- Newest
- Most votes
- Most comments
Update: trying to block subnet traffic using NACL in this scenario is not recommended because the ALB deploys ENIs directly to the subnets and the health check traffic ends up not passing through the NACL. The ideal in this case is to block using SGRP and that worked fine. After SGRP "not allowing rules", the ALB health check failed as expected. Thank you
Is there an ALB interface and ECS task on the same Subnet where your trying to block the traffic? If so, the Health check on the Same AZ will succeed because the ACL will not block the traffic and you may be connecting to ALB via a different AZ thus getting the 504
It only has to pass one health check to be considered healthy
I´m testing using one task, all subnet traffic is blocked by NACL, application is failing (as expected) but ALB status keeps as "healthy". I´ve tested with several subnets and got same behaviour: no health check failures, thank you
Relevant content
- Accepted Answerasked 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 2 years ago
Just what I said. The ecs task is in the same subnet as your alb.