I want to connect to my ECS cluster in a private VPC and am a bit confused on what would be the best way to do so.
As I’ve understood it my options are:
API Gateway -> VPC Link -> Private NLB -> Private ECS cluster
Public ALB -> Private ECS Cluster
API Gateway HTTP API -> Private ALB -> Private ECS cluster
Ideally I want Cognito authorization, and from what I understand, all three options would support that.
What option should I go with and why?
Not really sure what you’re trying to run on ECS, but the easiest and secure way to connect a private VPC to ECS would probably be to use a VPC endpoint (AWS PrivateLink). You could use a load balancer in front of that too….not sure what API Gateway is doing in this architecture. If you are trying to publically connect to an ECS cluster in a private VPC, I’d probably go with an LB (ALB or NLB depending on your needs) or API Gateway into a LB then to your ECS cluster.