Why is AWS Global Accelerator failing health checks with endpoints?
I want to know why the endpoints registered to my AWS Global Accelerator aren't healthy.
Short description
For Standard Accelerators, AWS Global Accelerator automatically checks the health of the endpoints that are associated with your static IP addresses. It then directs the user traffic only to healthy endpoints.
Global Accelerator supports four types of endpoints for Standard Accelerators: Amazon Elastic Compute Cloud (EC2) Instance, Elastic IP address, the Application Load Balancer, and the Network Load Balancer.
You can specify health check options in Global Accelerator when configuring your endpoints. However, the accelerator uses this configuration only for EC2 and Elastic IP endpoint types. For the Application Load Balancer and the Network Load Balancer endpoints, Global Accelerator reuses the already-configured health checks associated with those endpoints.
However, health checks might fail for the different endpoint types supported by Global Accelerator. To resolve these failures, review these solutions.
Resolution
Identify your endpoint type. Then, follow the steps in that section to review the health check status.
Endpoint type: EC2 Instance or Elastic IP address
1. Log in to the Global Accelerator console.
2. Choose an accelerator for a health check from the list of accelerators.
3. Under Listeners, choose the listener that you want to review.
4. Under Endpoint groups, open the health check details.
5. Review these health check details: the path, the port, and the protocol associated with the endpoint group.
6. Locate the section labeled Endpoints. This section shows whether the endpoint passed or failed the health check. The section flags a failed health check status.
7. If the endpoint health check failed, then make sure the Firewall, Security Groups (SG), and Network Access Control List (NACL) have access to the Amazon Route 53 health checker IP addresses and the appropriate health check port.
Global Accelerator requires that your router and firewall rules allow inbound traffic from the IP addresses associated with Route 53 health checkers. This lets the accelerator complete the health checks for the EC2 Instance or the Elastic IP address endpoints. The health check fails if the port or the IP addresses are blocked. The accelerator reports these endpoints as unhealthy. For more information about approved IP addresses, see IP address ranges of Amazon Route 53 servers.
8. Make sure you have a TCP, HTTP, or HTTPS server at your endpoint for health checks, irrespective of UDP or TCP listeners. Then, follow these steps:
- Check whether the application is listening on the required port and IP address (for health check ports and application ports) using the netstat command. If the application isn't listening on the IP address and port, then configure your application and make sure that it's working locally on the instance.
On Windows: netstat -ano | findstr endpoint_IP_address:port On Linux: netstat -anp | grep endpoint_IP_address:port
Note: Replace endpoint_IP_address:port with your endpoint's IP address and port number.
- Use these tools to check the connectivity to the endpoints on the health check ports. The tests must be successful without any errors on all endpoints and target application instances. Make sure that the application can accept the configured health check requests according to these settings:
- For TCP health checks: telnet endpoint_IP_address health_check_port
- For HTTP health checks: curl -vko /dev/null http://endpoint_IP_address:port
- For HTTPS health checks: curl -vko /dev/null https://endpoint_IP_address:port
Note: Replace endpoint_IP_address with your endpoint's IP address and health_check_port with the associated port number.
Endpoint type: Application Load Balancer or Network Load Balancer
If the endpoint type is an Application Load Balancer or a Network Load Balancer, then Global Accelerator uses the load balancer's health check information to determine the health of the endpoints. There are a few unique considerations for how Global Accelerator calculates health for these endpoints:
Application Load Balancer considerations
1. All target groups in your Application Load Balancer must be healthy for Global Accelerator to consider the load balancer healthy. For more information on how to configure the target group in the Application Load Balancer, see Target group health.
2. If ALL target groups are empty, then Global Accelerator considers the Application Load Balancer unhealthy.
Network Load Balancer considerations
1. All target groups in your Network Load Balancer must be healthy for Global Accelerator to consider the load balancer healthy. For more information on how to configure the target group in the Network Load Balancer, see Target group health.
2. If ANY single target group is empty, then Global Accelerator considers the Network Load Balancer unhealthy.
Refer to the following articles if the Elastic Load Balancing (ELB) target groups are reporting unhealthy results:
- See How do I troubleshoot and fix failing health checks for Application Load Balancers? to make sure that the Application Load Balancer's targets are healthy.
- See Troubleshoot Your Network Load Balancer to make sure that the Network Load Balancer's targets are healthy.
Related information
Relevant content
- asked 4 months ago
- asked 2 years ago
- asked a day ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated a year ago
