How do I troubleshoot Elastic Load Balancing health checks with Elastic Beanstalk?

3 minute read
0

I want to troubleshoot failed Elastic Load Balancing health checks for my Amazon Elastic Compute Cloud (Amazon EC2) instance in AWS Elastic Beanstalk.

Resolution

Confirm that your EC2 instance security group allows all ingress traffic from your Elastic Load Balancing security group

Complete the following steps:

  1. Open the Elastic Beanstalk console.
  2. Select your environment.
  3. In the navigation pane, choose Configuration.
  4. In the Configuration overview section, for the Instances category, copy the value for EC2 security groups. Example: awseb-e-krkbukb3ww-stack-AWSEBSecurityGroup-IOXAVM).
  5. Open the Amazon Virtual Private Cloud (Amazon VPC) console.
  6. In the navigation pane, choose Security Groups.
  7. In the search bar, enter the name of the security group that you copied. Then, select this security group.
  8. Choose the Inbound Rules tab and then confirm that your security group has a rule that allows all traffic from the Elastic Load Balancing security group.
    Note: For more information, see Configure security groups for your Classic Load Balancer.

Confirm that your Elastic Load Balancing security group egress rule allows traffic on the application port

Complete the following steps:

  1. Open the Amazon EC2 console.
  2. In the navigation pane, under LOAD BALANCING, choose Load Balancers.
  3. On the Description tab for your load balancer, under Security, choose your security group.
  4. Choose the Outbound tab for your security group and then confirm that your security group has an egress rule that meets your requirements. For more information, see Work with security group rules.

Confirm that your network ACL allows the required ingress and egress traffic

Complete the following steps:

  1. Open the Amazon VPC console.
  2. In the navigation pane, under Virtual Private Cloud, choose Subnets.
  3. Select the subnet attached to your Elastic Beanstalk EC2 instance.
  4. Choose the Network ACL tab and then confirm that the inbound and outbound rules meet your traffic requirements. For more information, see Add and delete rules.

Confirm that the health check path is properly set for your application

To confirm that the health check path is properly set for your application, complete the steps in the appropriate section:

Confirm that your web server logs show no errors

To confirm that there are no errors, view the logs from the EC2 instances in your Elastic Beanstalk application.

Related information

Control traffic to subnets using Network ACLs

Security groups

AWS OFFICIAL
AWS OFFICIALUpdated 6 months ago