I am deploying AutoScalingGroup with EC2 using AMAZON Linux image, and install httpd on that. But it return 403 when we send curl on http://localhost

sh-4.2$ curl http://localhost -I
HTTP/1.1 403 Forbidden
Date: Thu, 16 May 2024 04:12:52 GMT
Server: Apache/2.4.59 ()
Upgrade: h2,h2c
Connection: Upgrade
Last-Modified: Mon, 22 Apr 2024 13:06:15 GMT
ETag: "e2e-616af1a347fc0"
Accept-Ranges: bytes
Content-Length: 3630
Content-Type: text/html; charset=UTF-8

I deployed this stack using AWS CDK and code is as below.

from aws_cdk import (
    # Duration,
    Stack,
    CfnOutput,
    aws_ec2 as _ec2,
    aws_iam as _iam,
    aws_autoscaling as _autoscaling,
    aws_elasticloadbalancingv2 as _elbv2,
    # aws_sqs as sqs,
)
from constructs import Construct

class WebServerStack(Stack):

    def __init__(self, scope: Construct, construct_id: str, vpc, **kwargs) -> None:
        super().__init__(scope, construct_id, **kwargs)

        # Read bootstrap script 
        with open("bootstrap_scripts/install_httpd.sh",
                  mode="r") as fp:
            user_data = fp.read()

        # Get latest ami
        amzn_linux_ami = _ec2.AmazonLinuxImage(
            generation=_ec2.AmazonLinuxGeneration.AMAZON_LINUX_2,
            edition=_ec2.AmazonLinuxEdition.STANDARD,
            storage=_ec2.AmazonLinuxStorage.GENERAL_PURPOSE,
            virtualization=_ec2.AmazonLinuxVirt.HVM,
        )

        # Create Application load balancer
        alb = _elbv2.ApplicationLoadBalancer(
            self,
            "myAlbId",
            vpc=vpc,
            internet_facing=True,
            load_balancer_name="WebServerAlb",
        )

        # Allow from internet
        alb.connections.allow_from_any_ipv4(
            _ec2.Port.tcp(80),
            description="Allow Internet access on ALB Port 80",
        )

        # Add listener to ALB
        listener = alb.add_listener("listenerId",
                                    port=80,
                                    open=True)

        # Webserver IAM role
        web_server_role = _iam.Role(
            self,
            "webServerRoleId",
            assumed_by=_iam.ServicePrincipal("ec2.amazonaws.com"),
            managed_policies=[
                _iam.ManagedPolicy.from_aws_managed_policy_name(
                    'AmazonSSMManagedInstanceCore'
                ),
                _iam.ManagedPolicy.from_aws_managed_policy_name(
                    'AmazonS3ReadOnlyAccess'
                ),
            ]
        )

        # Create AutoScaling Group with 2 EC2 Instances
        web_server_asg = _autoscaling.AutoScalingGroup(
            self,
            "webServerAsgId",
            vpc=vpc,
            vpc_subnets=_ec2.SubnetSelection(
                subnet_type=_ec2.SubnetType.PRIVATE_WITH_EGRESS,
            ),
            instance_type=_ec2.InstanceType(
                instance_type_identifier="t2.micro"
            ),
            machine_image=amzn_linux_ami,
            role=web_server_role,
            min_capacity=2,
            max_capacity=2,
            # desired_capacity=2,
            user_data=_ec2.UserData.custom(
                user_data
            )
        )

        # Allow ASG Security Group receive traffic from ALB
        web_server_asg.connections.allow_from(
            alb,
            _ec2.Port.tcp(80),
            description="Allow ASG Security Group receive traffic from ALB"
        )

        listener.add_targets(
            "listenerId",
            port=80,
            targets=[web_server_asg]
        )

        # Output of the ALB Domain Name
        output_alb_1 = CfnOutput(
            self,
            "albDomainName",
            value=f"http://{alb.load_balancer_dns_name}",
            description="Web Server ALB Domain Name"
        )

the install_httpd.sh file has below content

bootstrap_scripts/install_httpd.sh

#!/bin/bash
sudo yum install -y httpd
sudo chkconfig httpd on
sudo service httpd start

nothing fancy in it, but still not sure why it return 403 ?