I'm running an ECS cluster with ECS service to run a container in it. I'm also using an AWS application load balancer that points to this ECS instance. The container getting stopped every time because of health check with failure with exit code 143.
Task failed ELB health checks in (target-group arn:aws:elasticloadbalancing:us-east-1:426955121075:targetgroup/cs1-TargetG-UG5G7MZZLBOA/246895af7886b697)
I debugged a lot found that that Application Load Balancer (ALB) could not reach to my ECS instance due to issue with the assigned Security Group rules attached with the ECS instance.
In my security group, I was allowing the HTTP 80, SSH 22, etc. Now the problem is if I change the ingress/inbound rule to 'All Traffic' with source as 'Anywhere' then the ALB passes the health check and container comes in healthy state however if I keep it with HTTP or HTTPS or SSH then again the health check fails which restarts my container.
May I know what kind of traffic should I allow between ALB and ECS Instance (other than All Traffic) in my Security Group to make it work?
Since allowing all traffic is not good practice, also from a security point of view too. so instead of all traffic reference security group.
first of all your load balancer should have a separate security group which allows traffic from anywhere.( inbound rule). Ecs security group should be separate from load balancer and inbound rule should allow traffic only from application load balancer security group. this is called as security group referencing.