Public DNS namespace for service discovery is not accessible on the internet

Question

I have a container running on ECS as a Fargate service. It has a service discovery with a public DNS namespace "frontend.example.com".

I can access the container when I call the public IP, but not using the public DNS namespace..

I also tried pointing a Route53 DNS record to this public DNS namespace "frontend.example.com", but that did now work as well.

Is this even possible? Because I read on some forums that you can access a fargate service only with an ALB connected to the service namespace or updating the public IP address on the Route53 each time the fargate container is updated.

So again in short, can I use the public DNS namespace (created by CloudMap) attached to a fargate service (with service discovery) to access it from the internet?

Answer 1

CloudMap is for communications between your services, inside your private VPC. You really should use an ALB to expose your ECS service publicly on the Internet.

Answer 2

You can register the public IP with cloudmap manually, but you might as well just use a normal route53 zone.

ECS doesn't support autoregistering the public IP. And here's why it's dangerous to do that: public IPs are shared / recycled between customers. Your task could die, the ip could be released, and another customer could take it ... all before you update your DNS... and your traffic is going to another customer's instance. Not a good idea.

As far as storing a private ip in a public namespace, it is easier to resolve public dns, than worrying about VPC or VPN private lookups.