- Run one or more microservice based applications on an ECS cluster
- Expose the entrypoint proxy/router microservices publicly
- Keep the other microservices private
- Minimal AWS infrastructure
| Name | Rule Type | Port/Protocol | Source |
|---|---|---|---|
| External_ALB | Ingress | HTTPS | 0.0.0.0/0 |
| Internal_ALB | Ingress | HTTP | ECS |
| ECS | Ingress | ANY | External_ALB, Internal_ALB |
Made with draw.io, XML definition here.
Currently this version (danieladams456/aws-labs) uses an "internal service discovery" security group that is shared between ECS and the internal ALB. The design here allows for single dedicated security groups for each resource. I will update it when I get a chance.