services.x-network

services:
  serviceA:
    x-network:
      AssignPublicIp: bool
      Ingress: {}
      x-cloudmap: {}

AssignPublicIp

This flag allows to assign an Elastic IP to the container when using awsvpc networking mode.

Hint

Make sure to set your service to be in a subnet that use an Internet Gateway , such as PublicSubnets , otherwise routing won’t work.

Tip

See Deploy services with EIP on public subnets to have a full example of how to implement this feature.

Tip

To select which subnets to place the services, see networks

Ingress

This allows you to define specific ingress control from external sources to your environment. For example, if you have to whitelist IP addresses that are to be allowed communication to the services, you can list these, and indicate their name which will be shown in the EC2 security group description of the ingress rule.

Ingress Syntax reference

Ingress:
  ExtSources: []
  AwsSources: []
  Myself: True/False
Ingress Example
services:
  app01:
    x-network:
      Ingress:
        ExtSources:
          - IPv4: 0.0.0.0/0
            Name: all
          - IPv4: 1.1.1.1/32
            Source_name: CloudFlareDNS
        AwsSources:
          - Type: SecurityGroup
            Id: sg-abcd
          - Type: PrefixList
            Id: pl-abcd
        Myself: True/False

Tip

You can define the SG from another AWS account by setting AccountOwner in the Security group definition.

Tip

You can define which ports to open per source using the Ports list.

Hint

If you enter a port number that is not in the Ports list, it will be ignored.

Hint

The protocol is automatically detected based on the port definition. By default, it is TCP

Hint

To see details about the Ingress for Load Balancers, refer to Ingress

Hint

When using an ALB, you do not need to define that ALB security group etc., all inbound rules will be defined automatically to allow the ALB to communicate with your service!

x-cloudmap

Refer to x-cloudmap for more details on how to use it.

Map VPC subnets to docker-compose networks

AWS VPC to network mapping
networks:
  internal:
    x-vpc: InteralCustomSubnets

x-vpc:
  VpcId:
    Tags: []
  AppSubnets:
    Tags: []
  PublicSubnets:
    Tags: []
  StorageSubnets:
    Tags: []
  InteralCustomSubnets:
    Tags: []

services:
  serviceA:
    networks: [internal]

JSON Schema

Model

services.x-network specification

services.x-network

The services.x-network specification for ComposeX

type

object

properties

  • AssignPublicIp

type

boolean

  • AdditionalSecurityGroups

Define additional security groups to use.

type

object

patternProperties

  • ^[a-zA-Z0-9._-]+$

The definition of the security group to use

oneOf

The security group ID to use. It must belong to the same VPC you are deploying to

type

string

x-resources.common.spec.json#/definitions/Lookup

additionalProperties

False

  • x-cloudmap

oneOf

When you want to register the service into CloudMap. First port listed in ports[] used.

type

string

Allows you to register the service to multiple registries, and/or use a specific port.

type

object

patternProperties

  • [a-zA-Z0-9-_.]+$

The name of the object is the name of the x-cloudmap::<map>.

type

object

properties

  • Port

The port to register in SRV record

type

number

maximum

65535

minimum

0

  • Name

Name of the service. Do not include the cloudmap hostname. Overrides the ecs.task.family.hostname deploy label

type

string

additionalProperties

False

additionalProperties

False

  • Ingress

ingress.spec.json

additionalProperties

False

definitions

Definition

{
  "$schema": "http://json-schema.org/draft-07/schema#",
  "id": "services.x-network",
  "$id": "services.x-network.spec.json",
  "type": "object",
  "title": "services.x-network specification",
  "description": "The services.x-network specification for ComposeX",
  "additionalProperties": false,
  "properties": {
    "AssignPublicIp": {
      "type": "boolean"
    },
    "AdditionalSecurityGroups": {
      "description": "Define additional security groups to use.",
      "type": "object",
      "additionalProperties": false,
      "patternProperties": {
        "^[a-zA-Z0-9._-]+$": {
          "description": "The definition of the security group to use",
          "oneOf": [
            {
              "type": "string",
              "description": "The security group ID to use. It must belong to the same VPC you are deploying to"
            },
            {
              "$ref": "x-resources.common.spec.json#/definitions/Lookup"
            }
          ]
        }
      }
    },
    "x-cloudmap": {
      "oneOf": [
        {
          "type": "string",
          "description": "When you want to register the service into CloudMap. First port listed in ports[] used."
        },
        {
          "type": "object",
          "description": "Allows you to register the service to multiple registries, and/or use a specific port.",
          "additionalProperties": false,
          "patternProperties": {
            "[a-zA-Z0-9-_.]+$": {
              "type": "object",
              "description": "The name of the object is the name of the x-cloudmap::<map>.",
              "additionalProperties": false,
              "required": [
                "Port"
              ],
              "properties": {
                "Port": {
                  "description": "The port to register in SRV record",
                  "type": "number",
                  "minimum": 0,
                  "maximum": 65535
                },
                "Name": {
                  "type": "string",
                  "description": "Name of the service. Do not include the cloudmap hostname. Overrides the ecs.task.family.hostname deploy label"
                }
              }
            }
          }
        }
      ]
    },
    "Ingress": {
      "$ref": "ingress.spec.json"
    }
  },
  "definitions": {
  }
}