2 Answers
- Newest
- Most votes
- Most comments
0
- Verify the ALB is in a public subnet with a route to the internet gateway.
- Check the security groups - the ALB security group must allow inbound traffic on the listener port from your IP/network and the target group security group must allow traffic from the ALB on the container port.
- Go to the target groups section in the ECS console and check the health of your target. The health checks must be passing for targets to be considered healthy.
- Check the ALB listeners - make sure it is configured with the correct certificate and to forward traffic to your target group on the appropriate port.
- Review the ECS service configuration and ensure the service is using the correct task definition and load balancer details are populated correctly.
- Examine the ECS service events for any failures during deployment or target registration.
- Check the application container logs for any errors that could impact the health check.
0
To achieve end-to-end encryption between the Application Load Balancer and the Fargate tasks, you can use AWS Service Discovery with TLS enabled in client-server mode.
Check on these:
- Make sure the security groups allow traffic from the ALB to the service connect proxy port on the tasks.
- Verify the health checks configured on the target group are passing. The health check URL should be accessible over HTTPS.
- Check the service connect proxy logs for any errors during TLS negotiation. It could be failing to verify the self-signed certificate.
- Try making test HTTPS calls directly to the service connect proxy IP from another EC2 instance in the same VPC using
curl -k
to ignore certificate validation errors. - Ensure the application is configured to listen on the port exposed by the service connect proxy, usually 8443 for HTTPS.
Relevant content
- asked 9 months ago
- AWS OFFICIALUpdated 19 days ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
All the above mentioned points are fine. The question is specific towards ECS service connect TLS not working with the HTTPS connection from the load balancer . As mentioned above its working perfectly fine when hit using curl from an EC2 machine.