AWS ALB health checks fail when service mesh with transparency proxy is enabled


I am using consul-terraform-sync to dynamically update target groups that are connected to an AWS ALB.

To do that I start my pods with the connect-inject annotation.

My problem is when transparency proxy is enabled, the target group health check does not work. does not matter if I have an explicit deny intention or not.
If I disable the transparency proxy everything works great.

I saw the annotation “” which can help, but what do I do if the ALB and pods are in the same network?

I can add the ALB ip addresses with /32 but it autoscales and can add new IPs.

Is there any workaround for such scenarios?