I'm confused how the AWS load balancers work. I have a pretty simple setup...
I have a rest based API that needs to be exposed to the internet (port 80) via my load balancer. I only want the load balancer exposed to the internet traffic. I have a security group setup for my instance that restricts direct access to only my ipaddress for testing purposes.
The load balancer is not ip restricted on http, it just has port 80 open (with a listener to my api service on port 3001). The problem is that the load balancer cannot see my instance if I setup any ip restrictions on the instances in question. Once I remove those restrictions on my instances, the health checks start working and I can access the service through the load balancer. The problem with that is my instances now have ports open to the internet that I don't want.
Is there something additional I need to do to allow the load balancer to access my instances when using ip restrictions?
One final note, my health checks work fine until I add the instance-level ip restrictions so I know the health check is not the problem. I think if I added the load balancer's IP to my whitelist, it would work, but that ip is dynamic and not viable for this purpose.