0

I used the migration wizard to create a Network Load balanacer. And I noticed that there are no security groups associated with the NLB like there are for classic and application load balancers. So I checked the NLB name in network interfaces to capture the IP addresses and add them the security group for the instances associated with the target group as:

Custom TCP | TCP | 7443 | IP Address

All of the health checks are still failing however. I was just wondering if anybody has some advice on how to set up NLBs?

Thanks in advance!

codemonkey1010
  • 69
  • 2
  • 8
  • Just an additional bit of information. I added the IP addresses in CIDR form /32 as they are specific IP addresses. I am at a complete loss on how to fix this issue. – codemonkey1010 Nov 09 '20 at 09:26
  • Same issue here. NLB -> target group -> ALB -> target group to VPC Endpoint IPs -> Routing to Lambda. Health checks are unhealthy. – Hamburml Sep 26 '22 at 15:07

1 Answers1

2

A recommended way is to allow entire VPC CIDR range in your instance's security group.

If you don't want to do this, then you have to use private IP address of the NLB nodes. In the above link with recommendation there is procedure listed how to get these IPs.

Marcin
  • 215,873
  • 14
  • 235
  • 294
  • If an instance in the NLB target is failing healthchecks (its the only instance) should the NLB still be forwarding traffic to it? I have a similar issue, which is how I found this post, the instance is marked as unhealthy in the TG as the healthchecks are failing but I can still access the application running on the instance from my browser. – berimbolo Oct 13 '22 at 14:09
  • Actually I didnt read the docs properly, so sorry for the wasted request. Possibly helpful to someone else is that if ALL instances in the target group are unhealthy the NLB will forward requests to all of them. – berimbolo Oct 13 '22 at 14:16