I am trying to wrap my head around AWS' application load balancer. I have a slightly complicated situation where I am running an ec2 instance with a nodejs server that I ultimately only want accessible for https only. So initially I setup a listener on 443 that has a health check on port 443, and forwards to a group that has my ec2 instance as a target.
I have a chef cookbook that automates setting the box up, setting up my nodejs server, and lastly, acquiring / setting up an SSL certificate (using acmetool). In order for that to work, the box needs ports 402, 4402, and 80 open.
So in order to get this working it appeared I needed listeners for 402, 4402, and 80, and then--- that required making individual groups with each of those ports? (this is where I started getting confused).. and then each of those groups have their own health check--- so then I realized, well I can't have my health check on port 443 if I am initially not going to have an SSL certificate... So that caused me to create yet another listener and group on port 12345, and then making my nodejs server respond to the health check on 12345... Which seemed weird because I am basically running two nodejs servers, one in 12345 JUST for a health check, and the other on 443 for my real app.
I had to use 12345 because acmetool has a "redirect" daemon which listens on port 80 and redirects all requests to 443, except for requests it gets for its SSL challenges that it does to issue/renew a cert.
So... my issue is, it seems to me like I have all these groups which all have now an identical health check endpoint on port 12345... Which feels super inefficient, as I can only assume this means the load balancer is going to ping that same endpoint n times, one for each group. Which made me think I must be doing this all wrong.