How Do You Go to an ELB from Your Workstation?

Problem scenario
You can go to an ELB's FQDN via an EC-2 instance (with a curl command). But you cannot go to an ELB from your workstation (with a web browser). What should you do?

Possible solution #1
From the EC-2 instance, can you use nslookup FQDNofELB (where FQDNofELB is the FQDN of the ELB)? This should provide you with the IP address (the last of the IP addresses in the results). You can test it from the EC-2 instance by using curl on it or from your workstation going to it in a web browser. Run nslookup x.x.x.x where x.x.x.x is the IP address of the ELB. This should give you a different FQDN that should be accessible from the internet.

Possible solution #2
Check the security groups's rules to ensure they allow for inbound connectivity. From the EC-2 instance, can you use traceroute FQDNofELB (where FQDNofELB is the FQDN of the ELB)? This should resolve the IP address. If you use the IP address of the ELB, you can determine if there is an intermediate firewall blocker between your workstation and the ELB. The AWS Security Groups could be configured to block connectivity from one workstation.

Possible solution #3
Create a Route 53 record for the FQDN. If you need to find the IP address, use "traceroute" from the EC-2 instance. Alternatively you could use nslookup FQDNofELB where FQDNofELB is the FQDN of the load balancer.

Possible solution #4
For the clients that need access, update the local hosts file so it maps the FQDN to the IP address.

Possible solution #5
Wait. If you wait 30 minutes, public DNS servers can update on their own. We have found newly-created ELBs to work immediately. In some cases it may not be Amazon's fault, but the routing tables don't update for the ELB's DNS name that does not resemble an FQDN of a server's name; ELBs have both types of names (one that is a longer alphanumeric string and a second one that resembles the IP address but looks more like an FQDN of a server) and an external IP address.

Possible solution #6
Supposedly this works:

'Use an A record rather than a CNAME in Route53.

In the AWS Management Console, choose "A record" and then move the radio button labeled "Alias" to "Yes." Then select your ELB from the dropdown menu.' It was taken from

Possible solution #7
Was the ELB recently deleted? If you run a kubectl command to get the ELB, but the ELB was recently deleted via the web console, it will not work. Try running commands like these to verify you copied the correct ELB:

aws elb describe-load-balancers | grep -i dnsname
aws elbv2 describe-load-balancers | grep -i dnsname

Leave a comment

Your email address will not be published. Required fields are marked *