Ensure AWS HTTP and HTTPS target groups define health check
Error: AWS HTTP and HTTPS target groups do not define health check
Bridgecrew Policy ID: BC_AWS_GENERAL_177
Checkov Check ID: CKV_AWS_261
Severity: LOW
AWS HTTP and HTTPS target groups do not define health check
Description
Health checks ensure that a target is reachable before sending traffic from a load balancer to the endpoint. This is a best practice compared to blindly sending traffic to what can be unhealthy targets.
Fix - Runtime
The way you enable health checks varies by the endpoint. If you are using an autoscaling group:
- Go to the EC2 console and select Auto Scaling Groups
- Select the check box next to an existing group
- On the Details tab, choose Health checks and Edit
- Select your health check type
- Add a Health check grace period
- Select update
Or for the load balancer:
- Open the Amazon EC2 console
- Under Load Balancing, select Load Balancers
- Select your load balancer
- On the Health Check tab, choose Edit Health Check
- On the Configure Health Check page, configure your health check
- Select Save
Fix - Buildtime
- Resource: aws_lb_target_group, aws_alb_target_group
- Argument: health_check
resource "aws_alb_target_group" "example" {
name = "target-group-1"
port = 80
protocol = "HTTP"
+ health_check {
+ path = "/api/1/resolve/default?path=/service/my-service"
+ ...
+ matcher = "200" # has to be HTTP 200 or fails
+ }
}
Updated about 1 year ago