How to handle network load balancer health checks when using dynamic ports with UDP traffic?

There are a couple ways to handle Network Load Balancer (NLB) health checks when using dynamic ports for UDP traffic:

1. Use TCP health checks on the NLB and have the application respond to TCP probes on the same port as the UDP traffic.

The NLB will send TCP health checks to the mapped dynamic port. As long as your application handles and responds to those TCP probes, the NLB will consider the target healthy. The downside is your app needs to support TCP in addition to UDP on that port.

2. Use a secondary "health check" port mapped to the container.

For example, map UDP traffic on dynamic port 0. Have a second static mapping from the host (port 1024) to the container (port 80). Configure the NLB health check to use HTTP/TCP on host port 1024. Your application would need to handle HTTP GET requests on port 80.

3. Disable NLB health checks and implement health checks in the application

Since NLB health checks are limited for UDP, you can disable them on the load balancer. Implement health checking logic in the application itself, and have the ECS service scheduler replace any unhealthy tasks.

Overall, options #1 or #2 are best to leverage the NLB health checks. But #3 is a viable alternative if needing only UDP. The important thing is ensuring the NLB has a way to assess the health of the targets to route traffic appropriately