AWS Certified Solutions Architect - Professional 2020

Sign Up Free or Log In to participate!

Connect to private ECS cluster – API Gateway or ALB?

I want to connect to my ECS cluster in a private VPC and am a bit confused on what would be the best way to do so.

As I’ve understood it my options are:

API Gateway -> VPC Link -> Private NLB -> Private ECS cluster

Public ALB -> Private ECS Cluster

API Gateway HTTP API -> Private ALB -> Private ECS cluster

Ideally I want Cognito authorization, and from what I understand, all three options would support that.

What option should I go with and why?

1 Answers

Hi Daniel,

Not really sure what you’re trying to run on ECS, but the easiest and secure way to connect a private VPC to ECS would probably be to use a VPC endpoint (AWS PrivateLink).  You could use a load balancer in front of that too….not sure what API Gateway is doing in this architecture.   If you are trying to publically connect to an ECS cluster in a private VPC, I’d probably go with an LB (ALB or NLB depending on your needs) or API Gateway into a LB then to your ECS cluster.


Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?