ALB is failing and killing the Fargate service task stating it's unhealthy
I have deployed a Fargate service for my app and attached ALB to it ,it's giving an health status as unhealthy and killing the task and restarting the task. It's throwing below error -
service myapp-service port 8080 is unhealthy in target-group MyServiceTargetGroup due to (reason Health checks failed with these codes: [404]).
In my security group settings i have allowed all traffic for port 8080 My sample app path when i run in local is - http://000.00.0.00:8080/myapp
Below is the cloudformation template i used for deployment
Resources:
Cluster:
Type: AWS::ECS::Cluster
Properties:
ClusterName: !Join ['', [!Ref ServiceName, Cluster]]
TaskDefinition:
Type: AWS::ECS::TaskDefinition
Properties:
NetworkMode: awsvpc
RequiresCompatibilities:
- FARGATE
Cpu: '4096'
Memory: '16384'
ExecutionRoleArn: !GetAtt ExecutionRole.Arn
TaskRoleArn: !GetAtt TaskRole.Arn
ContainerDefinitions:
- Name: !Ref ServiceName
Image: !Ref Image
PortMappings:
- ContainerPort: !Ref ContainerPort
Essential: true
EphemeralStorage:
SizeInGiB: 150
ExecutionRole:
Type: AWS::IAM::Role
Properties:
RoleName: myappExecutionRole
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service: ecs-tasks.amazonaws.com
Action: 'sts:AssumeRole'
ManagedPolicyArns:
- 'arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy'
TaskRole:
Type: AWS::IAM::Role
Properties:
RoleName: myappTaskRole
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service: ecs-tasks.amazonaws.com
Action: 'sts:AssumeRole'
FargateService:
Type: AWS::ECS::Service
Properties:
Cluster: !Ref Cluster
LaunchType: FARGATE
ServiceName: mudetect-service
DesiredCount: 1
TaskDefinition: !Ref TaskDefinition
LoadBalancers:
- ContainerName: !Ref ServiceName
ContainerPort: !Ref ContainerPort
TargetGroupArn: !Ref TargetGroup
NetworkConfiguration:
AwsvpcConfiguration:
AssignPublicIp: ENABLED
SecurityGroups:
- !Ref SecurityGroup
Subnets:
- !Ref SubnetA
- !Ref SubnetB
DeploymentConfiguration:
MaximumPercent: 200
MinimumHealthyPercent: 100
DeploymentCircuitBreaker:
Enable: true
Rollback: true
LoadBalancer:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
Name: !Join ['', [!Ref ServiceName, LoadBalancer]]
Type: application
Subnets:
- !Ref SubnetA
- !Ref SubnetB
SecurityGroups:
- !Ref SecurityGroup
TargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
HealthCheckPath: /
Name: !Join ['', [!Ref ServiceName, TargetGroup]]
Port: !Ref ContainerPort
Protocol: HTTP
VpcId: !Ref VPC
HealthCheckProtocol: HTTP
TargetType: ip
LoadBalancerArns:
- !Ref LoadBalancer
Listener:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
DefaultActions:
- Type: forward
TargetGroupArn: !Ref TargetGroup
LoadBalancerArn: !Ref LoadBalancer
Port: 8080
Protocol: HTTP
- Newest
- Most votes
- Most comments
You can add 308 also in the success codes and change the path to /myapp. Glad to know it worked!
What is the reference to the container port in this case? What is the container port? Is it specifically 8080 because otherwise HTTP could be 80. Also, is the path /myapp or just /? Health check is set for /, do you have anything on / as well for port 8080?
For now, you can edit the allowed success codes in the health check to allow 200 and 404 both while this can be figured out. This option is available in the health check settings of the target group.
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/target-group-health-checks.html
Container port is 8080 and listener port is also 8080. The path is /myapp ,I don't have anything else running on port 8080 for'/'. Initially I gave the health check path as '/myapp' ,it was throwing 308 error (which is basically stating that it has been redirected to a new url).
For now the temporary fix you stated worked for me (adding the 404 success codes)
Relevant content
- asked 2 years ago
AWS OFFICIALUpdated a year ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 2 years ago
Thanks for the help !