ECS Service Discovery from other service outside VPC

Question

Can one service in ECS cluster c1 can call another service in cluster c2 using ECS service discovery (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-discovery.html). As they are both in different cluster they will be in different vpc as well.

Answer 1

I ran into this same question and requirement (with private DNS discovery) and contrary to what I thought it's not possible at the moment, below are all the steps I followed to sort out connectivity/networking between 2 VPCs in an AWS environment and also some requirements to get your ECS service discovery up and running, hopefully, this clarifies:

• Be sure your VPC has DNS hostnames enabled (so it will resolve your DNS internally).
• Create a VPC peering connection for your VPCs
• Be sure to update all the route tables needed to route the traffic through the peering connection
• Be sure to update any security group needed to allow traffic from the VPC and the specified port

From this point, I validated that service-discovery was working within my first VPC (let's called A) by using telnet, nslookup, or any other tool from another Task running in the A-VPC. Then I tested from an instance in B-VPC to ping and telnet directly to the private IP assigned to my Task in A-VPC and as expected the connection was successful, but when tried using the private DNS which is the all point I got the error: Unknown service (the error may vary depending on the tool used). After looking deeper into the issue I found out that CloudMap (which is one of the services used underneath for service discovery) will query for your DNS only within your VPC, for more information you can look into this considerations provided by AWS.

A possible solution for this is to use a Network Load Balancer or similar to route the connection to your service, but is a bit annoying because you could prescind from service-discovery and just use a Load Balancer solution.