By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Load Balancer Issues when AWS Windows EC2 is in private subnet but website in IIS needs to be accessible from a public IP

0

On AWS, I have VPC containing public and private subnet. Internet Gateway and Routing Tables are configured. NAT is configured and then entry is added in private subnet routing table. I have configured Windows AWS EC2 instance in private subnet. Necessary IAM role, System Manager and Session Manager is configured and working. Security group allows HTTP/HTTPS requests from anywhere to port 443 and 80. I have hosted website in EC2 IIS on port 443 and 80. I want to access this website from any public IP through Public IPv4 DNS assigned by AWS. I Put a Load Balancer in a public subnet and configure it to forward HTTP/S requests to the EC2 instance in the private subnet. When I am hitting load-balancer-dns-name:82 URL in Chrome, I am getting gateway timeout error. Similarly, health status of load balancer tag group is unhealthy.

Topics
ComputeNetworking & Content Delivery
Tags
Amazon EC2Application Load BalancerSecurity GroupWindows
Language
English
Vishal
asked 2 months ago299 views
2 Answers
1

The first thing that catches my eye here is that the target health is "unhealthy". You need to fix that first. If you create another EC2 instance and put it in the same subnet as the ALB, can you connect to the IIS server on ports 80 and 443? If not, you need to fix that. As Gary has mentioned - Security Groups and NACLs are usually the thing here but I would also check the host firewall on the IIS instance.

Second: Why are you connecting to load-balancer-dns-name:82 - shouldn't you connect to http://load-balancer-dns-name (which is port 80) or https://load-balancer-dns-name (which is port 443)?

profile pictureAWS
EXPERT
Brettski-AWS
answered 2 months ago
0

  • Ensure no ACLs are blocking access between public and private subnets

  • Ensure Security group allows the ALB IP Addresses

  • Check your Target Group configuration is set to Health Check Protocol HTTP(s) and Traffic port.

  • Check the sucess codes are set to the correct value

When creating the Target Group you can configure the Protocol : Port. Select HTTP or HTTPS

profile picture
EXPERT
Gary Mclean
answered 2 months ago
  • Vishal
    2 months ago

    Thanks Gary. Yes, all this have been taken care but still website is not accessible

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content