- Newest
- Most votes
- Most comments
My customer is interested in monitoring and creating alerts for private-zone Route53 health checks. Their goal is to verify that internal DNS resolution remains available and working in AWS.
I think you perhaps misunderstand what Route 53 Health Checks are for. They do not verify that DNS resolution is available. They verify that tcp/http/https endpoints (usually IPs) are answering. In many cases, this allows Route 53 DNS records to be dynamically updated to include health endpoints only.
Is there a way to monitor Private-Zone Route53 health checks?
Health checks do not monitor DNS zones, they monitor tcp/http/https service endpoints.
If you mean to ask "is there is a way to health check endpoints privately inside a VPC?", the answer is "not directly today, but there are workarounds". Some customers do this by giving their VPC service a public IP and restricting connectivity to it exclusively to the health checker's public IPs (which are published). You can then use that health check to dynamically update a DNS entry in a private hosted zone.
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-route53-healthcheck.html
"Route 53 health checkers are outside the VPC. To check the health of an endpoint within a VPC by IP address, you must assign a public IP address to the instance in the VPC."
There are other ways this can be done indirectly also, e.g.:
All health checks get CloudWatch metrics, so you can set alarms on them.
Does the SLA below include private-zone Route53 as well? https://aws.amazon.com/route53/sla/
The SLA explicitly includes Private DNS. "This Amazon Route 53 Service Level Agreement (“SLA”) is a policy governing the use of Amazon Route 53 (including Private DNS) "
Relevant content
- Accepted Answerasked 2 years ago
- asked 3 months ago
- asked 2 years ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated a year ago
Is private zone health-checks a feature being developed for the future?
I failed to create the stack because failure to access the lambda code on S3. Any idea? Thanks.