How do I troubleshoot health check issues with the Application Load Balancer type target for a Network Load Balancer?

2 minute read

I want to find out why my Application Load Balancer type target for the Network Load Balancer isn't healthy.

Short description

Note: For more information on the architecture, see Application Load Balancer-type target group for Network Load Balancer.

To use the Application Load Balancer type target group, the load balancers must be in the same Virtual Private Cloud (VPC) and AWS accounts.

Configure health checks on both the load balancers. You can choose either HTTP or HTTPS as the health check protocol. Health checks on the Network Load Balancer are sent to the Application Load Balancer. The Application Load Balancer then forwards them to its targets.

Resolution

To troubleshoot failed health checks for your Application Load Balancer type target group, check the following settings.

Network Load Balancer

Check the security group and network access control list (network ACL) settings of the Network Load Balancer.

Security group settings

Verify that the security group allows health check traffic.

Network ACL settings

Verify that the network ACL can forward the health check request and accept a health check response from the Application Load Balancer.

Application Load Balancer

Check the security group, network ACL, listener, and the configured path settings of the Application Load Balancer.

Security group settings

Verify that the security group receives health check traffic from the Network Load Balancer and forwards it to the target.

Network ACL settings

Verify that the network ACL can accept the health check request from the Network Load Balancer and can forward it to the target.

Verify that the network ACL can accept a health check response from the target and forward it to the Network Load Balancer.

Health check settings

Check if the Application Load Balancer's targets are healthy.

Listener and path settings

The target Application Load Balancer receives the health check request from the Network Load Balancer. To receive requests, the listener's port and protocol must match the health check port and protocol that's configured on the Network Load Balancer.

Verify that the path that's configured in the Network Load Balancer's health check settings is valid. Make sure that the targets behind the Application Load Balancer can respond to the configured path. The default is /. Modify the path, if necessary.

Related information

Application Load Balancers as targets

Topics

Networking & Content Delivery

Relevant content

Health check in target group in network load balancer always fail.
siunhan
asked 3 months ago
Urgent Help Needed: Application Load Balancer Health Check Issue Across AWS Accounts
nmos
asked 6 months ago
Issue with Network Load Balancer TCP Connections
aaffany
asked 16 days ago
Problem on Application load balancer with rule: Health check only responds on the default rule
zar1978
asked 2 years ago
See past load balancer target health check failure reason
Alexandra
asked 10 hours ago
How do I troubleshoot Network Load Balancer health check failures for Amazon ECS tasks on Fargate?
AWS OFFICIALUpdated a year ago
How do I troubleshoot and fix failing health checks for Classic Load Balancers?
AWS OFFICIALUpdated a year ago
How do I troubleshoot Application Load Balancer health check failures for Amazon ECS tasks on Fargate?
AWS OFFICIALUpdated a year ago
How do I troubleshoot failed health checks for Application Load Balancers?
AWS OFFICIALUpdated 2 months ago
[Launch Announcement] Health Check Improvements for AWS Gateway Load Balancer
EXPERT
milindku-AWS
published a year ago