services.x-network ¶
UseCloudmap: bool
Ingress: {ingress_definition}
Contents
UseCloudmap ¶
Boolean to turn on or off the integration to CloudMap for the services.
Default: False
Note
If you want to use appmesh and define x-appmesh in the template, automatically, all services will be registered in AWS CloudMap.
Ingress definition ¶
This allows you to define specific ingress control from external sources to your environment. For example, if you have to whitelist IP addresses that are to be allowed communication to the services, you can list these, and indicate their name which will be shown in the EC2 security group description of the ingress rule.
Syntax reference ¶
Ingress:
ExtSources: []
AwsSources: []
Myself: True/False
services:
app01:
x-network:
Ingress:
ExtSources:
- IPv4: 0.0.0.0/0
Name: all
- IPv4: 1.1.1.1/32
Source_name: CloudFlareDNS
AwsSources:
- Type: SecurityGroup
Id: sg-abcd
- Type: PrefixList
Id: pl-abcd
Myself: True/False
Note
Future feature is to allow to input a security group ID and the remote account ID to allow ingress traffic from a security group owned by another of your account (or 3rd party).
Hint
The protocol is automatically detected based on the port definition. By default, it is TCP
Hint
To see details about the Ingress for Load Balancers, refer to Ingress
Hint
When using an ALB, you do not need to define that ALB security group etc., all inbound rules will be defined automatically to allow the ALB to communicate with your service!
Map VPC subnets to docker-compose networks ¶
networks:
internal:
x-vpc: InteralCustomSubnets
x-vpc:
VpcId:
Tags: []
AppSubnets:
Tags: []
PublicSubnets:
Tags: []
StorageSubnets:
Tags: []
InteralCustomSubnets:
Tags: []
services:
serviceA:
networks: [internal]
In some cases, you might have complex VPC topology and created new specific Subnets in x-vpc , and map that subnet name to a docker-network defined network. Then later, you can set your service in the services definition to be put into that network.