New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Port mappings: add support of port ranges #194
Comments
You're correct that we don't currently support specifying port ranges directly in task definitions. There is indeed a limit on the number of reserved and utilized ports. This limit, per the docs, is 50. If you have more information on your use-case, it could help us in evaluating that limit. Best, |
It would be nice to have this feature as I have a similar use case where the application requires a large number of ports (1 thousand ports) in order to communicate with the another instance running on a different host. |
+1 |
Since docker supports port ranges I would expect that it should be possible to specify port ranges by ECS agent too. |
+1 |
1 similar comment
👍 |
+1 |
+1 |
+1 |
2 similar comments
+1 |
+1 |
I would also like this to allow us to restrict containers to different ports so I can define security groups and only allow upstream services to access specific services running in ECS. |
+1 @euank I know this has been added to the use cases already, but FTP is what we require this for. We're adding passive ports in manually and we can only allow 49 concurrent PASV connections with the 50 port limit (with 1 for the control port on 21). |
+1 |
+1 |
At least, the 50 ports limit should throw an useful error message in the agent. Currently it just shows this misleading events message (in the AWS console):
|
+1 |
Couchbase server cluster using ECS Weave but managing ports is becoming a pain: |
+1 I'm hosting a ftp proxy daemon, and it needs to support a range of ports for passive mode. The range is 200 ports, and is impossible to achieve at the moment. Are there any plans to support this? |
+1 |
1 similar comment
+1 |
This is important requirement and we are going to hugely use ECS. Are you guys working on it ? When this could be available? |
I created this issue more than a year ago. |
For those who are trying to setup an FTP server inside a ECS task container and are trying to allow PASV connections and bump into the limitations of ECS-agent. Please know that there is a simple solution that does not require you to define all potential dynamic pasv ports that you defined in your server configuration. |
This is also a major blocker for us, is there a timeline for this? |
Confirmed that using |
Thank you very much, after struggling for two days, this finally helped ! |
Does this mean we can specify a narrower range of ports in the Security Group? is there a setting to match the dynamic port range to the Security group port range... IE we dont need 20,000 ports as a possibility. |
+1 Erlang node clustering. Ports 4369 and the range 9100 - 9155 are the default. |
+1 |
1 similar comment
+1 |
+1 (FTP) |
+1 Running dask worker with Currently it requires to add all the ports individually. |
+1 as per PCI DSS requirements of not having that huge amount of open ports. |
In Fargate only |
+1 |
+1 We're using fargate to house a TURN (rfc5766) server and this would really be helpful! |
+1 |
what was your solution @mmoallemi99 ? I'm trying to find if there's a way to support WebRTC using ECS FARGATE. The ICE negotiation works great (tested using this tool) both outside or inside a container, but I am still unable to establish communication from outside with a peer located inside a container. All Security Groups and Network ACLs currently allow TCP/UDP traffic for WebRTC interaction. |
I remember taking care of it with Terraform range function, pragmatically generating static port values in the end. |
Any update about this? |
Hi there!
Some applications do require wide range of open ports and the only option we have at the moment is to set them explicitly (e.g. one by one) when defining tasks.
I think that it would be useful to allow use of port ranges, like
Also, I've noticed that ecs-agent throws an error if there is > 100 ports specified in task definition, regardless of port numbers:
Please advice.
The text was updated successfully, but these errors were encountered: