The other SO question you referenced is spot on. Double/Triple check the following
- You need to attach only public subnets to your ELB, making sure that the availability zones those subnets are aligned with the availability zones of the private subnets that your instances are in.
- Make sure that the security group of your instances allows access from the security group of your load balancer
- The load balancer security group should have an egress rule allowing the health check to reach the instance
- Make sure that your health check is working locally on the instance. For example, if your health check in the ELB is
HTTP:8080/health_check
, on the instance you cancurl x.x.x.x:8080/health_check
(wherex.x.x.x
is the private IP of the instance) and get a 200 response code. - The public subnet routing table should route
0.0.0.0/0
to the internet gateway attached to your VPC. - The private subnet routing table should route
0.0.0.0/0
to a NAT instance or gateway in a public subnet