502 Bad Request - Application Load Balancer

Question

**All the server addresses and ports are dummy.**

I'm working on a microservices based project. I have deployed it to EC2 and ECS. Lets assume it has 2 services:

EC2_SERVER_IP:8080 for authentication service APIs
EC2_SERVER_IP:8081 for user service APIs
Now, I have decided to add a load balancer to EC2 cluster. I created a load balancer and mapped it with domain, https://api.com; and enabled the SSL on it.

Load Balancer Details: I have added a listener with Protocol:Port = HTTPS:443
(The listener port of target group is HTTPS:443, but the port of registered target is as per EC2 listener port (8080 for auth, 8081 for user)).

I have created 2 target groups, dev-auth-tg and dev-user-tg. (linked with EC2 instance (EC2_SERVER_IP)). On dev-auth-tg, I have registered a target by selecting EC2 instance( EC2_SERVER_IP) and port 8080 On dev-user-tg, I have registered a target by selecting EC2 instance( EC2_SERVER_IP) and port 8081

For each target group, Protocol:Port = HTTPS:443 and protocol version is HTTP1. After that, I checked the state of instance and target group. Instance is "running", target group is "healthy" (means these are hitting API to get health status. I have implemented an endpoint / in root of each microservice and configure target group to get health status from there)

I have added 3 rules, one for authentication service, one for user service, and third is default.

Rule # 1: Path Pattern is /auth* Forward to target group: dev-auth-tg

Rule # 2: Path Pattern is /user* Forward to target group: dev-user-tg

Rule # 3: If no other rule applies Actions (Then) Return fixed response Response code: 503 Response body: Default Action

When I hit the endpoint: https://api.com/ It is returning the response generated by default rule.

Now, lets assume I have an endpoint, /customers in user microservice to get data of customers. So, when I hit the endpoint: https://api.com/user/customers it gives 502: Bad Gateway

But when I add something else than auth and user in endpoint, it redirects to default rule. So, it means rules are being working correctly.

Still when I hit APIs using domain address, it gives** 502: Bad Gateway error.** Can anyone please assist me to troubleshoot this issue?

Note: **EC2 instance is up, Target groups are healthy, Security groups are added for inbound and outbound and SSL has been enabled.**

Answer

An easy first place to look would be the path in your listener rule. From how you've describe it, it's correctly formed and satisfies the below, but no harm in parsing it to double- and triple-check https://repost.aws/knowledge-center/elb-achieve-path-based-routing-alb

> Note: Path-based routing rules look for an exact match. In this example, path-based routing uses the path definitions /svcA and /svcB. If your application requires requests to be routed further down these paths, for example, /svcA/doc or /svcB/doc, then include a wildcard when you write the condition for the path-based routing rule. Use path patterns similar to /svcA* or /svcB* to be sure that any documents on these paths are accounted for when routing requests.

Beyond that, you probably already know that a 502 error means that your load balancer got an invalid response back from the backend. Enable access logging to generate more detail https://docs.aws.amazon.com/elasticloadbalancing/latest/application/enable-access-logging.html

This knowledge docuent is very thorough about what else to try https://repost.aws/knowledge-center/elb-alb-troubleshoot-502-errors

502 Bad Request - Application Load Balancer

Relevant content