Hi there,
I'm new to AWS ALB and have been trying for a few days to find what is wrong with my setup:
- I have two instances in two AZs. These instances can be accessed correctly using HTTP and SSH through their public IP addresses. The security groups associated with the instances allow all traffic from any source. The subnets they are associated to include a route to the VPC IGW. Network ACLs associated with these subnets allow all traffic.
- These instances are referenced in a target group and show up as healthy. I can see the healthchecks traffic on the instances.
- The load balancer is set up with a listener for HTTP and forwards everything to the target group. The load balancer is associated with the two subnets the instances are located in. The security group associated with the load balancer allows all traffic. The load balancer shows up as Active. The monitoring doesn't show anything.
I have been trying to connect to the load balancer name from several locations, the DNS resolution works but the connection fails. I can see TCP SYN packets leaving to the load balancer addresses but no reply. Ping does not get any reply either but I guess this is normal. Traceroute goes all the way to AWS network.
For testing I have also set up another listener that should just send back a static response without communicating with the instances. I don't receive any response from this second listener either.
I've followed the LB trouble shooting instructions (https://repost.aws/knowledge-center/elb-troubleshoot-connection-errors) without success. Is there anything that I am missing ? Any test that I could do to identify the source of the problem ?
Thanks !
Paul
AWS 官方已更新 1 年前
I have exactly the same issue. The security group associated with the load balancer is the "default VPC security group", which have very permissive settings allowing all traffic on all ports. In what way was your security group wrong? I would be very grateful to hear more how you solved it. Thanks!