Home > Enterprise >  Target group constantly fails health check on port 80 and launches new instances when using dynamic
Target group constantly fails health check on port 80 and launches new instances when using dynamic

Time:11-27

I have an ECS cluster and an Application load balancer. I have setup dynamic port mapping for Amazon ECS following enter image description here

Because of that, the Autoscaling group that I have constantly spun up new EC2 instances and terminates existing ones

enter image description here

Bellow are my Tarraform config file that creates the ALB, listener and target_group:

resource "aws_alb" "default" {
  name               = "${var.app_name}-${var.app_environment}-alb"
  load_balancer_type = "application"
  internal           = true
  subnets         = var.loadbalancer_subnets
  security_groups = [aws_security_group.load_balancer_security_group.id]
}

resource "aws_lb_listener" "default" {
  load_balancer_arn = aws_alb.default.arn
  port              = "80"
  protocol          = "HTTP"

  default_action {
    type             = "forward"
    target_group_arn = aws_lb_target_group.default.arn
  }
}

resource "aws_lb_target_group" "default" {
  name_prefix = "rushmo"
  port        = 80
  protocol    = "HTTP"
  vpc_id      = var.vpc_id
  target_type = "instance"

  health_check {
    healthy_threshold   = "2"
    unhealthy_threshold = "5"
    interval            = "300"
    port                = "traffic-port"
    path                = "/"
    protocol            = "HTTP"
    matcher             = "200,301,302"
  }

}

resource "aws_autoscaling_group" "default" {
  name             = "${var.app_name}-${var.app_environment}-ASG"
  desired_capacity = 1
  health_check_type         = "ELB"
  health_check_grace_period = 600 # 10 min
  launch_configuration      = aws_launch_configuration.default.name
  max_size                  = 1
  min_size                  = 1

  target_group_arns    = [aws_lb_target_group.default.arn]
  termination_policies = ["OldestInstance"]

  vpc_zone_identifier = var.application_subnets
  protect_from_scale_in = true
}

Note: If I manually deregister the target on port 80 from the Target group the problem with the constant termination and launching of new instances is solved but I don't understand what I have done wrong and why this port 80 shows up as a registered target and not only the ephemeral port range

CodePudding user response:

I think the issue is due to:

health_check_type         = "ELB"

This makes ASG to use ALB's health checks on port 80 of your instances. However, since you are using ECS, the health checks should be only used for your containers, not the instances themself. Thus it should be:

health_check_type         = "EC2"
  • Related