I have two ec2 instances on private subnets, both instances have the same efs mounted on which there is a flask application called microblog. In logged into both and have run flask run --host=0.0.0.0.0 so both have microblog running.
Instance 1:
- Running on all addresses (0.0.0.0.0).
- Running on http://127.0.0.1:5000
- Running on http://10.0.0.186:5000
Instance 2:
- Running on all addresses (0.0.0.0.0)
- Running on http://127.0.0.1:5000
- Running on http://10.0.1.149:5000
The goal is to have a load balancer distribute the incoming traffic between the two instances, for this I created an application load balancer by selecting the same VPC but this time on the public subnets. The internet ingress to the load balancer occurs on port 80, so I have created a listening agent on port 80. For the target group I have chosen port 5000 which is where the application is running, the same VPC as the load balancer and the instances. But the instances always appear as unhealthy.
To check that the instances were responding on port 5000
I did a curl -I http://localhost:5000/ and it responded with :
TTP/1.1 302 FOUND
Server: Werkzeug/2.2.2 Python/3.9.16
Date: Fri, 23 Feb 2024 18:23:14 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 227
Location: /auth/login?next=%2F
Vary: Cookie
Set-Cookie: session=eyJfZmxhc2hlcyI6W3siIHQiOlsibWVzc2FnZSIseyIgbSI6IlBsZWFzZSBsb2cgaW4gdG8gYWNjZXNzIHRoaXMgcGFnZS4ifV19XX0.Zdjikg.rqq8t9GqtM_sWsnJ6ReqDezT7y4; HttpOnly; Path=/
Connection: close
Seeing that I was doing the redirection, I did the curl again but this time to
curl -I http://localhost:5000/auth/login?next=%2F
HTTP/1.1 200 OK
Server: Werkzeug/2.2.2 Python/3.9.16
Date: Fri, 23 Feb 2024 18:24:18 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 7012
Vary: Cookie
Set-Cookie: session=eyJjc3JmX3Rva2VuIjoiMGJmNWU3ZjIzNDAzM2Y5ZTM4M2QwMjI2NTJiMDExZZWFjNTA3MDA3NyJ9.Zdji0g.e7x7CseuQYu_yfO0-0Yuzulz
LcM; HttpOnly; Path=/
Connection: close
And as I was getting 200 as response I edited the Status check path and put "/auth/login?next=%2F"
But the instances are still returning unhealthy with the reason "Request timed out".
The security group of the load balancer allows entries on port 5000 and port 80 And the instances share the same security group that also allows port 5000 and port 80 coming from the load balancer.