Can only connect to AWS Elastic Beanstalk API on a specific network.

0

I have a .Net API deployed in Elastic Beanstalk which is working over the weekend then suddenly I can only access it when using my “WI-FI connection” but when I use my “LAN or Mobile Data” I cannot reach it even if it has internet service. It is also the case for my other colleagues. Even Postman cannot reach it a “Getaddrinfo EAI_AGAIN” error and browser

The API can be access in LAN when using the “Elastic Beanstalk Domain” but cannot be access with the “custom domain” name found in SSL/TLS AWS Certificate Manager (ACM) which is link to the port of Load Balancer HTTPS:443. Note that VPC, Load Balancer and Elastic Beanstalk indicates that they are healthy, active and available.

Action before hand:

  1. Deployed an API last two days

Current Action done:

  1. Update Platform from IIS 10.0 running on 64bit Windows Server 2016/2.12.0 to IIS 10.0 running on 64bit Windows Server 2016/2.13.2
  2. Refreshed Elastic Beanstalk
  3. Saved Current Configuration
  4. Revert to old API Builds

Using LAN I have the following troubleshooting result:

Ping command result
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
Request timeout for icmp_seq 3
Request timeout for icmp_seq 4
Request timeout for icmp_seq 5
Request timeout for icmp_seq 6

Nectar result

nc -v <elb_ip_address> 443
Connection to <elb_ip_address> port 443 [tcp/https] succeeded!

traceroute shows successful routing up to Amazon's network, suggesting that your request is reaching Amazon's infrastructure.

curl: (6) Could not resolve host: <custom_domain>

See images below: Enter image description here Enter image description here Enter image description here Enter image description here

What command can I do to troubleshoot further or what could be the root cause of this issue?

  • Also tried nslookup it works in Wi-Fi but in LAN it does not.

1 Answer
1

Hello.

What settings are you making in the ALB security group and EC2 security group?
Maybe the security group doesn't allow the necessary communication?
Also, have you successfully set the domain in ALB?
Is it possible to resolve names using the dig command?

profile picture
EXPERT
answered 22 days ago
  • both inbound and outbound for ALB security group has the source 0.0.0.0/0 with the correct ports found in Inbound. Same goes for the EC2 security Group. It is weird since there are no changes on this part since but it might be affected by API deployment in Elastic Beanstalk which should not be the case. Do you recommend to rebuild the environment but I'm hesitant since it might ruin the environment itself which happened to me before.

  • Is there a problem with the DNS settings used on the LAN?

  • it seems that Domain is not handled by AWS but and external one. I thought ACM is the one handle the Custom domain but it only handles the certificate. No Domain found in in Route 53.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions