Where can I find the IP of EC2 instance where API (other service) is deployed on ECS?

Question

I was asked by the devops of my company to test wether I had access to to the instance where the tool is hosted, access to the bastion host, data, and at the tool deployment process (API and frontend) before modifying it. So I wanted to test wether I had Access API locally

Access API locally (on API example)

$ ssh -L<local-port>:ec2-user@<stage-or-prod-instance-ip>:<host-port>
ubuntu@<stage-or-prod-bastion-ip>

where:

• <local-port> - local port
• <stage-or-prod-instance-ip> is IP of EC2 instance where API (other service) is deployed. Check the IP in Elastic Container Service using AWS console.
• <host-port> is a Host Port (dynamically assigned - check in AWS ECS console)
• <stage-or-prod-bastion-ip> - stage or prod bastion IP

e.g.:

$ ssh -L3000:ha.ha.he.he:32980 [email protected]

get JWT token from utils/get_token.sh (toke is automatically exported as TOKEN env var)

send request to API (or other service) endpoint using curl:

$ curl -XPOST -H "Authorization: Bearer $TOKEN" localhost:5000/api/data/studies-metadata

I set up tunnel to API (other service) instance following using the same as the one given as an example to the doc, and this might be the whole problem, maybe this address is not the one where the API is deployed but I don't know how I can find the others on the Elastic Container Registry. So I did:

ssh -L3000:ha.ha.he.he:32980 [email protected]

With the true ha.ha.he.he and hi.hi.ho.ho from the doc (I put this mockup text just because I am not sure it is sensitive information.

Then I got the token with:

export TOKEN=$(aws secretsmanager get-secret-value  \
               --secret-id dev/api/token \
               --query SecretString \
               --output text | jq ".TOKEN" -r)

echo $TOKEN

And last I tried on port 5000 of the localhost:

    ubuntu@ip-10-0-0-238:~$  curl -XPOST -H "Authorization: Bearer $TOKEN" localhost:5000/api/data/studies-metadata
    curl: (7) Failed to connect to localhost port 5000: Connection refused

So I guessed it wasn't the right port? I tried to look at what was going out of this machine :

ubuntu@ip-10-0-0-238:~$ sudo netstat -anp | grep -i tcp | grep -i listen
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      251314/systemd-reso
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      658/sshd: /usr/sbin
tcp6       0      0 :::22                   :::*                    LISTEN      658/sshd: /usr/sbin

Fine, but none of these looks like the /api/data/studies-metadata I was looking for ...

So I am thinking I am not on the right machine so I thought about looking for <stage-or-prod-instance-ip> the IP of EC2 instance where API (or other services) is deployed. I check the IP in Elastic Container Service using AWS console:

I did this query within the instance I connected to via ssh:

ubuntu@ip-10-0-0-238:~$ aws ec2 describe-instances  --query "Reservations[].Instances[].PrivateIpAddress" --output text
10.0.0.238      10.0.1.238

So I guess I connected to the wrong instance? How can I connect to the other one?

I am a true begineer in AWS.