Introduction

AWS NLB static IP is not accessible when security group or network ACL blocks traffic. This guide provides step-by-step diagnosis and resolution with specific commands and configuration examples.

Symptoms

Typical symptoms and error messages when this issue occurs:

bash
Load balancer error: backend unavailable
Check health check configuration
Verify backend server status

Observable indicators: - Load balancer returns 5xx errors to clients - Backend servers marked as unhealthy - Traffic not reaching expected backends

Common Causes

  1. 1.AWS Load Balancer issues are commonly caused by:
  2. 2.Health check path returning wrong status code
  3. 3.Security group blocking health check traffic
  4. 4.Target not registered or in wrong target group
  5. 5.Timeout configuration mismatch with application

Step-by-Step Fix

Step 1: Check Current State

bash
aws elbv2 describe-target-health --target-group-arn <arn>

Step 2: Identify Root Cause

bash
aws elbv2 describe-load-balancers --names <name>

Step 3: Apply Primary Fix

bash
# Primary configuration fix
upstream backend {
    server 10.0.0.1:8080;
    server 10.0.0.2:8080;
    keepalive 32;
}

Apply this configuration and reload the load balancer.

Step 4: Apply Alternative Fix (If Needed)

bash
# Alternative fix: adjust timeouts
proxy_connect_timeout 10s;
proxy_read_timeout 60s;
proxy_send_timeout 60s;

Step 5: Verify the Fix

After applying the fix, verify with:

bash
aws elbv2 describe-target-health --target-group-arn <arn> --query "TargetHealthDescriptions[?TargetHealth.State==`healthy`]"

Expected output should show healthy backends and successful request routing.

Common Pitfalls

  • Health check path returns redirect instead of 200
  • Security group blocking health check from ELB
  • Target deregistration delay causing connection drops
  • Cross-zone load balancing disabled unexpectedly

Best Practices

  • Use target groups with proper health check settings
  • Configure connection draining for graceful shutdown
  • Monitor CloudWatch metrics for target health
  • Use multiple AZs for high availability
  • AWS ALB Target Group Unhealthy
  • AWS ALB 502 Bad Gateway
  • AWS NLB Connection Reset
  • AWS ALB SSL Certificate Error