I am exploring AWS with my own project. I am trying to secure my microservices with the use of private subnets and proper security groups configurations.

1. Is the following AWS design feasible? API Gateway (single public entry) - > Private Link -> NLB (Private subnet) -> ALB (private subnet) -> ECS cluster

2. Additionally, I am running into connection issues with the above design. The ALB is showing unhealthy checks. I have set the following:

• ALB, NLB and ECS are all in the same vpc and private subnet
• ALB inbound and outbound is set to all
• ECS security group is allows inbound from the ALB

How should I configure this and is the AWS infra feasible? Do share!