ALB health checks failing
I have ALB on ECS fargate service running FAST API. Health checks are constantly failing even though with curl I can access that same endpoint and get result with status code 200.
Security group of ecs task:
- VPN so it's working with curl
- Inbound from load balancer.
- Newest
- Most votes
- Most comments
Hi,
Whenever you deploy your application through AWS ECS Fargate, sometimes in an AWS Free Tier account, it shows the target group health check as 'Unhealthy', even though the website opens successfully. If you need to check if the ALB security group allows inbound rules for HTTP and HTTPS on port SSH, or if HTTPS and port SSH are not required, leave them out. When checking the ECS security group, ensure that the necessary ports are allowed, including those you've mentioned by their port numbers.
The screengrab of the security group rule (presumably the one associated with ECS cluster) shows it allows inbound port 80 from (what is presumably) the load balancer security group.
A rule the other way round needs to exist as well, that is the security group associated with the load balancer needs to have an outbound rule whose target is ECS on port 3000 - whether that's IP address(es), or the subnet, or the security group which is already associated with the ECS cluster.
Relevant content
- Accepted Answerasked 2 years ago
- asked 5 months ago
AWS OFFICIALUpdated a year ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 2 years ago
What are the rules on your security group?
hello iBenhr, I upload screenshot of my security group.
ELB SG should also allow the egress connection. Have you checked that? The error showing is a timeout which means that the ELB is unable to connect to the ECS Task. I'd double check the SG rules from both sides to confirm.