Score:0

AWS Fargate Load Balancer timing out

tl flag

I'm setting up an AWS ECS/Fargate cluster/service/task with a load balancer for the first time.

I believe the task is good since I can go to the task's (public) IP directly in a browser and see the application.

I set up an application load balancer whose default listener is forwarding to my target group, and my target group shows one health registered target that has the private IP address of my task.

However, when I go to the DNS Name of my load balancer (xxxxx.region.elb.amazonaws.com), it eventually times out with a "This site can't be reached" message. I even did a reverse DNS lookup of the load balance and tried those IP addresses directly with the same result.

Everything is on port 80 and all the inbound (and outbound) rules I can find allow port 80 traffic from anywhere.

What am I missing or what should I check? Thanks!

Score:0
tl flag

I think I found the issue. The security group for my load balancer was "default VPC security group". When I looked at the inbound rules for the security group, it had one entry: all traffic, all protocols, all port ranges, but when I scrolled all the way over to the right, the source listed was itself? "sg-xxxxxxx / default"

I have no idea how it was set that way or what it means, but when I added two new inbound rules for HTTP, protocol TCP, port 80, 0.0.0.0/0 and ::/0, it started working.

Tim avatar
gp flag
Tim
I prefer not to use default security groups or VPCs, because defaults are often wide open - except in this case. IMHO you'd be better off removing all rules for the default security group and defining a new SG for each resource. Then you define inter-security group rules on the ports / protocols required.
tl flag
Will do, thanks. Just trying to get it to work before I tighten things up!
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.