Built a dynamic website using Wordpress hosted on a 3-tier architecture

I created my presentation-tier ( Web layer) with 3 public subnets containing one EC2 each and use an internet facing ELB to distribute traffic to all of them. I also install Apache to all of the instances. The Elb healthcheck is healthy and so far everything is working.

On my Application layer, I created 3 private subnets containing one EC2 each and use an internal facing ALB to distribute traffic to all of them. My Alb receives traffic only from my Web-servers, and I installed Wordpress on all 3 of them ( The script to install Wordpress also include Apache and MySQL). The Alb HealthCheck says that healthcheck failed and the reason being " unhealthy threshold 2 consecutive health check failures". I also created a NAT gateway for these application-servers.

I created my dababase on the batabase-layer with its security group that allow traffic only from App-servers through port 3306.

From my understanding of a 3-tier architecture, they are all connected to one another through the security group and even the route table. Since I can use session manager to connect to all my Web-servers and App-servers, I would like to believe that my security groups ports are "ok". Here is their flow: INTERNET-->Internet facing ELB-SG-->Web-SG--> Internal facing ALB-SG-->App-SG-->DB-SG. The flow is unsecure using Http (80).

1-How do I troubleshoot "Unhealthy threshold 2 consecutive health check failures?" 2- How do I built my application so that it will be accessible using only the DNS name of the Internet facing ELB?