amazon-web-services - AWS Fargate 无法解析私有 DNS 路由 53

问题描述

我有一个 Cloudformation，它以这种方式在 ECS 集群上创建 AWS Fargate：

  TaskDefinition:
    Type: 'AWS::ECS::TaskDefinition'
    Properties:
      RequiresCompatibilities:
        - FARGATE
      Cpu: !Ref ContainerCpu
      Memory: !Ref ContainerMemory
      ExecutionRoleArn: !Ref ExecutionRole
      TaskRoleArn: !Ref ExecutionRole
      ContainerDefinitions:
        - Name: !Sub ${ContainerName}
          Image: 'image-url-here'
          Essential: true
          HealthCheck:
            Command: ["CMD-SHELL", "test -f hc.log"]
          LogConfiguration:
            LogDriver: awslogs
            Options:
              awslogs-region: !Sub '${AWS::Region}'
              awslogs-group: !Sub '${FeatureName}-${MicroServiceName}'
              awslogs-stream-prefix: !Ref MicroServiceName
      Family: !Sub 'family-${FeatureName}-${MicroServiceName}'
      NetworkMode: awsvpc
    DependsOn: CloudWatchLogGroup
    
  ExecutionRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: !Join ['', [!Ref MicroServiceName, ExecutionRole]]
      AssumeRolePolicyDocument:
        Statement:
          - Effect: Allow
            Principal:
              Service: ecs-tasks.amazonaws.com
            Action: 'sts:AssumeRole'
      ManagedPolicyArns:
        - 'arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy'
    
    

我的 ECS 任务 Fargate 需要访问在 EC2 中运行的 API，因此我创建了一个具有以下地址的 DNS 私有托管区域：api.localaccount。但是当我尝试从我的 Fargate 访问这个 API 时，我得到了以下错误：

System.Net.Http.HttpRequestException: Name or service not known

我知道这个错误是因为我的 AWS Fargate 无法解析 DNS，但我不知道为什么。如果我从 EC2 访问同一个 DNS（api.localaccount），一切正常，所以我认为我的 DNS Route 53 没问题。

标签： amazon-web-servicesamazon-cloudformationamazon-route53aws-fargate