Reputation: 13573
Unable to connect to a load balancer from an EC2 instance
I want my EC2 instances in an auto-scaling group to be able to connect to a classic load balancer that has RabbitMQ servers behind it.
Here are my configurations:
EC2s' security group:
my-private-sg (sg-00xxxxxxxxxxxxxxx)
Classic load balancer's security group:
rabbitmq-elb-sg (sg-11xxxxxxxxxxxxxxx)
The rabbitmq-elb-sg security group contains the following inbound rule
The RabbitMQ client inside the EC2s can't connect to the load balancer under this configuration.
However, it can connect to the load balancer after I set the source to AnyWhere.
Why does this happen?
This document says
Another security group. This allows instances associated with the specified security group to access instances associated with this security group.
The EC2s, load balancer, and the EC2s behind the load balancer are in the same VPC.
I use the classic load balancer because I use this terraform script to build the RabbitMQ service.
I just checked the log in the classic load balancer, and I see something like the following:
2019-10-16T03:45:09.124234Z rabbitmq-elb 54.178.178.85:45990 172.31.39.217:5672 0.000274 0.000008 0.000015 - - 516 604 "- - - " "-" - -
2019-10-16T03:45:10.340119Z rabbitmq-elb 54.178.178.85:46006 172.31.0.79:5672 0.001159 0.000008 0.000015 - - 516 604 "- - - " "-" - -
54.178.178.85 is the public IP of my EC2 instance.
172.31.39.217 and 172.31.0.79 are the private IPs of the RabbitMQ servers behind the load balancer.
Upvotes: 1
Views: 1568
Answers (1)
Reputation: 13573
My classic load balancer was an internet-facing load balancer. After I change it to internal, the security group rabbitmq-elb-sg (sg-11xxxxxxxxxxxxxxx) work without any problem.
I don't have to write AnyWhere in the Source field anymore.
The EC2 instances tried to connect to the load balancer through private networks. Adding the EC2s' security group (sg-00xxxxxxxxxxxxxxx) to the source field of rabbitmq-elb-sg (sg-11xxxxxxxxxxxxxxx) only works under private networks.
However, I'm still not sure why using an internet-facing load balancer doesn't work in my situation.
Where can I find the explanation of this phenomenon in AWS Documentation?
Upvotes: 2
Related Questions
- AWS Network Load Balancer doesn't allow traffic to its source instance from it source instance
- Why can't my EC2 instance connect via HTTP to my load balancer?
- AWS Network Load Balancer failed to connect with EC2 instance if EC2 instance is not open to public
- Aws Application Load Balancer not accessible unless All traffic is allowed
- AWS load balancer security group not allowing traffic even when all allowed
- Rails EC2, Load balancer cannot get instance started
- Not able to register/add EC2 instance to Load balancer
- Error connecting rabbitmq cluster on Amazon EC2
- Unable to add EC2 instance to load balancer on AWS
- AWS Elastic Load Balancer connection timed out