When creating an AWS ECS Fargate Service is there a way to set the generated Network Interface's Source/dest check
field to false
?
The service is set-up following the ECS Fargate getting started guide. The service is running a squid Proxy, which I believe needs to be able to accept traffic destined for other IPs, similar to a NAT.
Altering the src/dest check field after creation gives permissions denied errors, despite having full Administrator permissions:
Failed to update the source/destination check for eni-12345abcde: You do not have permission to access the specified resource.
I think the message is misleading, and Network Interfaces cannot be modified (or deleted) while they are attached, as I've seen similar when attempting to delete Interfaces despite having permissions to do so.
Is there a way to set or modify an ECS Fargate service's Network Interface to skip the src/dest check?