Reputation: 1018
Amazon Network Load Balancer required port 80 to be publicly open on nodes from target group?
I have a website running on apache httpd. The two web nods are added under Network Load Balancer. If I open the port 80 of the two web nodes only for the default security group or VPC CIDR range, the website does not work. However, If I open the port 80 fully 0.0.0.0/0 then it works.
This was not the case in Classic ELB. Am I doing something wrong here or its the default behaviour of Network Load Balancer?
Upvotes: 0
Views: 546
Answers (1)
Reputation: 200562
Due to the nature of the Network Load Balancer, traffic is passed directly to the target instances, retaining its source IP address. Thus to the target instances (and their Security Groups) the traffic looks like it is coming straight from the Internet. So you would need to configure the Security Group of the target instances to allow public access.
I've seen lots of people complain about this, and I wouldn't be surprised if Amazon updated NLBs in the future to work like the other load balancers, but it may not be possible due to the way NLBs are designed.
If you are using port 80 then I assume this is for HTTP? Why not use an Application Load Balancer instead and get the Security Group feature you are looking for as well as things like SSL termination?
Upvotes: 1
Related Questions
- AWS Network Load Balancer doesn't allow traffic to its source instance from it source instance
- Why can't my EC2 instance connect via HTTP to my load balancer?
- Your internal load balancer must have a private subnet
- ELB connection issue for port 80 from ec2 instance
- AWS Network Load Balancer failed to connect with EC2 instance if EC2 instance is not open to public
- AWS Application Load Balancer is accessible by IP Address
- AWS load balancer security group not allowing traffic even when all allowed
- unable to make Elastic Load Balancer work on port 8080
- AWS Elastic Load Balancer connection timed out
- AWS Load Balancer Security Groups