Home > Mobile >  Private EC2 instances shows unhealthy in elb
Private EC2 instances shows unhealthy in elb

Time:11-01

I am trying to reach two private subnet EC2 instances from ELB in public subnet. But the instances are always showing as unhealthy. I tried lot of options but nothing worked.

Here is the configuration I tried:

1.Created VPC DNS resolution: Enabled DNS hostnames: Disabled

  1. Created 2 Public subnets and 2 Private Subnets. The only difference between these two is the Route table. Auto-assign public IPv4 address is set to "No" in Public Subnet

I have added Internet gateway as a route in Route table of public subnet.

Public subnet - Route Table enter image description here

Private subnet - Route table enter image description here

  1. Created Two EC2 instances in Private subnet . Userdata set to apache webserver

  2. The Security group of the instances enter image description here

  3. Created an ALB in Public subnet

ALB Security group config is :

enter image description here

Have also added default security group in ALB: enter image description here

Target group is showing unhealthy for the private EC2 instances enter image description here

Any help on pointing out why this fails?

CodePudding user response:

Either the EC2 instances are not receiving the request, or they are receiving the request but aren't responding with a 'healthy' response.

Test that the instances are responding to requests

You could launch an EC2 instance in the public subnet, SSH to it and then send requests directly to the EC2 instances to see if they respond (eg curl http://private-ip-address).

If they respond correctly, then the instances themselves are fine and the problem lies with the Load Balancer.

Check the Load Balancer security group

You have shown the Inbound rules for the Load Balancer, but you should also check that the Outbound rules permit traffic to exit the Load Balancer and go to the EC2 instances.

CodePudding user response:

First and foremost - check the apache logs and make sure you see incoming health check samples.

If you don't see them at all - you have a network connectivity issue.

If you do see them - make sure they return 200 code and that it matches the target group's health check configuration.

  • Related