Deploy to ECS with Octopus hosted on another AWS Account

fausto.ruvalcaba · 16 June 2023 16:01

Hi,

Setting

We have two AWS accounts, one for our CICD which is where Octopus Server is hosted and a test account where I want to deploy to ECS. Everything in our set up is locked down, so internet access is also locked down. The Octopus Server cannot reach the ECS cluster directly, so I built an Octopus Worker (and set up the appropriate roles for ECS administration and proper security groups).

Problem

My issues is that when I try to deploy an ECS Release, I get a timeout with the worker trying to hit a public AWS IP Address.

Since the ECS Cluster is within that same account as the worker, is there a way for it to not go over the internet? I can set up VPC Endpoints for ECS and Cloud Formation, but i don’t see where that can be configured on the Deploy ECS step.

Thank you!

Daniel_Fischer · 19 June 2023 01:48

Hi @fausto.ruvalcaba,

Thanks for getting in touch! I’m wondering if you could be encountering this issue?

I’m currently setting up some AWS resources to test this on my end to try and reproduce your issue, though the above GitHub issue sounds similar to what you’ve described. Have a look through it and let me know if it sounds like it fits.

If not, then I’ll need to get some further details from you to help narrow down exactly what’s causing your worker timeout and assist in my reproduction.

To start, could you let me know what version of Octopus you’re currently using? Next, would you be able to send me a copy of the full raw deployment logs where you’re encountering the timeout error?

I’ve authorized your email address to upload files here.

Looking forward to hearing from you and getting to the bottom of this.

Best regards,
Daniel

fausto.ruvalcaba · 20 June 2023 15:57

Hi @Daniel_Fischer,

I’ll go over the issue you mentioned and try to apply it here.

I uploaded the full raw deployment logs as well as the raw log from a failed deployment.
We are using V2022.4 (Build 8394).

I’ll keep you posted on my findings.

Thanks for your help!

fausto.ruvalcaba · 21 June 2023 19:33

After working on this, VPC endpoints are what we need. Once I set up an VPC Endpoint for ECS and CloudFormation the ECS Step in Octopus successfully deploys the image.

Thanks for your help @Daniel_Fischer!