Discover the public IP address of an AWS Fargate container in a Docker entrypoint script

tl;dr: you must use the +tcp option with dig

We needed the public IP address to configure PASV_ADDRESS for a vsftpd service we’re running under AWS Fargate. Unfortunately, there’s no direct way for a Docker entrypoint script to get the current public IP address.

There are some annoyingly-complicated ways using AWS api’s, etc, but the simple solution is to use an external service. A quick Internet search revealed many references to this:

dig +short myip.opendns.com @resolver1.opendns.com

But if you have tried this from inside a Fargate-managed container, you have probably seen this:

root@ip-10-0-0-16:~# dig +short myip.opendns.com @resolver1.opendns.com
;; connection timed out; no servers could be reached

It turns out that DNS uses the User Datagram Protocol (UDP) and Fargate networking was blocking dig’s UDP request. Fortunately, dig has an option to make requests via TCP. Using the +tcp option, you should be able to get the public IP address like this:

root@ip-10-0-0-16:~# dig +tcp +short myip.opendns.com @resolver1.opendns.com
18.207.116.219