What is a possible reason for this issue?
Security groups are not allowing traffic between the ALB and the failing EC2 instances.
The Auto Scaling group health check is configured for EC2 status checks.
The EC2 instances are failing to launch and failing EC2 status checks.
The target group health check is configured with an incorrect port or path.
Explanations:
The security group settings might block traffic, but if the EC2 instances are healthy in the Auto Scaling group, this is unlikely to be the root cause. ALB health checks would fail earlier if security groups were misconfigured.
Auto Scaling group health checks are typically based on EC2 instance status checks (e.g., instance reachability), but the ALB health check is independent. Thus, EC2 health checks do not affect ALB target group health.
If EC2 instances were failing to launch or failing EC2 status checks, they would not appear as healthy in the Auto Scaling group. The issue seems to be with ALB health checks, not EC2 instance status.
If the target group health check is configured with an incorrect port or path, the ALB will mark the instances as unhealthy even though the EC2 instances are functioning properly. This misconfiguration would prevent the ALB from correctly determining the health of the instances.