@AndreyBelym sorry for the super late response, but I have some initial test results.
While not exactly scalable, just as a first phase to connect to the container, I noticed the immediate problem is passing the IP to testcafe itself. By default, ECS containers are bridged
That's ok, I can grab the EC2 instance meta data to find the IP address. The ports are directly shared between the host and container in host mode, so I don't need to worry about ALB stuff (yet).
Anyway, the real problem lies in telling testcafe the real IP. If I try to run the test "as is," the connected browser will try to refresh to the local ECS ip (172.17.0.x) which isn't externally facing. I tried passing the new IP address as well as the instance hostname as a hostname but I think that has its own bag of problems when it tries to resolve it ( ERROR The specified [ip-address] hostname cannot be resolved to the current machine). Are there any ways to override the IP testcafe uses?
EDIT: host mode shares ports directly not bridge. Need to revisit, sorry