AWS ELB Instance OutOfService

Question

I'm stuck on a configuration and hoping someone can help me break through. I have a single EC2 instance behind an ELB, but can't seem to bring that instance into service. If I remove the ELB, I can connect to the status check URL just fine. Here are the details:

• The EC2 instance and the ELB are in the same VPC
• The ELB belongs to a security group that allows access to :443 from anywhere (0.0.0.0/0).
• The ELB port config is: 443 (HTTPS, ACM Certificate: xxx) forwarding to 80 (HTTP)
• I can telnet to the ELB on :443.
• The EC2 instance belongs to a security group that allows access to :22 from anywhere and to :80 from the ELB security group.
• I've tried opening up :80 access on the EC2 instance, but that made no difference.
• I can connect directly to the EC2 instance on :80 (telnet or http) when access to :80 is opened up, but the instance remains out of service to the ELB.

There's no indication that the ELB is able to connect to the EC2 instance at all. Tailing my nginx access log shows no ELB-generated requests for my health check URL.

Any idea what I might be missing here or what I might need to check?

Answer 1

First you should check your configuration of health-check in ELB. Misconfiguration there can lead to such consequences.

Also you can try disabling Source/Destination check in settings of EC2 instance.

Answer 2

My bad, folks. I completely forgot that the ELB executes the heath check request via the internal IP address of its instances (e.g. http://XXX.XXX.XXX.XXX/status). My web server wasn't listening for anything on that particular IP. Argh.