By using AWS re:Post, you agree to the Terms of Use
/Built a dynamic website using Wordpress hosted on a 3-tier architecture/

Built a dynamic website using Wordpress hosted on a 3-tier architecture


I created my presentation-tier ( Web layer) with 3 public subnets containing one EC2 each and use an internet facing ELB to distribute traffic to all of them. I also install Apache to all of the instances. The Elb healthcheck is healthy and so far everything is working.

On my Application layer, I created 3 private subnets containing one EC2 each and use an internal facing ALB to distribute traffic to all of them. My Alb receives traffic only from my Web-servers, and I installed Wordpress on all 3 of them ( The script to install Wordpress also include Apache and MySQL). The Alb HealthCheck says that healthcheck failed and the reason being " unhealthy threshold 2 consecutive health check failures". I also created a NAT gateway for these application-servers.

I created my dababase on the batabase-layer with its security group that allow traffic only from App-servers through port 3306.

From my understanding of a 3-tier architecture, they are all connected to one another through the security group and even the route table. Since I can use session manager to connect to all my Web-servers and App-servers, I would like to believe that my security groups ports are "ok". Here is their flow: INTERNET-->Internet facing ELB-SG-->Web-SG--> Internal facing ALB-SG-->App-SG-->DB-SG. The flow is unsecure using Http (80).

1-How do I troubleshoot "Unhealthy threshold 2 consecutive health check failures?" 2- How do I built my application so that it will be accessible using only the DNS name of the Internet facing ELB?

2 Answers

What is your healthcheck? You can customise it to be something that you know Wordpress will respond to given a healthy instance. I believe the default check for an ALB is to check that / responds with an HTTP 200 - can you confirm this is the case for your app tier? To validate it:

  • Check the health check configured on your internal ALB from Web->App tier
  • Log into a Web tier instance and use curl to check that the health check resolves correctly

Your architecture will allow you to ensure your site is only accessible via the internet facing ALB. Ensure that the ALB has a public IP, and no instance does, and that your security groups only allow traffic from the appropriate tiers. This is a good reference:

answered 2 months ago

Are you using two load balancers? I can't tell for sure from your post. If so, you only need one (see the link in Cameron's answer). Getting that sorted might help your issues.

answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions