When I added EC2 instance to 'Elastic Load Balancer' by clicking edit instances button in AWS management console, it gives me status message 'Out Of Service'. Is there is any dependencies to attach instance to load balancer ?
Check instance security group inbound rules, should be added ELB security group
I found out the solution, that is
Health check was not configured properly, it gives 302(redirect error).
I reconfigured health check again with proper ping path...
It's working fine..
Related
I have a the application load balancer set up with a security group. I also have my ec2 instance (windows) set up with another security group. My ec2 instance is configured in vpc.
If I type the load balancer dns (for example http://alb-myrpoject-437610392.us-east-2.elb.amazonaws.com/) on the browser it works but the health check fails. Here is the screenshot of the target group:
I am using the Apache web server.
Any idea why the health check is failing while the load balancer dns works?
Thanks for trying to help with your comments. I realized that I didn't give enough info. Okay, I've finally figured it out. On the security group of the ec2 instance, I also added
HTTP TCP 80 0.0.0.0/0
Now the health check became healthy I can also reach out my web page using my ip of my ec2 instance.
My EC2 instance has a site hosted using tomcat and that can be accessed using
http://public-Ip:8080/index.html
But when i put this instance behind a elastic load balancer, set the health check to
HTTP:8080/index.html
though the ELB passes the health check, when i try to access the using site using
http://ELB:8080/index.html
i am unable to access the site.
Is there something that is missing? or i need to do additionally.
This is how my LB listner tab looks like
LB listner tab
There was issue with the communication between the Security Group (SG) of my EC2 instances and the Elactic Load balancer(ELB) SG. I allowed my EC2 SG in the ELB SG and that helped.
I have created a Application Load Balance in Aws.
I have created 2 EC2 and make them a group.
After that I add that group to the ALB with listener 80.
But when the system goes for healthy checks, it gives the error and shows that two registered EC2 are unhealthy.
The error is :
None of these Availability Zones contains a healthy target. Requests
are being routed to all targets.
Availability Zones:
subnet-5691df0f - ap-northeast-1c,
subnet-97ae35e1 - ap-northeast-1a
Please let me know the reason.
AWS Related image
AWS Related image2
I was running into this issue, and also getting a 504 Gateway timeout, and it ended up being this missing rule from the documentation.
Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
In the left navigation, choose Security Groups.
Choose the security group that your container instances use. If you created your container instances by using the Amazon ECS first run wizard, this security group may have the description, ECS Allowed Ports.
Choose the Inbound tab, and then choose Edit.
For Type, choose All traffic.
For Source, choose Custom, and then type the name of your Application Load Balancer security group that you created in Configure Security Groups. This rule allows all traffic from your Application Load Balancer to reach the containers in your tasks that are registered with your load balancer.
Choose Save to finish.
Check if your heath check parameters in target group is properly configured
protocol and port should be pointing to something where response header return 200 ok
screenshot target group settings
also, check if you EC2 heath check is ok or not and the Subnet you added to Alb should have at least 1 Ec2 running any of those subnets,
check the security group also should allow ALB to look for EC2
AwS link 3: https://i.stack.imgur.com/TEOnU.gif]2
AWS Link 4
I encountered a similar issue while learning to setup load balancer for my EC2 instance.
It turns out that under Target Groups:
the "path" under the "Health Check" tab was not registered although it showed the correct value "/".
Therefore I just edited the path value(by clicking the "edit health check") to "/" and saved it again just so that the system can register that value. (you could also try saving it to some other value, say "/health", first and then saving it back to "/")
This seemed to fix my problem.
Hi all I just encountered the same issue and the solution is a setting in the ALB (Application Load Balancer) itself
Make sure the ALB AZ matches your instance AZ here is a screenshot of the setting. I am using us-east-1a and us-eas-1e for my instance. So my ALB setting for AZ should match that, click on the "Edit Subnets" button to edit your AZ on your ALB
Ensure that communication is allowed at security group level between your load balancer and your targets.
From AWS
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-update-security-groups.html
You must ensure that your load balancer can communicate with registered targets on both the listener port and the health check port [...] you must verify that the security groups associated with the load balancer allow traffic on the new port in both directions.
For example, a simple way to portray the rules you would require if you have a PUBLIC FACING load balancer in security group sg-001 and three EC2 targets in another security group sg-002 is as follows:
Just add new AZs by clicking on the Edit Subnet under the Load Balancer description.
I have created a classic load balancer and auto scaling policy which launch 2 instance successfully; now when I logged in through ssh to one of the load balancer.
ssh -i "mykeypair.pem" ec2-user#my-load-balancer-1222.us-east-1.elb.amazonaws.com
we looged in with the teminla
[ec2-user#ip-10-0-1-86 ~ ] << here this Ip is one of the instance which was created by auto scaling
now I want to check the security-group of the elb from curl http://169.254.169.254/latest/meta-data/security-groups command but it display the instnace security group name not the elb security group.
My question is how can we check the elb security group?
It seems you have SSH'ed into one of the 2 instances behind the load balancer (I doubt you can SSH into the ELB itself), so that's why you're seeing the security group of that instance.
I believe the way to check the ELB's security group is by using the AWS CLI (or one of their SDKs), using the
aws elb describe-load-balancers --load-balancer-name my-load-balancer
You can find more details in the docs
Note: of course, if you wanted to run this command from within the EC2 instance you SSH'ed into, you would need to make sure you have access to make that invocation. See here for more info, on getting set up.
You should not SSH into an instance via a Load Balancer.
An SSH session is persistent -- you wish to continue talking to the same server. This clashes with the concept of a Load Balancer, which distributes traffic across multiple servers.
I’m having a personal website hosted at AWS EC2 with ELB. Today I have started my AWS EC2 instances (I had turned off due to non usage and Of course, I can save some cost) and tried to load my website via AWS Elastic loadbalancer public dns url but it was not coming up in my browser, instead of webpage I got a blank white page. So I checked my AWS EC2 instances and ELB services.
In the Elastic Load Balancer section, I can see that the status message is showing the registered AWS EC2 instances are “Out of Service”! I tried to change the health check parameter values, nothing happened! So I deregister the EC2 instances from the loadbalancer and register the same again. After few minutes the instances are coming up to “In Service”. It took sometime because the EC2 instances should register into the loadbalancer and health check. Finally I brought my website up.
Solutions tried --
If you have launched your instance in EC2-VPC, by default, the IP address associated with your instance does not change when you stop and then start the instance. However, when you stop and then start your EC2-VPC instance, your load balancer might take sometime to recognize that the stopped instance has started. During this time your load balancer is not connected to the restarted instance. I recommend that you reregister your restarted instance with the load balancer.
My instance is in EC2-VPC and I tried the baove and when I re-register the instance falls back in the load balancer but otherwise I am just waiting to no avail. Any reason?
This is very common issue in for aws elb. What you can do is add following lines at
end of your /etc/rc.local (assuming you are running linux box)
elb-deregister-instances-from-lb <load_balancer_name> --instances <instance-id>
elb-register-instances-with-lb <load_balancer_name> --instances <instance-id>
It first deregisters your instance from elb and then registers back the instance.
Regards
Rajarshi Haldar