are fargate ECS task public IP addresses limited?

are fargate ECS task public IP addresses limited?

Question:

I have some autoscaling ECS tasks with AssignPublicIp set to true. The running tasks all get public IP addresses but I cannot find anywhere in the documentation if there are limits are on the number of IP addresses I can use. I know that Elastic IP addresses are limited per account but it doesn’t seem like ECS tasks are given Elastic IP addresses (at least I don’t see any Elastic IP addresses in use in the AWS console).

Will AWS give me as many IP addresses as I have running ECS tasks? I know it won’t be limitless as I think I can run up to 2,000 tasks.

Answer:

It depends on the launch type for the ECS task you are running: FARGATE or EC2. [1]

FARGATE

Tasks using the Fargate launch type require the awsvpc network mode, which provides each task with an elastic network interface. [2]

Thus, the network interfaces limit of 5000 per region applies if you configure your Fargate task to use ENIs without public IP. [3]

If you decide to use public IP addresses, the service quota “Public IP addresses for tasks using the Fargate launch type” applies and limits the number of public IP addresses used by tasks using the Fargate launch type (per region) to 100. This is also the default quota for the maximum number of tasks using the Fargate launch type (per region). [4]

EC2

For the EC2 launch type, we must look at the different types of task networking [5][6].

  • awsvpc
    Since each task attaches an ENI, the max. number of public IPs is bound to the VPC limit of 5000 ENIs and the max. number of ENIs per instance you are using (depends on instance type and size). There is also a limit of launched instances per region, but it is a soft limit which can be increased. [7]
  • none
    Must not be considered because it disables network access completely.
  • host/bridge
    Multiple tasks run as separate containers on the host and utilize the EC2 instance’s ENI. Thus, all tasks share the public IP of the instance (if the instance is assigned one). The limit of public IPs is determined by the number of instances you are able to launch and the number of ENIs you are able to create. You will be able to launch definitely more tasks than there are EC2 instances (and public IP addresses assigned to them) in the cluster as long as your memory/cpu characteristics allow the placement of multiple tasks per container instance.

References

[1] https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html
[2] https://docs.aws.amazon.com/AmazonECS/latest/developerguide/AWS_Fargate.html#fargate-tasks-networkmode
[3] https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html
[4] https://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_ecs
[5] https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html
[6] https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#network_mode
[7] What is the AWS Public IP Limit? (Public IP not Elastic IP)

Leave a Reply