0

I'm trying to do something very similar to this.

When I configured my ECS service to run my container inside public subnets and auto-assign it a public IP address, everything worked fine and it passed the health check. But for some reason, if I try using my two private subnets (and disabling the auto-assign IP address option), it stops working.

I've already checked my security groups. It's a single one for both the ALB and the ECS service, which allows traffic from everywhere on ports 80, 8080 (the one my container is listening to) and from any port coming from the same security group (so that the ALB can use other ports during the health check). The health check path is also working fine.

What am I doing wrong?

Helder Sérvio
  • 11
  • 1
  • 2
  • Do you have Network ACL rules defined in those private subnets? – Mark B Oct 05 '21 at 16:27
  • @MarkB, yes. Those private subnets are part of my default VPC, which has a Network ACL defined for all the 6 subnets. – Helder Sérvio Oct 06 '21 at 11:01
  • What are the Network ACL rules then? This is the prime suspect in your network connection issues. Please edit your question to include all relevant information. – Mark B Oct 06 '21 at 12:57
  • @MarkB, I set it to allow all traffic from anywhere, just in case I was missing something. I made it work with a NAT gateway now, though. Still couldn't make it work with the VPC endpoints only. – Helder Sérvio Oct 06 '21 at 17:22

0 Answers0