services.x-network ¶

          services:
  serviceA:
    x-network:
      AssignPublicIp: bool
      Ingress: {}
      x-cloudmap: {}

         

AssignPublicIp ¶

This flag allows to assign an Elastic IP to the container when using awsvpc networking mode.

Hint

Make sure to set your service to be in a subnet that use an Internet Gateway , such as PublicSubnets , otherwise routing won’t work.

Tip

See Deploy services with EIP on public subnets to have a full example of how to implement this feature.

Tip

To select which subnets to place the services, see networks

Ingress ¶

This allows you to define specific ingress control from external sources to your environment. For example, if you have to whitelist IP addresses that are to be allowed communication to the services, you can list these, and indicate their name which will be shown in the EC2 security group description of the ingress rule.

Ingress Syntax reference ¶

            Ingress:
  ExtSources: []
  AwsSources: []
  Myself: True/False

           

Ingress Example ¶

             services:
  app01:
    x-network:
      Ingress:
        ExtSources:
          - IPv4: 0.0.0.0/0
            Name: all
          - IPv4: 1.1.1.1/32
            Source_name: CloudFlareDNS
        AwsSources:
          - Type: SecurityGroup
            Id: sg-abcd
          - Type: PrefixList
            Id: pl-abcd
        Myself: True/False

            

Tip

You can define the SG from another AWS account by setting AccountOwner in the Security group definition.

Tip

You can define which ports to open per source using the Ports list.

Hint

If you enter a port number that is not in the Ports list, it will be ignored.

Hint

The protocol is automatically detected based on the port definition. By default, it is TCP

Hint

To see details about the Ingress for Load Balancers, refer to Ingress

Hint

When using an ALB, you do not need to define that ALB security group etc., all inbound rules will be defined automatically to allow the ALB to communicate with your service!

x-cloudmap ¶

Refer to x-cloudmap for more details on how to use it.

Map VPC subnets to docker-compose networks ¶

AWS VPC to network mapping ¶

            networks:
  internal:
    x-vpc: InteralCustomSubnets

x-vpc:
  VpcId:
    Tags: []
  AppSubnets:
    Tags: []
  PublicSubnets:
    Tags: []
  StorageSubnets:
    Tags: []
  InteralCustomSubnets:
    Tags: []

services:
  serviceA:
    networks: [internal]

           

JSON Schema ¶

Model ¶

services.x-network specification ¶

services.x-network
The services.x-network specification for ComposeX
type	object
properties
AssignPublicIp	type	boolean
AdditionalSecurityGroups	Define additional security groups to use.
	type	object
	patternProperties
	^[a-zA-Z0-9._-]+$	The definition of the security group to use
		oneOf	The security group ID to use. It must belong to the same VPC you are deploying to
			type	string
			x-resources.common.spec.json#/definitions/Lookup
	additionalProperties	False
x-cloudmap	oneOf	When you want to register the service into CloudMap. First port listed in ports[] used.
		type	string
		Allows you to register the service to multiple registries, and/or use a specific port.
		type	object
		patternProperties
		[a-zA-Z0-9-_.]+$	The name of the object is the name of the x-cloudmap::<map>.
			type	object
			properties
			Port	The port to register in SRV record
				type	number
				maximum	65535
				minimum	0
			Name	Name of the service. Do not include the cloudmap hostname. Overrides the ecs.task.family.hostname deploy label
				type	string
			additionalProperties	False
		additionalProperties	False
Ingress	ingress.spec.json
additionalProperties	False
definitions

Definition ¶

            {
  "$schema": "http://json-schema.org/draft-07/schema#",
  "id": "services.x-network",
  "$id": "services.x-network.spec.json",
  "type": "object",
  "title": "services.x-network specification",
  "description": "The services.x-network specification for ComposeX",
  "additionalProperties": false,
  "properties": {
    "AssignPublicIp": {
      "type": "boolean"
    },
    "AdditionalSecurityGroups": {
      "description": "Define additional security groups to use.",
      "type": "object",
      "additionalProperties": false,
      "patternProperties": {
        "^[a-zA-Z0-9._-]+$": {
          "description": "The definition of the security group to use",
          "oneOf": [
            {
              "type": "string",
              "description": "The security group ID to use. It must belong to the same VPC you are deploying to"
            },
            {
              "$ref": "x-resources.common.spec.json#/definitions/Lookup"
            }
          ]
        }
      }
    },
    "x-cloudmap": {
      "oneOf": [
        {
          "type": "string",
          "description": "When you want to register the service into CloudMap. First port listed in ports[] used."
        },
        {
          "type": "object",
          "description": "Allows you to register the service to multiple registries, and/or use a specific port.",
          "additionalProperties": false,
          "patternProperties": {
            "[a-zA-Z0-9-_.]+$": {
              "type": "object",
              "description": "The name of the object is the name of the x-cloudmap::<map>.",
              "additionalProperties": false,
              "required": [
                "Port"
              ],
              "properties": {
                "Port": {
                  "description": "The port to register in SRV record",
                  "type": "number",
                  "minimum": 0,
                  "maximum": 65535
                },
                "Name": {
                  "type": "string",
                  "description": "Name of the service. Do not include the cloudmap hostname. Overrides the ecs.task.family.hostname deploy label"
                }
              }
            }
          }
        }
      ]
    },
    "Ingress": {
      "$ref": "ingress.spec.json"
    }
  },
  "definitions": {
  }
}

           