AWS Route 53 Health Check Configuration Issues

Possible Reasons for Continuously Failing Health Checks

Prev Question Next Question

Question

You've currently configured health checks in Route 53

These health checks are being used for 2 of your on-premises web servers.

The health checks are not working as desired.

The health checks are continually failing.

Which of the following could be a possible reason?

Answers

A. Ensure that the Security groups on the Instances are allowing Inbound Traffic.

B. Ensure that the NACLs on the Subnets are allowing Inbound Traffic.

C. Ensure that the Firewall on your On-premises environment is allowing Inbound Traffic.

D. This is not possible. You cannot enable health checks for non-AWS resources.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer - C.

The AWS Documentation mentions the following.

When Route 53 checks the health of an endpoint, it sends an HTTP, HTTPS, or TCP request to the IP address and port that you specified when you created the health check.

For a health check to succeed, your router and firewall rules must allow inbound traffic from the IP addresses that the Route 53 health checkers use.

Options A and B are invalid because the health checks are not being configured for EC2 Instances.

Option D is incorrect because it is possible to use AWS Route 53 for monitoring non-AWS resources.

For more information on Route 53 health checks, please refer to the below URL.

https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-router-firewall-rules.html

The answer to this question is (C): Ensure that the Firewall on your On-premises environment is allowing Inbound Traffic.

When using Route 53 health checks to monitor the health of on-premises resources, it is important to ensure that the on-premises environment allows inbound traffic from the Route 53 health checker IP addresses. By default, the health checkers send traffic over port 80 (HTTP) or port 443 (HTTPS) to check the health of the resource.

If the health checks are continually failing, it is likely that the on-premises environment is not allowing inbound traffic from the Route 53 health checker IP addresses. This can be due to a variety of reasons, such as a misconfigured firewall or security group.

To troubleshoot this issue, you should verify that the firewall on the on-premises environment is allowing inbound traffic from the Route 53 health checker IP addresses. You can find the list of Route 53 health checker IP addresses in the Route 53 documentation.

Additionally, you may want to verify that the on-premises resources are properly configured to respond to the health check requests. This can include verifying that the web server is running, that the correct port is open, and that the response from the web server is properly formatted.

In summary, when using Route 53 health checks to monitor the health of on-premises resources, it is important to ensure that the on-premises environment allows inbound traffic from the Route 53 health checker IP addresses. If the health checks are failing, it is likely due to a misconfigured firewall or security group.

Prev Question Next Question