I am trying to reach two private subnet EC2 instances from ELB in public subnet. But the instances are always showing as unhealthy. I tried lot of options but nothing worked.
Here is the configuration I tried:
1.Created VPC
DNS resolution: Enabled
DNS hostnames: Disabled
- Created 2 Public subnets and 2 Private Subnets. The only difference between these two is the Route table.
Auto-assign public IPv4 address is set to "No" in Public Subnet
I have added Internet gateway as a route in Route table of public subnet.
Public subnet – Route Table
Private subnet – Route table
-
Created Two EC2 instances in Private subnet . Userdata set to apache webserver
-
The Security group of the instances
-
Created an ALB in Public subnet
ALB Security group config is :
Have also added default security group in ALB:
Target group is showing unhealthy for the private EC2 instances
Any help on pointing out why this fails?
2
Answers
First and foremost – check the apache logs and make sure you see incoming health check samples.
If you don’t see them at all – you have a network connectivity issue.
If you do see them – make sure they return
200code and that it matches the target group’s health check configuration.Either the EC2 instances are not receiving the request, or they are receiving the request but aren’t responding with a ‘healthy’ response.
Test that the instances are responding to requests
You could launch an EC2 instance in the public subnet, SSH to it and then send requests directly to the EC2 instances to see if they respond (eg
curl http://private-ip-address).If they respond correctly, then the instances themselves are fine and the problem lies with the Load Balancer.
Check the Load Balancer security group
You have shown the Inbound rules for the Load Balancer, but you should also check that the Outbound rules permit traffic to exit the Load Balancer and go to the EC2 instances.