ECS 비용 최적화 VPC endpoint service vs NAT gateway

이번에 하려는 일은 ecs의 설정 시 비용 문제에 관해 다루어 보려고 한다.

 

 

ecs를 사용하려고 비용을 보니까. ec2나 다른 기타 비용은 얼마 안나오는데 vpc비용이 과하게 크게 잡혔다. 이걸 확인해본 결과 ecs와 private subnet안에 있는 인스턴스와 연결을 위한 vpc endpoint에 관련하여 비용이 많이 나왔다는 것을 알 수 있었다. 

https://docs.aws.amazon.com/ko_kr/AmazonECS/latest/developerguide/vpc-endpoints.html 참고 자료

 

 

내가 연결한 vpc endpoint 목록

 

여기서 s3 gateway같은 경우 fargate를 사용할 때 연결하라고 되있고

ssm은 aws parameterstore를 쓰기위해 등등 연결이 되어 있었다. 
https://docs.aws.amazon.com/ko_kr/systems-manager/latest/userguide/setup-create-vpc.html

 

그리고 계산식을 보자

가용영역 2개 + vpc엔드포인트 6개,  데이터는 ecr의 이미지 업로드라 10기가 정도로 잡았다. 사실 더나와도 20기가는 안나올 것이다. 이미지 200mb * 50 하면 대충 10기가 이므로 50번은 배포하는데 무리가 없다고 판단.

계산하니 113달러 

 

나 같은 경우는 endpoint 9개에 가용영역을 3개씩 잡으니까 256달러가 찍히는 마법을 볼 수 있었다. 

 

https://www.reddit.com/r/aws/comments/18rgfaz/private_fargate_cluster_vpc_endpoints_vs_nat/

From the aws community on Reddit

레딧 글이다. 

 

As always it is complicated. I wrote a long comment about this about a year ago on this subreddit and I'm kind of lazy to retype it so I'll copy and paste here (https://www.reddit.com/r/aws/comments/10e3ykt/comment/j4vmycf/?utm_source=reddit&utm_medium=web2x&context=3)

In general, I recommend using NAT gateway if you are using ECS.
NAT gateway is easier as it is generic and works for everything you might need to talk to. VPC endpoints are on a service by service basis, and some services require multiple VPC endpoints. ECS requires three different VPC endpoints for example:
com.amazonaws.region.ecs-agent
com.amazonaws.region.ecs-telemetry
com.amazonaws.region.ecs
The cost of three ECS VPC endpoints across three AZ's is actually the same as two NAT gateways
3 x ECS endpoint x 3 AZ's x $0.01 per hour = $0.09 per hour
2 x NAT gateway (for redundancy) x $0.045 per hour = $0.09 per hour
If your app uses ECS, plus one or two other AWS services which require VPC endpoints you will find that the combined cost of all those VPC endpoints exceeds the cost of simply adding a shared NAT gateway to your VPC. A NAT gateway will function for as many services as you might need to talk to, and you only need one per AZ.
The place where VPC endpoints become attractive in my personal opinion is if you have super heavy data flowing through a NAT gateway, for example heavy S3 or DynamoDB usage. In that case adding a VPC endpoint for S3 and a VPC endpoint for DynamoDB can offload bandwidth from your NAT gateway onto the cheaper VPC endpoint bandwidth:
VPC endpoint cost per GB of data is $0.01
NAT gateway cost per GB of data is $0.045
In short if you use ECS and/or multiple other AWS services with fairly light bandwidth needs, then just run one or two shared NAT gateways as it will be cheaper than running dozens of VPC endpoints. Optionally add additional VPC endpoints for bandwidth heavy services like S3 or DynamoDB as needed to offload some networking from the NAT gateway to save bandwidth costs.

Now the other aspect that I didn't mention in that post is that S3 and DynamoDB both have what are called "Gateway endpoints" where you don't pay any extra charge per GB for the data flowing through the gateway. This is a huge benefit over both PrivateLink endpoints and NAT gateway as you really don't want to pay a per GB cost on all your communications to S3 or to your database.

 

이 내용이 내가 생각하는 방향이랑 같았다. 거기에 추가적으로 조만간 사이드 프로젝트로 채팅을 만들려고 하는데 여기에 dynamodb를 도입해보고픈 마음이 있었는데 여기에는 오히려 엔드포인트 서비스가 더 좋다고 나와있다.