- Newest
- Most votes
- Most comments
Try to enable the access logs on the ALB and compare between the requests made directly to the ALB and through the global accelerator.
How are you pointing your client through the Global Accelerator? are you creating a CNAME (or alias if the domain is on Route 53) that maps the custom domain to the global accelerator domain? (see here)
If you are using the Global Accelerator domain (<something>.awsglobalaccelerator.com
) instead of the custom domain when making the request it will not be matched by your ingress rule that only forwards request to your backend servers in case the host is argocd1.test.com
.
Hello,
Please try this it will be helpful for you.
To fix the 404 Error when using AWS Global Accelerator with an ALB ingress controller, start by look that the security group associated with your ALB allows inbound traffic from Global Accelerator's IP ranges on ports 80 and 443. Next verify that Global Accelerator is correctly configured to point to your ALB and that its endpoints are healthy. Check that your ALB listeners are set up to properly route traffic based on the host (Name) and path (/) specified in your Ingress rules. Finally confirm that your ALB target groups have healthy targets and review your Kubernetes Ingress configuration to e it aligns with your routing and backend service requirements.
are you creating a CNAME or alias if the domain is on Route 53. [https://docs.aws.amazon.com/global-accelerator/latest/dg/dns-addressing-custom-domains.mapping-your-custom-domain.html]
https://docs.aws.amazon.com/global-accelerator/latest/dg/about-accelerators.alb-accelerator.html
https://medium.com/ovice/manage-aws-global-accelerator-from-kubernetes-resources-55133253d0a2
I wrote in the question that the endpoints are healthy. In the config you can see there are no sec. groups blocking the traffic and if the listeners are not correctly done, the site would not work without GA. This was also mentioned in the question.
on your AGA configuration you have port 443 but the curl you are doing port 80 (HTTP). Do you have security group opened for port 80? Can you enable and try again? do you get issues if you try to connect via browser using application url via HTTPS? Secu
Relevant content
- asked 3 years ago
- Accepted Answerasked 3 months ago
- asked 6 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated a year ago
I'm using my custom domain hosted on AWS (it's not test.com) and alias pointing to Global Accelerator. I tried both alias and A records that point to IP addresses of Global Accelerator but the result is the same 404 error.
Please share the access logs (redact any sensitive information). It will help to better understand the difference.
Unfortunately, there are no access logs if it goes through Global Accelerator. Only the ones going directly connecting to ALB.
In a test I made in my account I could see access logs in both scenarios - when sending request directly to ALB and via the Global Accelerator. Are you sure your global accelerator is associated with this specific ALB? You can verify by navigating in the management console to this ALB -> Integration -> AWS Global Accelerator.
I'm using Cross-account attachment option so I have "No Integration detected" in ALB -> Integration -> AWS Global Accelerator on this account. But in other account where I have the GA, I can see it's healthy. Endpoint type ALB, Client IP address Enabled, Health status Healthy, Weight 128.