Amazon web services 与运行fargate的ecs服务的负载平衡器连接（均在同一个专用子网中）超时

我有一个VPC，有4个子网，两个公用子网和两个专用子网（每个AZ有一个专用子网和一个公用子网）。我正在使用专用子网中的fargate任务启动ecs服务，并为ecs任务分配一个安全组，允许来自应用程序负载平衡器安全组的传入流量。负载平衡器属于内部类型，并在同一个专用子网中启动。我的cloudformation文件如下所示：

---
AWSTemplateFormatVersion: 2010-09-09
Description: ECS task some server

Parameters:
  VpcId:
    Type: String
  VpcCidr:
    Type: String
  SubnetIds:
    Type: CommaDelimitedList # private subnets
  Cluster:
    Type: String
  ServiceName:
    Type: String
  ContainerPort:
    Type: String

  # ENVIRONMENT VARS
  Image:
    Type: String
  DBUrl: 
    Type: String
  DBUser:
    Type: String
  DBPassword:
    Type: String
    NoEcho: true

Resources:
  LogGroup:
    Type: AWS::Logs::LogGroup
    Properties:
      LogGroupName: !Sub /ecs/${ServiceName}
      RetentionInDays: '1827' # 5 years

  ExecutionRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: !Sub ${ServiceName}-ExecutionRole
      AssumeRolePolicyDocument:
        Statement:
        - Effect: Allow
          Principal:
            Service:
              - ecs-tasks.amazonaws.com
          Action:
            - sts:AssumeRole
      Path: /
      Policies:
        - PolicyName: ECSTaskExecutionRolePolicy
          PolicyDocument:
            Statement:
            - Effect: Allow
              Action:
                # download images from ECR
                - ecr:GetAuthorizationToken
                - ecr:BatchCheckLayerAvailability
                - ecr:GetDownloadUrlForLayer
                - ecr:BatchGetImage

                # upload logs to CloudWatch
                - logs:CreateLogStream
                - logs:PutLogEvents
              Resource: '*'

  TaskRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: !Sub ${ServiceName}-TaskRole
      AssumeRolePolicyDocument:
        Statement:
        - Effect: Allow
          Principal:
            Service:
              - ecs-tasks.amazonaws.com
          Action:
            - sts:AssumeRole
      Path: /
      Policies:
        - PolicyName: ECSTaskRolePolicy
          PolicyDocument:
            Statement:
            - Effect: Allow
              Action:
                - appsync:GraphQL
              Resource:
                - '*'

  TaskDefinition: 
    Type: AWS::ECS::TaskDefinition
    DependsOn: 
      - LogGroup
    Properties:
      Family: !Ref ServiceName
      NetworkMode: awsvpc
      RequiresCompatibilities:
        - FARGATE

      Cpu: 1024 # .25 vCPU (256/512/1024/2048/4096)
      Memory: 8GB # (0.5GB/1GB/2GB/.../30GB)

      ExecutionRoleArn: !Ref ExecutionRole
      TaskRoleArn: !Ref TaskRole

      ContainerDefinitions:
        - Name: !Ref ServiceName
          Image: !Ref Image
          PortMappings:
          - ContainerPort: !Ref ContainerPort
          Environment:
          - Name: LOG_LEVEL
            Value: debug
          - Name: DBURL
            Value: !Sub jdbc:mysql://${DBUrl}:3306/db
          - Name: DBUSER
            Value: !Ref DBUser
          - Name: DBPASSWORD
            Value: !Ref DBPassword
          LogConfiguration:
            LogDriver: awslogs
            Options:
              awslogs-region: !Ref AWS::Region
              awslogs-group: !Ref LogGroup
              awslogs-stream-prefix: !Ref ServiceName

  LoadBalancerSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: !Sub ${ServiceName}-loadbalancer
      VpcId: !Ref VpcId
      SecurityGroupIngress:
      - IpProtocol: tcp
        FromPort: !Ref ContainerPort
        ToPort: !Ref ContainerPort
        CidrIp: !Ref VpcCidr

  ContainerSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: !Sub ${ServiceName}-container
      VpcId: !Ref VpcId
      SecurityGroupIngress:
      - IpProtocol: tcp
        SourceSecurityGroupId: !Ref LoadBalancerSecurityGroup
        FromPort: 0
        ToPort: 65535

  TargetGroup:
    Type: AWS::ElasticLoadBalancingV2::TargetGroup
    Properties:
      TargetType: ip
      Name: !Ref ServiceName
      Port: !Ref ContainerPort
      Protocol: HTTP
      VpcId: !Ref VpcId
      HealthCheckPath: /healthcheck
      HealthCheckProtocol: HTTP

  LoadBalancer:
    Type: AWS::ElasticLoadBalancingV2::LoadBalancer
    Properties:
      Type: application
      IpAddressType: ipv4
      Scheme: internal
      Subnets: !Ref SubnetIds
      SecurityGroups: 
        - !Ref LoadBalancerSecurityGroup

  Listener:
    Type: AWS::ElasticLoadBalancingV2::Listener
    Properties:
      DefaultActions:
        - TargetGroupArn: !Ref TargetGroup
          Type: forward
      LoadBalancerArn: !Ref LoadBalancer
      Port: !Ref ContainerPort
      Protocol: HTTP

  Service:
    Type: AWS::ECS::Service
    DependsOn: Listener
    Properties:
      ServiceName: !Ref ServiceName
      Cluster: !Ref Cluster
      TaskDefinition: !Ref TaskDefinition
      DesiredCount: 1
      LaunchType: FARGATE
      NetworkConfiguration:
        AwsvpcConfiguration:
          Subnets: !Ref SubnetIds
          SecurityGroups:
            - !Ref ContainerSecurityGroup
      LoadBalancers:
        - ContainerName: !Ref ServiceName
          ContainerPort: !Ref ContainerPort
          TargetGroupArn: !Ref TargetGroup

Outputs:
  LoadBalancerArn:
    Value: !Ref LoadBalancer
  LoadBalancerDNS:
    Value: !GetAtt LoadBalancer.DNSName
  LoadbalancerName:
    Value: !GetAtt LoadBalancer.LoadBalancerName

---

healthcheck url肯定是正确的，它与容器位于同一端口上，并返回200状态代码。但由于某些原因，负载平衡器目标一直超时，我可能在这里遗漏了一些东西。任何帮助都将不胜感激

您是否在

AWS:：ECS:：Service

中尝试了

healthcheckgraceperiods

的

300

？这可能是因为你的任务需要一些时间来保持健康。哦，天哪，就是这样！万分感谢，我快疯了哈哈！您是否在

AWS:：ECS:：Service

中尝试了

healthcheckgraceperiods

的

300

？这可能是因为你的任务需要一些时间来保持健康。哦，天哪，就是这样！万分感谢，我快疯了哈哈！