EC2 security group setting for load balancer, auto scaling group

Question

So I set up a proxy server in AWS EC2 (let's say EC2 A) under Elastic Load Balancer with AWS AutoScaling groups... So I have 5 of EC2 : A under this elastic load balancer that has one DNS server endpoint for this proxies.

Through this proxy DNS (e.g. http://myelb.elb.aws.com), I want to send HTTP request from EC2 B.

Then where should I set up the security group?

And what kind of security rules for this program flow?

I tried to add EC2 A to the Elastic Load Balancer but it keeps being OutofService, never got to InService mode.

Answer 1

OutofService indicates that your Elastic Load Balancer is either not ready, or the instances are failing their Health Check. If you point to the little "i" information icon, it will explain why an instance is not InService.

Within your Elastic Load Balancer, take a look at the Health Check tab and confirm that it is configured correctly. It will either be checking a URL (eg /index.htm) or checking a port (eg port 80). If your "A" servers are listening on port 80, the quickest way to pass the health check is to set it to TCP and set the Healthy Threshold to 2 attempts.

Your Security Groups should have these settings:

• A Security Group on your Elastic Load Balancer (eg ELB-SG) that allows incoming traffic either from the whole Internet (0.0.0.0/0) or at least from your "EC2 B" instance (specifically, it should allow traffic where the source is the name of a security group associated with your B instance).
• A Security Group on your "EC2 A" instances that allows incoming traffic from the security group on your Load Balancer (ELB-SG).

If you are worried that your Security Groups are incorrectly configured, start troubleshooting by opening up access to the entire Internet (0.0.0.0/0) and, once you have confirmed connectivity, progressively reduce access to the above settings.