'How AWS target groups healthchecks are routed
Are the healthchecks that the target group performs routed from outside the VPC (aka from internet) or are generated and routed internally. I am asking this because I don't know if I should open the port for healthchecks from security group at internet level (0.0.0.0) or VPC level (10.0.0.0/16)
Thanks
amazon-web-servicesSolution 1:[1]
Target groups are part of Load balancer and behind Load balancer you application layer resides either in form of Ec2 or ECS containers or any other application tier component.
Since public/internet user will be interacting with load balancer hence load balancer will SG will be open which mean allows traffic from anywhere.
And to Application tier i.e ec2 or ecs container the traffic is routed from load balancer only which means only traffic from load balancer should be allowed and to do you need to allow traffic from Sg of load balancer.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Jatin Mehrotra |