AWS: Target.FailedHealthChecks - Site always in "severe" state

Question

My Elastic Beanstalk application is in a constant severe state... even though it's working absolutely fine.

Looking at the Health screen it says that 100% of its requests are 3xx, and looking at the logs, this is apparently confirmed:

[29/Nov/2017:10:07:46 +0000] "GET / HTTP/1.1" 302 356 "-" "ELB-HealthChecker/2.0"

This makes perfect sense, as / will 302 Redirect you to the "login" page.

The thing is, I've told AWS to NOT use / when checking for health, but instead to use /news which should always return a 200, whether you're logged in or not:

I've tried changing the Health check URL to other suitable endpoints, and restarting the EC2 instance, but it always returns to checking / (according to the logs). I've given it 12 hours to see if it would change in time, too.

So why does it keep checking / and returning a severe state? What can I do to fix this? Is it a Security Group issue perhaps (even though the site is open to the public)?

Django Reinhardt · Accepted Answer · 2017-12-04T11:13:51.337

8

It seems the error was caused by a Heath Check for the Application Load Balancer, not the Elastic Beanstalk application. The ALB needs its target changing in a different place (see the documentation).

It was an easy fix once I knew that:

To modify the health check settings of a target group using the console

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

On the navigation pane, under LOAD BALANCING, choose Target Groups.

Select the target group.

On the Health checks tab, choose Edit.

On the Edit target group page, modify the settings as needed, and then choose Save.

edited Dec 04 '17 at 11:13

answered Nov 30 '17 at 16:26

Django Reinhardt

2,256
3
38
55

1

Yeah, the health check will consider any non-2XX error code to be a failure. – ceejayoz Nov 30 '17 at 16:55
Seems to me they consider any non 200 code to be a failure in fact. – Dan Feb 25 '19 at 01:28
@Dan No, that's not the case. – Django Reinhardt Feb 26 '19 at 10:56
By which I mean to say that it asks for a specific code... and if it doesn't match, then it's a failure. So if your health check code is 200 and your response code is 201 then voila. – Dan Feb 27 '19 at 08:38

score 0 · Answer 2 · answered Aug 08 '22 at 03:42

I was running a Django server in a multi-container Docker environment with Elastic Beanstalk on Amazon Linux 2 and was absolutely tearing my hair out over this problem. I thought it was a Nginx issue, but even with a running Nginx container it still wasn't fixed! So my app was accessible and running, but the status was severe and it only gave me a target mismatch error on the EB health dashboard...no code though! Using Django Reinhardt's answer, I found out that the error code was displayed in the target group section of the load balancer settings! Sure enough, I was getting 400 errors on the health checks.

Using this post, I learned that the health check occurs on a private AWS IP! If this IP is not in your ALLOWED_HOSTS, then it will give 400 errors! After testing with ALLOWED_HOSTS = ['*'] (don't do this in production!), the issue went away!

Not sure if a Nginx container is still necessary. Next steps are to dynamically add relevant AWS IP's to ALLOWED HOSTS (e.g. here)

AWS: Target.FailedHealthChecks - Site always in "severe" state

2 Answers2