying to assign a a public IP address while using awsvpc network mode

Yes. I am trying to do this. Because Fargate is using awsvpc and can be assigned public IP to it, I thought it would be ok to set public Ip to Ec2 instances that using awsvpc.

Also, I would recommend using the Ec2Service construct rather than the raw CfnService construct, as that will come with more useful defaults and validations.

Because the Ec2Service construct does not allow me to assign a custom capacity provider I have to use CfnService construct. Take look at it here.

[SoManyHs]

Right, so unfortunately you cannot assign a public IP to services using the EC2 launch type and awsvpc networking mode.

Also, Autoscaling group capacity providers are not yet fully supported in CloudFormation -- you can follow the progress of that issue here. We also are tracking it on the ECS project board here.

Closing this issue for now, but please feel free to reopen if you have further questions!

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

[LajosPolya]

@mostafafarzaneh
You can set the following:
Network Mode to NetworkMode.HOST
Leave assignPublicIp to false
Leave vpcSubnets as undefined
Leave securityGroups as []

You can find the public IP and the public DNS as follows:
AWS Console -> Amazon Elastic Container Service -> Clusters -> cluser_name -> Infrastructure -> Container instance -> container_instance_id -> Public IP or Public DNS respectively

An example can be found here:
https://github.com/LajosPolya/aws-cdk-templates/blob/main/deploy-ecs-with-ec2/lib/deploy-ecs-with-ec2-stack.ts#L9

This uses the container host's public IP.
More info can be found here under the "Using a public subnet and internet gateway" heading