Reputation: 548
AWS loadbalancer Egress rule confusion
I have 4 servers and a loadbalancer (Type: AWS::ElasticLoadBalancingV2::LoadBalancer) over them. I have port 80 in ingress and 0-65535 in egress rule in security group for servers. In the security group of LoadBalancer for ingress rule any port works but if I change port of egress rule port from 80 to any other, my loadbalancer doesnt work. For 80 port in egress rule it works perfectly.
Is it suppose to be 80 always? Or is there something with my settings? I am quite new to AWS and would appreciate any help. Thanks in advance.
Upvotes: 1
Views: 2871
Answers (2)
Reputation: 68715
This is the expected behavior. Your load balancer is talking to your instances on port 80. So it needs the outbound rules to allow you to make that connection to your instances. If you change/remove the port, your load balancer will lose the connection to the underlying hosts and hence no traffic will be served.
Whenever you add a listener to your load balancer or update the health check port for a target group used by the load balancer to route requests, you must verify that the security groups associated with the load balancer allow traffic on the new port in both directions.
Is it suppose to be 80 always?
No, it depends on which port the load balancer is talking to the attached instances. In your case, the instances are listening on port 80.
Upvotes: 1
Reputation: 59966
Normally Loadbalancer exposes port 80 and 443 for the public, but you can expose the other ports but for web-app good to use these two only.
but if I change port of egress rule port from 80 to any other, my loadbalancer doesnt work. For 80 port in egress rule it works perfectly.
They are two reasons that it stopped working
- The application is listening on port
80 - The load balancer listener port bind with
80
In normal cases like Loadbalancer, you should not change egress or the outbound rule.
Recommended Rules for Load Balancer Security Groups
The security groups for your load balancers must allow them to communicate with your instances. The recommended rules depend on the type of load balancer (Internet-facing or internal).
Upvotes: 2
Related Questions
- Outbound rules in a security group
- AWS application load balancer listener rule paths
- AWS networking / security group ingress question
- Path Based Listener Rule on Application Load Balancer doesn't forward to the Target Group
- Outbond rule which destination is itself?
- How to make changes to egress rules for AWS security groups?
- AWS load balancer Only Allow Traffic From aws instances
- AWS ALB different ingress rules for different url paths
- EC2 Security Group inbound rule not working as expected
- AWS Elastic Load Balancer path_beg rule