1 Answer
- Newest
- Most votes
- Most comments
0
Hello.
I think the setting itself is possible.
For example, are you blocking access from NLB with your EC2 security group?
To isolate the problem, try allowing all communication using the inbound rules of the EC2 security group and see if the health check succeeds.
Relevant content
- Accepted Answerasked 4 months ago
- asked 6 months ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
Thanks, Riku. Actually, both target groups are using the same protocol/port for health check, so it should work for both. The EC2 has those ports open, so this is Ok. Other suggestion?
Is it correct that all IP addresses are allowed in the EC2 security group?
I tried setting up NLB and EC2 in my environment, and both health checks were successful. In the EC2 security group, the NLB security group is specified in the inbound rule source so that it can be accessed from the security group configured in NLB. Additionally, NLB health checks use TCP.
Riku, the EC2 instance runs a webserver, so TCP:80 is open for all IPs. Not sure if this answers your question. Anyway, I 'm confused about the health check port when using TCP protocol. I assume for both TCP and HTTP health checks, the port is always 80, right? In my case, the NLB should route traffic for UDP:8001, so this port is open as well for all IP addresses. Now, when TCP is chose for health checks, there is no option for setting up the port....So I assume TCP:80 is being used (as it should be for HTTP). Thanks