Reputation: 6188
Amazon ELB for EC2 instances in private subnet in VPC
I'm using Amazon EC2, and I want to put an internet-facing ELB (load balancer) to 2 instances on a private subnet. I am using VPC with public and private subnets.
- If I just add the private subnet to the ELB, it will not get any connections.
- If I attach both subnets to the ELB then it can access the instances, but it often will get time-outs. (Refer Screenshot 1)
- If I attach to only public subnet then my instance attached to ELB gets OutOfService because I do not have any instance in the Public Subnet, instance count shows 0. (Refer Screenshot 2)
Screenshot 1: Both subnets attached
Screenshot 2: Only public subnet attached
My question is actually an extension to this question. After following all 6 steps mentioned in the accepted answer, I am still getting struck, my instance attached to ELB gets OutOfService. I have even tried with allowing ports in the Security Groups for EC2 instances and ELB, but it did not help.
Please help, I am breaking my head with this.
Upvotes: 79
Views: 87056
Answers (2)
Reputation: 34436
The other SO question you referenced is spot on. Double/Triple check the following
- You need to attach only public subnets to your ELB, making sure that the availability zones those subnets are aligned with the availability zones of the private subnets that your instances are in.
- Make sure that the security group of your instances allows access from the security group of your load balancer
- The load balancer security group should have an egress rule allowing the health check to reach the instance
- Make sure that your health check is working locally on the instance. For example, if your health check in the ELB is
HTTP:8080/health_check, on the instance you cancurl x.x.x.x:8080/health_check(wherex.x.x.xis the private IP of the instance) and get a 200 response code. - The public subnet routing table should route
0.0.0.0/0to the internet gateway attached to your VPC. - The private subnet routing table should route
0.0.0.0/0to a NAT instance or gateway in a public subnet
Upvotes: 110
Reputation: 3587
The other SO question helped me as well. For me I kept forgetting that I needed to install software to server (i.e Apache) and if you don't create a NAT GW or some other method to allow software installs it will fail. If you want to try an automated fashion w/o much hassle, you can try a script:
https://github.com/jouellnyc/AWS/tree/master/create_aws_vpc3
Note there's plenty of good docs and discussions already but:
HTTP codes I got from the ELB:
- 504 - Probably security groups - allow access to the port 80 of the instances
- 503 - Probably the wrong target group setup
- 502 - Probably Apache/Server not running b/c it’s not installed because there's no nat gw or method to install software.
Upvotes: 4
Related Questions
- AWS NLB in public subnets with EC2 in private subnets
- AWS - Accessing instances in private subnet using EIP
- Amazon ELB in VPC
- How to place EC2 instance in both public and private subnet?
- ELB failure - Multiple subnets in one AZ
- Allow ELB connection just from instances in the same VPC, Subnet and Security Group
- Need a public Subnet for each EC2?
- How to setup instances in a private subnet of an AWS VPC?
- Cant connect to internet facing ELB from instance in VPC
- Do we need explicitly setup routing table for the subnet where a public ELB is running within?