1

I have a problem with ELB for my ASG group. My ASG group is in a private subnet and ELB is in public subnet, both are in the same availability zone, but when i try to call ELB via it's DNS name it's not responding. I have listeners configured correctly, health-checks are working and instances are healthy, I checked everything from this question: Amazon ELB for EC2 instances in private subnet in VPC and have no idea what else could be missing here.

Anyone knows what else should I check ? In the same public subnet I also have a NAT Gateway to provide internet access for instances in private subnet, maybe that is causing some problems ?

Community
  • 1
  • 1
pgrzesik
  • 1,869
  • 13
  • 14
  • I have two separate security groups, one for ELB and one for instances in ASG group, is that the wrong approach ? – pgrzesik Aug 05 '16 at 14:13
  • I'm not sure if I get it, but I think I already have something like that, I have configured Ingress rules with SourceSecurityGroupId equal to ELB security group. I think that if there would be something wrong with security groups then healthchecks would be failing, am I right ? – pgrzesik Aug 05 '16 at 14:22
  • Sorry yes you are correct I miss that part of your question. – Piyush Patil Aug 05 '16 at 14:23
  • 1
    How are you trying to call the ELB? By http method? Can you paste the rules you have in your LB sec grp – Piyush Patil Aug 05 '16 at 14:24
  • Please list the following: how your health check is configured, how your ELB listeners are configured, and how your security groups are configured. – Matt Houser Aug 05 '16 at 15:21
  • I looked once again at ingress rules of my ELB security group and it turned out that I somehow ommited "CidrIp" field, managed to resolve it by setting it to appropriate value, thank you guys. – pgrzesik Aug 08 '16 at 08:54

1 Answers1

0

It sounds like internet traffic isn't making it to your ELB.

Please check to make sure that you have an Internet Gateway, and a route attaching the public subnet to the internet gateway. This way the "public subnet" will actually be public.

Justin Waulters
  • 303
  • 2
  • 8