stackoom
  简体   繁体   中英

AWS: Access to the application through the Load Balancer or by the Public IP specified in the Task from the service

 原文  2020-06-20 13:56:56       amazon-web-services/ amazon-ecs/ amazon-elb/ aws-load-balancer

Question

There is an ECS service with Auto-assign public IP enabled and configured to run the task from Task Definition - the task starts as a web application and becomes accessible by public IP.

If I create the exact same service that launches a task from the same Task Definition, but with a LoadBalancer - the task also launches and the application starts successfully, which is also seen in CloudWatch Logs, but I cannot access this application by public IP from the running task.

In the LoadBalancer Target Group, the task is registered, but after the unsuccessful Health Check the task stops (in the Target Group it passes statuses initial> unhealthy> draining). I tried to increase the health check time in the hope of reaching the task.

Also, in the Security group, which is used by the service, added in inbound rules: Custom TCP 8080 (as my application listening on the 8080 port) for security group load-balancer

The question is , should the application be accessible by Public IP specified in the Task if the service is created with the Load Balancer? I can't understand why in service without ELB the application is accessible by Public IP from the Task while creating a service without ELB it is not available.

Moreover, because of the fact, the task stops by the health check, the task not available through the ELB also.

Followed this instruction when creating a service with ELB https://aws.amazon.com/premiumsupport/knowledge-center/create-alb-auto-register/

Please recommend in which direction to look for a solution.

1 answers

solution1
 1  2020-06-20 14:06:28

If you have a load balancer then you should definitely not be exposing the task to be publicly accessible. It should be private and if possible from its security groups only allow access from the load balancer.

If the task fails its health checks then you can find out the reason it failed by checking the targets tab of the target group:

  • If the target shows it failed due to timeout this will be a security group issue.
  • If the target shows a status check this will be your application not matching the response that the health check expects

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question 8 free IP addresses in the public subnet specified for AWS Elastic Load Balancer? AWS Fargate cannot access dockerized spring boot application over Load balancer/ public IP Fixed IP address for service behind aws application load balancer How do I configure AWS Application load balancer and NAT gateway to have the public IP Service discovery on aws ECS with Application Load Balancer AWS full access policy for Application Load Balancer How can I access my application from the public IP of AWS? How to get permanent ip address of a kubernetes load balancer service on AWS? AWS EKS load balancer service stuck at external-ip[pending] AWS: Source ip not visible at instance through Network Load Balancer
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM