Global Accelerator Shows an Endpoint as Unhealthy

Question

I have the following setup
A Global Accelerator, WAF, External facing ALB, Auto Scaling Group, and target groups which has an EC2 target for hosting a website. The ALB security group allows open access on port 80 and 443 from everywhere. The website is accessible externally without any issues.

The Global Accelerator shows ALB as Unhealthy. According to [https://docs.aws.amazon.com/global-accelerator/latest/dg/about-endpoint-groups-health-check-options.html](https://docs.aws.amazon.com/global-accelerator/latest/dg/about-endpoint-groups-health-check-options.html) the health checks for Accelerator uses the Target group's health check. The ALB has only 1 target group which has 1 EC2 and it shows the target as healthy. I also reviewed Application Load Balancer considerations on [https://repost.aws/knowledge-center/global-accelerator-unhealthy-endpoints](https://repost.aws/knowledge-center/global-accelerator-unhealthy-endpoints), but still cannot find the reason that Accelerator show ALB as unhealthy. Could anyone help me with this issue?
Thanks

Answer

Hello.

Is Global Accelerator's endpoint type ALB?  
In the case of ALB, as you know, if the health check of the target group is successful, then Global Accelerator should also be successful.  
If the endpoint type is EC2, health checks are performed directly from Route53 to the EC2 IP address, so access from Route53 must be allowed in the security group's inbound rules.  
You can check the IP that Route53 uses for health checks from the URL below.  
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/route-53-ip-addresses.html  
https://ip-ranges.amazonaws.com/ip-ranges.json

Global Accelerator Shows an Endpoint as Unhealthy

관련 콘텐츠