Why do EC2 instances need a public IP when placed in front of an ALB?

Question

As I have been researching, there are two ways of placing EC2 instances in front of ALBs in a given availability zone:

1. Placing them in the same public subnets referenced by ALB in that availability zone + giving them a public IP

2. Placing them in private subnets + creating a NAT Gateway a public subnet referenced by ALB in that availability zone

I would like to be able to place ALBs in front of EC2 instances without public IP, for example, an EC2 instance without a public IP in a public subnet referenced by an ALB

When I try to do this the ALB says my EC2 instance is unhealthy, but when I give the intance a public IP the ALB almost instantly says its healthy

Why is this the case? This does not seem to be addressed until now in stack overflow (this seem to be the only answer until now)

Answer 1

When ALB says ec2 instance is unhealthy it means either of the two:-

1. the configuration of the health check needs to be checked the port number, protocol, and the path.

2. Second you don't need to assign private IP without public ip to your ec2 instance behind ALB because Ec2 instance security group should be configured to allow inbound connection from ALB security group called as referencing security group which means ec2 instance will not accept connections others than ALB.

Hence You wont need to assign private ip to your ec2 instance because if you try to access your instance by its public ip it wont respond.