ElasticBeanstalk with ALB in public subnet

Hello I have my java application on ElasticBeanstalk in Private Subnet EC2 and Private SubnetRDS, EC2 is behind ALB. I want my ALB that is in public subnet to handle all requests, so i have removed NAT GW from VPC RouteTable of EC2 pvt subnet.
But now my application is down :confused: Can anyone here have a solution

If your EC2 instances are in a private subnet and you can access the app from outside the VPC, then the ALB is already handling the requests. The NAT gateway is for requests which originate in your service going out to the internet.

So When i remove NAT GW, my application status goes to Unknown and error says None of the instances are sending data.

Also cant ALB handle request that originates from our server?

Yes, but if they’re in the public subnet, then the requests need to go out via the nat gateway and back in via the ALB. If you want internal requests to stay within the VPC, then you need another ALB which uses the private subnet.

No, so I want all request internet and external to be handled by ALB that is why I have placed it in Pub Subnet and Instance in Private Subnet.
Does ALB also used NAT GW to handle instance request that is in private subnet?

2 ALB what for? currently I have 1 ALB in public subnet in front of EC2 in public subnet.
and I am getting 200 healthchecks in ALB.
but my ElasticBeanstalk application says None of instances are sending data :confused:

You have removed the nat gateway and your instances are not able to send data to AWS ElasticBeanstalk service.

You have 2 options for incoming requests:

  1. 1 ALB in the public subnet. Internal requests from your EB instances would go out through NAT and back into the ALB via the public subnet.
  2. 2 ALBs, one public and one private. The public ALB would handle public requests and internal requests would have to go to the private ALB
    Either way, you need a way for instanes to send their status updates to AWS (internet via NAT gateway of VPC endpoint - I don’t think you should look at VPC endpoints until you have it all working using NAT).

Ok so now I have to create another loadbalancer in private subnet and add same instance in this load balancer right?

Yes, if you want it to work that way, rather than going out of the NAT and back in. But you will still need NAT or VPC endpoint for EB to pass data back to AWS.

But why I am getting 200 health check and sample java app is also running with NAT GW

i am still confused why sample app is working with status instance not sending any data

Because the app is actually working. AWS EB service doesn’t know that because it’s not receiving the data from the instances (because there is no nat)

I am also able to access sample application using EB URL, so it means that EB is receiving data from Instance


Above is the sample app that i can access on browser without NAT

Yes, everything looks as expected. What is your question?

Sample app is working and still giving Unknown status on AWS ElasticBeanstalk.
but My App is giving timeout errror on Elasticbeanstalk with same settings

You probably need to check app logs to work out why it’s failing. Are you sure the settings are identical? Did you put the NAT back?

No NAT is removed, my sample app is working fine without NAT with ALB.

My custom app health check is also 200, I am able to access swagger page on my app, app is running inside instance,
but when I try to login or test login api, is gives my 504 Gateway Timeout.
I am using RDS Postgres which is in PrivateSubnet.

App works when I add NAT