I am trying to run a simple FastAPI application as a task in AWS ECS. The API should be reachable on the default port 8000. Unfortunately, I am not able to reach that port. The task itself seems to be running, the logs indicate nothing unexpected and the security group is set to accept traffic on the required port.
According to Cloudwatch, the very last log entry states that the application startup was successful and the API is listening on port 8000, as intended, leading me to believe that the task itself is working as intended.
Cloudwatch shows API has started successfully.
The underlying Dockerfile (built with podman) exposes port 8000 and the task definition includes a port mapping 8000 -> 8000.
The network mode is awsvpc. Launch type is fargate.
For debugging purposes, I have resorted to using a security group that allows all inbound traffic on all ports from all IP addresses. Starting up a simple "first-run-task-definition-task", provided by AWS works fine with this security group and on connecting to port 80, I see the intended message. But for my API task, the connection still fails with this SG.
Running mmap -sV <task-public-ip> for my API task indicates that there are no open ports at the public IP address for my API, but it shows that port 80 is open for the "first-run-task-definition-task".
Is there something I am missing about the deployment?
Looking at the logs screenshot, I see that the Uvicorn service running in your docker container is only binding to the 127.0.0.1 address. So it will currently only accept network traffic from other things running in the same docker container, or other containers running in the same ECS Fargate Task.
You need to modify the startup command for the container to specify a host address of 0.0.0.0 in order for the service to accept network traffic from anywhere. It looks like this may be the docker image you are using. If so, it shows in the documentation that you would need to specify the host in the startup command:
CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "80"]
Note that that also changes the port to 80.