AWS LoadBalancer + TargetGroup cannot access Spring Boot App in ECS

Question

Not sure where I am going wrong:

Loadbalancer

LoadBalancer has a listener on HTTPS / 443 And Forwards to a Target Group

Target Group

Target Group has protocol HTTP / 80 configured

ECS

ECS has Spring Boot App with the host & container port mapped to port 9090. ECS Service is created that uses the existing LoadBalancer, and Target Group above

Security Groups

Loadbalancer Security Group - allows inbound on 443 - CIDR 0.0.0.0 ECS Security Group - allows inbound on port 9090 from LoadBalancer Security Group.

Results

When I run the service: Service runs. Spins up 2 tasks as Running The Target group reports both containers as Healthy (on the endpoint bff/actuator/health)

....But when I try to access that endpoint via the LoadBalancer

e.g. https://CloudFront/bff/actuator/health, I get a timeout / cannot access error (after 30 seconds)

I cannot figure out where I have gone wrong.

I inspect the CloudWatch logs, and it's as if the request isn't getting through to the ECS Container.

Any ideas?

UPDATE

The ALB DNS works when I use that directly

https://LoadBalancerDNS/bff/actuator/health (though I get a security warning since the ALB SSL cert expects the CloudFront URI)

The issue seems to be between CloudFront and the ALB, as this does not work:

https://CloudFrontRoute53DomainName/bff/actuator/health

Answer 1

Target Group has protocol HTTP / 80 configured

ECS has Spring Boot App with the host & container port mapped to port 9090 ECS Service is created that uses the existing Load Balancer, and Target Group above

Your Target Group is configured to send traffic to port 80 of the ECS task. Your ECS task is listening on port 9090, not port 80.

You need to configure your Target Group to forward traffic to the actual port the ECS task is listening on. In this case, that is port 9090.