13

I created a load balancer and assigned it one of the running EC2 instance. After creation, I navigated to Target Group section in the AWS Console under Load Balancing and when I selected the target group that was assigned to the load balancer, it shows registered instance status as "Unhealthy" and there was a message above registered instance pane that says "None of these Availability Zones contains a healthy target. Requests are being routed to all targets". While creating the load balancer, I selected all the subnets (availability zones). settings I used for health check are mentioned below,

  • Protocol: HTTP
  • Path: /healthcheck.html
  • Port: traffic port
  • Healthy threshold: 3
  • Unhealthy threshold: 2
  • Timeout: 5
  • Interval: 10
  • Success codes: 200

So why does my registered instance status as "Unhealthy" and how can I rectify/resolve that to change the status to "In-service"?

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
Awadhesh Kumar
  • 380
  • 2
  • 4
  • 14
  • Check if the security group mapped to your EC2 Instance is configured to accept traffic from your ELB. – Rajesh Dec 12 '17 at 11:30

3 Answers3

20

Unhealthy indicates that the health check is failing for the instance.

Things to check:

  • Check that the instance is running a web server
  • Check that the web page at healthcheck.html responds with a valid 200 response
  • Check that instance has a security group that permits access on Port 80 (HTTP)
John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
  • 1
    The fourth item is not required. Amazon load balancers support EC2 instances in private subnets. This is my preferred place for web sites behind load balancers. – John Hanley Dec 12 '17 at 06:51
  • But will the Health Check work when the instance is in a private subnet? If so, then you are quite correct. Updated! – John Rotenstein Dec 12 '17 at 06:52
  • 1
    Private subnets will not affect ELB health checks as the load balancers are actually in the VPC in public subnets for externally facing load balancers. – John Hanley Dec 12 '17 at 06:56
  • @SathishJayapal Please create a new Question rather than asking a question in a comment on an old question. – John Rotenstein Jul 05 '18 at 11:48
  • 2
    Anything else to check? My ec2 instance is running a Web server that yields 200 for all pages downloaded when going directly to it from the Internet. The SG is open to everything on Port 80 plus All Traffic and the Source for that is the ELB SG. Still unhealthy. – Preston Aug 07 '18 at 21:04
  • @Preston Please create a new Question rather than asking a question in a comment on an old question. – John Rotenstein Aug 07 '18 at 22:42
  • is there a way to get email notification when the target groups turn healthy – kRazzy R Oct 16 '18 at 21:28
  • @kRazzyR Yes: [CloudWatch Metrics for Your Application Load Balancer - Elastic Load Balancing](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-cloudwatch-metrics.html) Create an Alarm on the Healthy metrics, configure it to send notifications. – John Rotenstein Oct 16 '18 at 21:46
2

In my case health check configuration on ALB is / with https.

I resolved with below steps.

  1. Check the security groups - whether we have opened the required ports from ALB SG to EC2 SG.

  2. Login to server and check does IIS server's default site has 443 port opened if your health-check is on 443. (whatever port you are using for health checks).

Use the curl command to troubleshoot the issue.

  1. If you would like to check on HTTPS use the below command to check the response. Use -k or --insecure to ignore the SSL issue.

    curl https://[serverIP] -k

  2. For HTTP test use the below command.

    curl http://[serverIP]

Aditya Y
  • 651
  • 6
  • 12
0

If you are sharing the load balancer among several EC2 instances that run similar services, make sure each of your services run in a different port otherwise your service won't be reachable and therefore your health check won't pass

Miguel Suarez Peleteiro
  • 167
  • 10