NLB for Instances in Private Subnet

Question

I am trying to place two instances in private subnets in two different AZs, and put NLB in public subnets and allow NLB to work for private instances. I notice NLB doesn't have SGs tied to them and my instances have an allow all SG on them. The health checks fail on the TGs and I cant seem to figure out why. Is there a trick to this? I also have NAT gateways in each Private subnet with EIPs attached to them.

Answer

Have you checked the NACLs also as mentioned [here ](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-troubleshooting.html)

Also what TCP/UDP port your application is running on? Perhaps check if that application is running, for example if the target is a Linux instance run `netstat -an | grep `

Answer

My SGs on my instances are completely wide open. Do I even need NAT Gateways?

Answer

Hi - I think a similar discussions and pointers here may help you. https://repost.aws/questions/QUuueXAi20QuisbkOhinnbzQ/aws-nlb-security-group

NLB for Instances in Private Subnet

相关内容