0

I launched a beanstalk multi container instance and its working fine. I then tried to setup dynamic port mapping and set the host port to 0. I allowed port range 32768 - 60999 for ec2 instance security group and I can access nginx using newly assigned dynamic port from browser/curl.

So, then I created an ALB & target group to support dynamic port from ecs service. Like I can access the app directly hitting instance_public_id:33084 publicly.

currently there is nothing running on port 80. So, the image below is valid in that case. But it should work in case of dynamic port.

enter image description here

enter image description here

Application Load balancer forwarding request to the above target group.

Things I tried.

I ssh into the instance and launched SimpleHTTPServer on port 80. In target group port 80 status becomes active as expected. I can also access that from load balancer DNS.

Setup: Send email whenever a request to /service/ is sent. (No email so far). Although on hitting public_ip_instance:dynamic_port I am getting emails.

Also tried allowing all in bounds traffic in attached security group of instance.

FYI, I have added all subnet zones to ALB and everything is running in only one default VPC.

I am running out of ideas at this point. Any work around I can do?

Saad Abdullah
  • 113
  • 1
  • 10

1 Answers1

0

Run TCPdump on the node to see if there are any connections coming in from the ALB. Also check there are no NACLs that prevent access between the two. Is the ALB a member of a security group that can reach the node on that port?

Jason Martin
  • 4,865
  • 15
  • 24
  • Thanks for reply Jason. I think the issue is with ALB, it sends request to port 80 but not on target group traffic port (which is dynamic). Regarding SG. As ALB gets request from port 80 outside and simply forward that to target group ports. So, all outbound traffic is open and inbound is set to 80 which I think is correct. Also, i tried opening all traffic for inbound too. Still no luck so far. The odd thing is, in the same target group, I get request to hardcoded mentioned ports (80, 8000 etc). But not getting ALB request on dynamic port even its open on instance (sg. 32768 - 60999) – Saad Abdullah Aug 29 '17 at 05:43
  • One more thing I would like to add here is, I tried creating a new ALB and used that to forward requests to same target group with same instance. It worked with dynamic ports too. Seems like beanstalk auto created ALB (with ECS dynamic port) doesn't work. – Saad Abdullah Aug 29 '17 at 05:45