Just lost two days of my life fighting this. I had an instance that I wanted to add HTTPS to. Created a load balancer, added the https listener, added a target group, added the instance to the target group. Created the whole thing. Added the new load balancer security group to the old instance group’s inbound list with port 80. Got HTTP 503 back.
Ran around in circles playing with security groups.
Finally looked at the target group. The instance was not there. Added it. Everything worked.
The hint was in the AWS docs if you get to the right place. It would be great if it were possible to search for AWS issues and be able to read something other than AWS docs.