Time out when ECS task connecting to Internal ELB

I have two services running with one-one task in it. There are two subnets in use for both tasks and both are public.

TASK 1 (API): Configured with internal NLB and running fine with health checks.

TASK 2 (UI): Configured with public ALB and it's also passing the health checks.

Problem: UI task has code written in it to connect to NLB but when I am accessing the UI, its not able to connect to NLB and throws network time out. I created an ec2 instance in the same VPC and tried to access the NLB and I am able to connect to it.

The security group of TASK1 is open to VPC CIDR Range. Do I need to enable any network configuration so the UI task can connect the NLB?

Solution

As the API is internal, however the JavaScript in your public application is what is attempting to trigger the API it would not be possible to connect to the private API unless the user was accessing via a browser inside of your VPC.

You have a few options which you can look at:

Can the frontend application perform a server side interaction with the API.
Can the API be safely exposed? If so update it to use a public load balancer.
Could you use API Gateway along with VPCLink. Your API would be exposed via API Gateway but all networking resources would be kept private.