How do I troubleshoot ELB health checks with Elastic Beanstalk?

3 minute read
0

I want to troubleshoot failed Elastic Load Balancing (ELB) health checks for my Amazon Elastic Compute Cloud (Amazon EC2) instance in my AWS Elastic Beanstalk environment.

Resolution

Confirm that your EC2 instance security group allows all ingress traffic from your ELB security group

  1. Open the Elastic Beanstalk console.
  2. Select your environment.
  3. In the navigation pane, choose Configuration.
  4. In the Configuration overview section, for the Instances category, copy the value for EC2 security groups (for example: awseb-e-krkbukb3ww-stack-AWSEBSecurityGroup-IOXAVM).
  5. Open the Amazon Virtual Private Cloud (Amazon VPC) console.
  6. In the navigation pane, choose Security Groups.
  7. In the search bar, paste in the name of the security group that you copied in step 4. Then, select this security group.
  8. Choose the Inbound Rules tab and then confirm that your security group has a rule that allows all traffic from the ELB security group.
    Note: For more information, see Configure security groups for your Classic Load Balancer.

Confirm that your ELB security group egress rule allows traffic on the application port

  1. Open the Amazon EC2 console.
  2. In the navigation pane, in the LOAD BALANCING section, choose Load Balancers.
  3. On the Description tab for your load balancer, in the Security section, choose your security group.
  4. Choose the Outbound tab for your security group and then confirm that your security group has an egress rule that meets your requirements.
    Note: For more information on adding, updating, and/or deleting security group rules, see Work with security group rules-,Work%20with%20security%20group%20rules,-The%20following%20tasks).

Confirm that your network access control list (ACL) allows the required ingress and egress traffic

  1. Open the Amazon VPC console.
  2. In the navigation pane, in the Virtual Private Cloud section, choose Subnets.
  3. Select the subnet attached to your Elastic Beanstalk EC2 instance.
  4. Choose the Network ACL tab and then confirm that the inbound and outbound rules meet your traffic requirements.
    Note: For more information on adding and deleting rules from an ACL, see Add and delete rules.

Confirm that the health check path is properly set for your application

Set the health check path for your type of load balancer:

Confirm that your web server logs show no errors

To confirm that there are no errors, view the logs from the EC2 instances in your Elastic Beanstalk application.


Related information

Control traffic to subnets using Network ACLs

Security groups

AWS OFFICIAL
AWS OFFICIALUpdated a year ago