amazon-web-services - AWS : Getting 502 from Application LoadBalancer to EC2 instance

Question

我在 2 个公有子网中有 2 个 EC2 实例。 EC2 实例位于与 EC2 实例相同的公有子网中的应用程序负载均衡器前面。 EC2 的安全组设置为仅接受来自负载均衡器所在安全组的 tcp 流量。

当我访问 Application Load Balancer 端点时收到 502。

我正在使用 CloudFormation 进行部署。这是相关的代码。

AWSTemplateFormatVersion: "2010-09-09"
Description: Deploy a 3-tier wordpress system. (Plublic and Private subnets and DB on RDS)

Parameters:
  VpcId:
    Description: VPC id
    Type: String
    Default: vpc-0b6a616f830dd7d5a

  PublicSubnetA:
    Description: Subnet Id where instance will create
    Type: String
    Default: subnet-0616a6183bee2b276

  PrivateSubnetA:
    Description: Subnet Id where instance will create
    Type: String
    Default: subnet-06784a19612a64444

  PublicSubnetB:
    Description: Subnet Id where instance will create
    Type: String
    Default: subnet-04f7e39ac1431f22a

  PrivateSubnetB:
    Description: Subnet Id where instance will create
    Type: String
    Default: subnet-0fa6aa79eaee582bf

  EC2KeyName:
    Description: Name of an existing EC2 KeyPair to enable SSH access to the instance
    Type: AWS::EC2::KeyPair::KeyName
    Default: test
    ConstraintDescription: must be the name of an existing EC2 KeyPair.

  EC2InstanceType:
    Description: EC2 instance type
    Type: String
    Default: t2.micro
    ConstraintDescription: must be a valid EC2 instance type.

  WebServerInstanceAMI:
    Description: EC2 instance type
    Type: AWS::EC2::Image::Id
    Default: ami-0210560cedcb09f07
    ConstraintDescription: must be an existing AMI ID.

  SSHLocation:
    Description: The IP address range that can be used to SSH to the EC2 instances
    Type: String
    MinLength: 9
    MaxLength: 18
    Default: 0.0.0.0/0
    AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})
    ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.

  Application:
    Description: Application Name
    Type: String
    AllowedPattern: "[A-Za-z0-9-]+"
    Default: test

  Environment:
    AllowedValues: [preprod,prod]
    Default: preprod
    Description: The name of the Environment
    Type: String

Resources:
  LoadBalancerSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      VpcId: !Ref VpcId
      GroupDescription: ELB Security Group
      SecurityGroupIngress:
        - FromPort: 80
          IpProtocol: tcp
          CidrIp: 0.0.0.0/0
          ToPort: 80
          Description: Allow from internet
      Tags:
        - Key: Name
          Value: !Sub '${Application}-loadbalancer-sg'
        - Key: Project
          Value: !Ref Application
  WebServerSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: 'SSH and Port 80'
      VpcId:
        Ref: VpcId
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          CidrIp: !Ref 'SSHLocation'
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          SourceSecurityGroupId:
            Ref: LoadBalancerSecurityGroup
      Tags:
        - Key: Name
          Value: !Sub '${Application}-webserver-sg'
        - Key: Project
          Value: !Ref Application
  LoadBalancer:
    Type: AWS::ElasticLoadBalancingV2::LoadBalancer
    Properties:
      Name: ApplicationLoadBalancer
      Scheme: internet-facing
      Subnets:
        - !Ref PublicSubnetA
        - !Ref PublicSubnetB
      SecurityGroups:
        - !Ref LoadBalancerSecurityGroup
  LoadBalancerListener:
    Type: AWS::ElasticLoadBalancingV2::Listener
    Properties:
      LoadBalancerArn: !Ref LoadBalancer
      Port: 80
      Protocol: HTTP
      DefaultActions:
        - Type: forward
          TargetGroupArn: !Ref ApplicationTargetGroup
  ApplicationTargetGroup:
    Type: AWS::ElasticLoadBalancingV2::TargetGroup
    Properties:
      HealthCheckIntervalSeconds: 30
      HealthCheckProtocol: HTTP
      HealthCheckTimeoutSeconds: 15
      HealthyThresholdCount: 3
      UnhealthyThresholdCount: 3
      HealthCheckPath: /index.html
      Matcher:
        HttpCode: '200'
      Name: ApplicationTargetGroup
      VpcId: !Ref VpcId
      Port: 80
      Protocol: HTTP
      TargetGroupAttributes:
        - Key: deregistration_delay.timeout_seconds
          Value: '20'
      Targets:
        - Id: !Ref WebServerInstance1
          Port: 80
        - Id: !Ref WebServerInstance2
          Port: 80
  WebServerInstance1:
    Type: AWS::EC2::Instance
    Properties:
      InstanceType: !Ref EC2InstanceType
      KeyName: !Ref EC2KeyName
      SubnetId: !Ref PublicSubnetA
      SecurityGroupIds:
        - !Ref WebServerSecurityGroup
      ImageId: !Ref WebServerInstanceAMI
      UserData:
        Fn::Base64: !Sub |
          #!/bin/bash -xe
          cd /tmp
          sudo yum update -y
          sudo yum install -y httpd
          echo "Welcome from the instance 1" > /var/www/html/index.html
          sudo -u root service httpd start
  WebServerInstance2:
    Type: AWS::EC2::Instance
    Properties:
      InstanceType: !Ref EC2InstanceType
      KeyName: !Ref EC2KeyName
      SubnetId: !Ref PublicSubnetB
      SecurityGroupIds:
        - !Ref WebServerSecurityGroup
      ImageId: !Ref WebServerInstanceAMI
      UserData:
        Fn::Base64: !Sub |
          #!/bin/bash -xe
          cd /tmp
          sudo yum update -y
          sudo yum install -y httpd
          echo "Welcome from the instance 2" > /var/www/html/index.html
          sudo -u root service httpd start
Outputs:
  LoadBalancerDnsName:
    Description: Load Balancer public facing DNS
    Export:
      Name: !Sub ${AWS::StackName}-LoadBaancer
    Value: !GetAtt LoadBalancer.DNSName

我查看了控制台 UI 中部署的资源，可以看到 EC2 实例上的正确安全组规则。我没有看到 ALB 何时会在向 EC2 实例发送消息时遇到问题。

问题:为什么当我访问 ALB 端点时会收到 502 错误？

Answer 1

我在我的 VPC 中部署了您的模板。 模板非常好并且工作没有任何问题，包括您的负载均衡器和网站。

因此，无论是什么导致了您的问题，都不在此模板之外。可能VPC定义不正确，但没有显示。如果需要，您可以提出包含 VPC 设置详细信息的新问题。