How to alert on ECS Task Health status

Good day,

Thank you for contacting AWS Premium Support.

From the correspondence, it is my understanding that you need guidance on how to configure CloudWatch alarms for tasks that have been configured for health checks.

You have to ensure that the task configuration is enabled for sending logs to CloudWatch. The latter configuration is a bit different for Fargate and EC2 launch types.

For Fargate, it is important to enable awslogs by adding the logConfiguration in the task configuration. Please see the document below for a detail example on how to enable log configurations:

[+] Specifying a log configuration in your task definition: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_awslogs.html#specify-log-config

For tasks using the EC2 launch type, after your container instance role has the proper permissions to send logs to CloudWatch Logs, your container agents are updated to at least version 1.9.0, and you have configured and started a task with containers that use the awslogs log driver, your configured containers should be sending their log data to CloudWatch Logs

<h2>To view your CloudWatch Logs data for a container from the Amazon ECS console<h2>

1. Open the Amazon ECS console at https://console.aws.amazon.com/ecs/ LNK.
2. On the Clusters page, select the cluster that contains the task to view.
3. On the Cluster: cluster_name page, choose Tasks and select the task to view.
4. On the Task: task_id page, expand the container view by choosing the arrow to the left of the container name.
5. In the Log Configuration section, choose View logs in CloudWatch, which opens the associated log stream in the CloudWatch console.

[+] Viewing awslogs container logs in CloudWatch Logs: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_awslogs.html#viewing_awslogs

Once the container is sending logs to the correct log group, you are ready to create alerts. Please use the document below to guide you on how to set up CloudWatch alarm based on a log group-metric filters.

[+] Creating a CloudWatch alarm based on a log group-metric filter: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Create_alarm_log_group_metric_filter.html

<h2>Container Insight</h2> You can also set up custom alerts for your ECS tasks by using Container Insights, a feature that aggregates metrics from tasks and containers alike and sends them to CloudWatch as well. CloudWatch automatically collects metrics for many resources, such as CPU, memory, disk, and network. Container Insights also provides diagnostic information, such as container restart failures, to help you isolate issues and resolve them quickly. You can also set CloudWatch alarms on metrics that Container Insights collects. Please review the document below for an example of how to set up alarms using metrics collected by Container Insight on CloudWatch:

[+] Setup alarms on CloudWatch Metrics: https://ecsworkshop.com/monitoring/container_insights/setupalarm/

I trust this correspondence proves useful. Should you have any other questions or need additional clarification, please feel free to get back to us and we will be happy to assist you. Do have a pleasant rest of your day.

You can set up a CloudWatch alarm for your ECS task health check by following these steps:

1. Open the CloudWatch console and navigate to the Alarms page.
2. Click the Create alarm button.
3. In the Select metric section, choose the ECS > Per-Container Metrics > TaskName metric.
4. Select the ClusterName and ServiceName dimensions that correspond to your ECS task.
5. Under Conditions, select the Specific metric option and choose the HealthStatus metric.
6. Choose the threshold and duration that you want to trigger the alarm.
7. Under Actions, choose the SNS topic or Lambda function that you want to notify when the alarm is triggered.
8. Give your alarm a name and click Create alarm.

This will create a CloudWatch alarm that monitors the health status of your ECS task's health check and triggers an alert when the threshold is exceeded for the specified duration.

Note that you may need to adjust the health check command in your task definition to ensure that it returns a non-zero exit code when the health check fails, in order for the CloudWatch alarm to accurately reflect the health of your container.