Stitching together AWS API Gateway and Private EC2 Instances

Question

I've spent the majority of today reading google results and documentation on how to connect AWS API Gateway to EC2 instances (created by Elastic Beanstalk) in a private subnet. I know that API Gateway requires targets to be publicly addressable, so...

1. I manually created an Application Elastic Load Balancer that listens for (and terminates) HTTPS at a public IP address;
2. I created a VPC with two subnets: one public (holds load balancer) and one private (holds EC2 instances); and,
3. I believe I have to create security groups that allow everyone/everywhere to connect to the load balancer, but only entities in my public subnet to connect to my EC2 instances.

Unfortunately I'm unable to view the sample Beanstalk application via the load balancer's DNS name. The connection just times-out.

Can someone please confirm I've identified all the steps? Is there any way I can trace my requests to see where they're failing? Or (even better) why they're failing? Thanks!

Answer 1

1. Check your security groups to make sure that HTTPS traffic is allowed
2. Make sure your Network ACLs are allowing traffic from your load balance to your EC2 instances
3. Check your VPC routes to ensure there is a route from your load balancer to your EC2 instance