I want to troubleshoot failed Elastic Load Balancing health checks for my Amazon Elastic Compute Cloud (Amazon EC2) instance in AWS Elastic Beanstalk.
Resolution
Confirm that your EC2 instance security group allows all ingress traffic from your Elastic Load Balancing security group
Complete the following steps:
- Open the Elastic Beanstalk console.
- Select your environment.
- In the navigation pane, choose Configuration.
- In the Configuration overview section, for the Instances category, copy the value for EC2 security groups. Example: awseb-e-krkbukb3ww-stack-AWSEBSecurityGroup-IOXAVM).
- Open the Amazon Virtual Private Cloud (Amazon VPC) console.
- In the navigation pane, choose Security Groups.
- In the search bar, enter the name of the security group that you copied. Then, select this security group.
- Choose the Inbound Rules tab and then confirm that your security group has a rule that allows all traffic from the Elastic Load Balancing security group.
Note: For more information, see Configure security groups for your Classic Load Balancer.
Confirm that your Elastic Load Balancing security group egress rule allows traffic on the application port
Complete the following steps:
- Open the Amazon EC2 console.
- In the navigation pane, under LOAD BALANCING, choose Load Balancers.
- On the Description tab for your load balancer, under Security, choose your security group.
- Choose the Outbound tab for your security group and then confirm that your security group has an egress rule that meets your requirements. For more information, see Work with security group rules.
Confirm that your network ACL allows the required ingress and egress traffic
Complete the following steps:
- Open the Amazon VPC console.
- In the navigation pane, under Virtual Private Cloud, choose Subnets.
- Select the subnet attached to your Elastic Beanstalk EC2 instance.
- Choose the Network ACL tab and then confirm that the inbound and outbound rules meet your traffic requirements. For more information, see Add and delete rules.
Confirm that the health check path is properly set for your application
To confirm that the health check path is properly set for your application, complete the steps in the appropriate section:
Confirm that your web server logs show no errors
To confirm that there are no errors, view the logs from the EC2 instances in your Elastic Beanstalk application.
Related information
Control traffic to subnets using Network ACLs
Security groups