Why the health checks cannot reach the target groups in an AWS ECS?

Question

This is the targets in my target group. They corresponds to the docker processes running in my ecs service.

As you can see all processes are marked as either draining or unhealthy.

Here is how I define my Health checks,

I have tried the health check url on a local docker process and the url works as expected.

The same log messages are not found incloud watch log. I presume the healthcheck url is not called at all.

Here is my container definition in my task

As you can see in the above screenshot, I have mapped port 0 to 8090. I believe it is how to enable dynamic mapping.

Also I have set the network mode to 'Bridge'

How can get the health check to work? I think currently it is the reason why I cannot reach the underlying docker processes.

score 2 · Accepted Answer · answered Aug 15 '17 at 06:29

It seems to be an issue with the default security group when I created the ecs cluster

The default SG is

So basically no traffic can reach the ec2 instance that hosts the docker process.

I added a very permissive security group and it is working and I can reach the healthcheck url

score 1 · Answer 2 · answered May 24 '20 at 03:49

1

In my case there was problem with health check. I added Success codes 200 but my services are secured and it returns 401 on health check.

I added 200,401,404 as health check success codes.

answered May 24 '20 at 03:49

DV Singh

2 Answers2