# deployment-ecs


05/25/2023, 11:32 PM
Trying dagster for the first time, and deploying to ECS. The example on the dagster github worked perfectly. However, when I try to restrict access to only specific IPs, it doesn’t work. I recognize this is more likely a general-aws issue rather than a dagster issue, but wondering if anyone else had this issue. I went to the network load balancer’s security group sg-<> - dagster-DefaultNetwork-<> And removed the allow anyone rule, and added my own IP (as well as IP of colleagues) in both IPV4 and IPV6, and can’t access Dagster. When I re-add the rule, I can access dagster again
Update: had to turn the load balancer to an ALB by turning the docker compose port to this: ports: - target: 3000 x-aws-protocol: http
D 1

Yusuf Shalaby

06/03/2023, 5:49 PM
Went through the same process as you. By default docker will spin up a network load balancer if the target port isn’t 80 or 443, which fails the health check when the security group is restricted. Maybe should be documented to save others some time.
👍 1

shigeaki onoda

07/21/2023, 5:04 PM
I actually got the same thing to work using NLB and turning on
. Now you can whitelist any IPs you want.