- Newest
- Most votes
- Most comments
You're probably accessing the external site over IPv4, so what you need is to have your EC2 instances in a "private subnet" and a NAT gateway in a "public subnet". The VPC route table attached to the private subnet must have its default route 0.0.0.0/0 pointed at the NAT gateway. The VPC route table attached to the public subnet must point the default route to the IGW (internet gateway).
You already have the ALB in such a "public subnet", so you can place your NAT gateway in the same subnet with the ALB.
Once the private subnet is created with the default route pointed at the NAT gateway, and you've moved your EC2 instance in the private subnet, you'll be able to connect both to external sites and your ALB, if needed.
There's a simple block diagram showing the structure of the private and public subnets, the NAT gateway, the internet gateway, and an ALB in AWS's documentation: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-example-private-subnets-nat.html
Hello,
By configuring the TLS Certificates at the ALB, it enables encrypted communication (HTTPS) between clients (such as web browsers) and the ALB itself. This ensures that data transmitted over the internet between the client and the ALB is encrypted and secure.
However, the presence of TLS certificates on the ALB does not directly enable or restrict the ability of an EC2 instance behind the ALB to send HTTPS requests to external endpoints.
- Check the security group and NACL configurations for any rules blocking outbound HTTPS traffic port 443.
- Ensure DNS resolution is functioning correctly on the EC2 instance.
Testing Connectivity to an HTTPS Endpoint from EC2 instance:
telnet <endpoint> 443
Thank you for your reply. In fact, I run a Spring Boot backend application on that EC2 instance. To connect to a third-party payment service, I need to send an HTTPS request from that EC2 instance.
Hello. I used curl to test the Connectivity to an HTTPS Endpoint from EC2 instance. It failed because of the time out.
Can you resolve the DNS name of the endpoint and what is the error that you get from the spring boot app when connecting to the https external endpoint?
Thank you for your answer. This is a very strange problem. It seems like there was an issue with the security group (SG) that was affecting connectivity . By deleting and recreating the SG with the same settings, I was able to resolve the connection issue.
Secure Listener Settings: Check the default AWS security policy (not security group) for the certificate. If that is fine, then please try this:
- Click on Listeners tab and select HTTP:80 box
- Edit listener, click Remove next to "1. Forward to"
- Click down arrow next to Add action
- Enter port number 443
- Save changes. I am not sure whether you have created A record with Application Load Balancer DNS Name, such as "dualstack.my-web-ALB..............." under Alias.
Relevant content
- asked 7 months ago
- asked a year ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 2 months ago
Thank you for your answer. This is a very strange problem. It seems like there was an issue with the security group (SG) that was affecting connectivity . By deleting and recreating the SG with the same settings, I was able to resolve the connection issue.
That's not possible, but perhaps you were looking at the inbound rules and didn't notice the outbound ones. In any case, you should never assign a public IP address directly to your EC2 instance. You should instead use the private/public subnet design described in the AWS documentation, and that will involve the NAT gateway and its public IP being used for outbound IPv4 connections, and the EC2 instance only having a private IP. That way, no direct connectivity from the outside to your EC2 instance will be possible in any situation.