Health check at NLB level for a Fargate Service
I have a service using ECS Fargate behind an NLB, which runs my application at port 8443. The NLB target group health check shows the following settings (default for TCP health check).
Protocol TCP Port. Traffic port Healthy threshold 3 consecutive health check successes Unhealthy threshold 3 consecutive health check failures Timeout. 10 seconds Interval 30 seconds
The NLB target group also has the default target deregistration time of 60 seconds.
With this, I wanted to understand the difference between the active health check and the passive health check done by the NLB for its targets.
My understanding is that the above health check configuration is for the active health check. Would there also be a default passive health check in an NLB which responds to failed responses from the target?
Further, i can see that the moment i stop my Fargate task, even in the absence of any traffic, the target(ECS IP) begins deregistration. There seems to be no 30 second time gap (active health check interval as above). The metric (healthy host as 1) stops getting published. Is this thus somehow configured in the NLB to get notified about terminating Fargate tasks?
Finally, I wanted to understand how good is the NLB healthy task count metric to monitor my Fargate application. I was thinking that it is the best metric since it does a TCP ping at the port level (8443 port in my case) thus ensuring that the monitoring is done at the port (application) level as well as the task level.
As you described, the NLB with TCP healthcheck is basically just going to open a TCP connection on the target + port, and report it healthy if it can open the TCP session. There is no notion of passive healthcheck, it is all actively opening connections to targets to evaluate their health.
The way the ECS Task (container(s)) gets added to the Target Group "targets", is that after your container is up, ECS will go ahead and attach the container as a target to aforementioned Target Group. Then the health check starts.
If you stop the fargate task, then ECS will remove it from the Target Group (and therefore from the Listener Rule and therefore from the NLB (or ALB)).
The healthy hosts metric indeed is a good indicator of whether your targets are healthy or not.
If you want an end-to-end demo with NLB + ACM (so, using TLS at the NLB) and Fargate, have a look at this (part 2 is in the writing).
Hope this helps,
NLB doesn't send traffic to new healthy Fargate tasksasked 7 months ago
Load Balancer [NLB] - Listeners - Inconsistentasked 5 months ago
identical nlbs, one has intermittent health check failuresasked 6 months ago
Health check at NLB level for a Fargate Serviceasked 20 days ago
nginx with NLB - health check succeeds, nginx is not responsiveAccepted Answerasked 2 years ago
Health check on custom port number fails.asked a year ago
NLB-ECS Health CheckAccepted Answerasked a year ago
Health checks when using ALB as target of NLBasked 5 months ago
TCP health check with NLBasked 3 months ago
Aws ecs task failed ELB health checkasked 2 months ago