OPA Istio setup on EKS returns 503 Error with loadbalance setup

Question

I am trying to setup OPA with Istio on EKS Cluster. Here is the tutorial that I am following:

https://www.openpolicyagent.org/docs/latest/envoy-tutorial-istio/#5-exercise-the-opa-policy

Since I am setting up on EKS, I am having a Gateway setup as load balancer instead of using an External IP.

I am successfully able to access the apis when I am hitting them on LB URL but it returns 503 error when I apply below OPA configuration :

https://raw.githubusercontent.com/open-policy-agent/opa-envoy-plugin/main/examples/istio/quick_start.yaml

In my understanding the problem is with External Authorization Filter.

Here is the code for External Auth filter:

Spec:
  Config Patches:
    Apply To:  HTTP_FILTER
    Match:
      Context:  SIDECAR_INBOUND
      Listener:
        Filter Chain:
          Filter:
            Name:  envoy.filters.network.http_connection_manager
            Sub Filter:
              Name:  envoy.filters.http.router
    Patch:
      Operation:  INSERT_BEFORE
      Value:
        Name:  envoy.ext_authz
        typed_config:
          @type:  type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz
          grpc_service:
            google_grpc:
              stat_prefix:  ext_authz
              target_uri:   127.0.0.1:9191
          status_on_error:
            Code:                 ServiceUnavailable
          transport_api_version:  V3
          with_request_body:
            allow_partial_message:  true
            max_request_bytes:      8192
Events:                             <none>

Default target URI is set to 127.0.0.1:9191 where as the right value should be the Load Balancer URL?

Please let me know what is the right value to set.

Also does it need port changes to the config map opa-istio-config:

Name:         opa-istio-config
Namespace:    default
Labels:       <none>
Annotations:  <none>

Data
====
config.yaml:
----
plugins:
  envoy_ext_authz_grpc:
    addr: :9191
    path: istio/authz/allow
decision_logs:
  console: true


BinaryData
====

Events:  <none>

I tried to change both the filter and config map but I am still running in to 503 error.

Below is the error I see in Istio Gateway logs:

[2023-10-18T00:30:39.014Z] "HEAD /productpage HTTP/1.1" 503 URX via_upstream - "-" 0 0 629 628 "192.168.75.161" "curl/8.1.2" "8257571d-801b-96b6-af98-7fe8035fdf38" "<LB Host>.elb.amazonaws.com" "192.168.74.105:9080" outbound|9080||productpage.default.svc.cluster.local 192.168.81.173:40020 192.168.81.173:8080 192.168.75.161:65479 - -```

Looking forward to the guidance on setting up the tutorial on EKS. Please help.