The health check in my target group fails after I switched my load balancer type from "application" to "network". I need to use the network load balancer in order to do a vpc link in api gateway. I attached a security group to my ALB but this is no longer needed for the NLB.
I understand the the NLB operates on Layer 4. My ALB listened for HTTPS on port 443 and the target group HTTP on port 80. Now, my NLB listens for TCP on port 80 and the target group TCP on port 80.
If I alter the security group attached to my EC2 instances and allow All TCP traffic from anywhere then the health check starts passing again. But, I don't want to allow traffic from anywhere. I also tried setting source to my vpc security group, but this did not work either.
Therefore, I am not sure what I should be setting source to in my security group. In my security group, is there a way I can restrict All TCP to just internal traffic? Does the NLB do something different to ALB which might be causing my health check to fail?
