skip to Main Content

I am trying to reach two private subnet EC2 instances from ELB in public subnet. But the instances are always showing as unhealthy. I tried lot of options but nothing worked.

Here is the configuration I tried:

1.Created VPC
DNS resolution: Enabled
DNS hostnames: Disabled

  1. Created 2 Public subnets and 2 Private Subnets. The only difference between these two is the Route table.
    Auto-assign public IPv4 address is set to "No" in Public Subnet

I have added Internet gateway as a route in Route table of public subnet.

Public subnet – Route Table
enter image description here

Private subnet – Route table
enter image description here

  1. Created Two EC2 instances in Private subnet . Userdata set to apache webserver

  2. The Security group of the instances
    enter image description here

  3. Created an ALB in Public subnet

ALB Security group config is :

enter image description here

Have also added default security group in ALB:
enter image description here

Target group is showing unhealthy for the private EC2 instances
enter image description here

Any help on pointing out why this fails?

2

Answers


  1. First and foremost – check the apache logs and make sure you see incoming health check samples.

    If you don’t see them at all – you have a network connectivity issue.

    If you do see them – make sure they return 200 code and that it matches the target group’s health check configuration.

    Login or Signup to reply.
  2. Either the EC2 instances are not receiving the request, or they are receiving the request but aren’t responding with a ‘healthy’ response.

    Test that the instances are responding to requests

    You could launch an EC2 instance in the public subnet, SSH to it and then send requests directly to the EC2 instances to see if they respond (eg curl http://private-ip-address).

    If they respond correctly, then the instances themselves are fine and the problem lies with the Load Balancer.

    Check the Load Balancer security group

    You have shown the Inbound rules for the Load Balancer, but you should also check that the Outbound rules permit traffic to exit the Load Balancer and go to the EC2 instances.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search