Menu
Amazon Route 53
Developer Guide (API Version 2013-04-01)

Creating and Updating Health Checks

The following procedure describes how to create and update health checks using the Amazon Route 53 console.

For information about creating health checks using the API, see CreateHealthCheck in the Amazon Route 53 API Reference. For information about updating health checks using the API, see UpdateHealthCheck, also in the Amazon Route 53 API Reference.

Note

Health checks are supported starting with the 2012-12-12 version of the Amazon Route 53 API.

To create or update a health check using the Amazon Route 53 console

  1. If you're updating health checks that are associated with resource record sets, perform the recommended tasks in Updating or Deleting Health Checks when DNS Failover Is Configured.

  2. Sign in to the AWS Management Console and open the Amazon Route 53 console at https://console.aws.amazon.com/route53/.

  3. In the navigation pane, choose Health Checks.

  4. If you want to update an existing health check, select the health check, and then choose Edit Health Check.

    If you want to create a health check, choose Create Health Check. For more information about each setting, move the mouse pointer over a label to see its tooltip.

  5. Enter the applicable values. Note that some values can't be changed after you create a health check. For more information, see Values that You Specify When You Create or Update Health Checks.

  6. Choose Create Health Check.

  7. Associate the health check with one or more Amazon Route 53 resource record sets. For information about creating and updating resource record sets, see Working with Resource Record Sets.

Values that You Specify When You Create or Update Health Checks

When you create or update health checks, you specify the applicable values. Note that you can't change some values after you create a health check.

Name

Optional, but recommended: The name that you want to assign to the health check. If you specify a value for Name, Amazon Route 53 adds a tag to the health check, assigns the value Name to the tag key, and assigns the value that you specify to the tag value. The value of the Name tag appears in the list of health checks in the Amazon Route 53 console, which lets you easily distinguish health checks from one another.

For more information about tagging and health checks, see Naming and Tagging Health Checks.

What to monitor

Whether you want this health check to monitor an endpoint or the status of other health checks:

  • Endpoint – Amazon Route 53 monitors the health of an endpoint that you specify. You can specify the endpoint by providing either a domain name or an IP address and a port.

    Note

    If you specify a non-AWS endpoint, an additional charge applies. For more information, including a definition of AWS endpoints, see Health Checks on the Amazon Route 53 Pricing page.

  • Status of other health checks (calculated health check) – Amazon Route 53 determines whether this health check is healthy based on the status of other health checks that you specify. You also specify how many of the health checks need to be healthy for this health check to be considered healthy.

  • State of CloudWatch alarm – Amazon Route 53 determines whether this health check is healthy based on the alarm state of a CloudWatch alarm.

Monitoring an Endpoint

If you want this health check to monitor an endpoint, specify the following values:

Specify endpoint by

Whether you want to specify the endpoint using an IP address or using a domain name.

After you create a health check, you can't change the value of Specify endpoint by.

Protocol

The method that you want Amazon Route 53 to use to check the health of your endpoint:

  • HTTP – Amazon Route 53 tries to establish a TCP connection. If successful, Amazon Route 53 submits an HTTP request and waits for an HTTP status code of 200 or greater and less than 400.

  • HTTPS – Amazon Route 53 tries to establish a TCP connection. If successful, Amazon Route 53 submits an HTTPS request and waits for an HTTP status code of 200 or greater and less than 400.

    Important

    If you choose HTTPS, the endpoint must support TLS v1.0 or later.

    If you choose HTTPS for the value of Protocol, an additional charge applies. For more information, see Amazon Route 53 Pricing.

  • TCP – Amazon Route 53 tries to establish a TCP connection.

For more information, see How Amazon Route 53 Determines Whether an Endpoint Is Healthy.

After you create a health check, you can't change the value of Protocol.

IP address ("Specify endpoint by IP address" Only)

The IPv4 or IPv6 address of the endpoint on which you want Amazon Route 53 to perform health checks, if you chose Specify endpoint by IP address.

Amazon Route 53 cannot check the health of endpoints for which the IP address is in local, private, nonroutable, or multicast ranges. For more information about IP addresses that you can't create health checks for, see the following documents:

If the endpoint is an Amazon EC2 instance, we recommend that you create an Elastic IP address, associate it with your Amazon EC2 instance, and specify the Elastic IP address. This ensures that the IP address of your instance will never change. For more information, see Elastic IP Addresses (EIP) in the Amazon EC2 User Guide for Linux Instances.

Note

If you specify a non-AWS endpoint, an additional charge applies. For more information, including a definition of AWS endpoints, see Health Checks on the Amazon Route 53 Pricing page.

Host name ("Specify endpoint by IP address" Only, HTTP and HTTPS Protocols Only)

The value that you want Amazon Route 53 to pass in the Host header in HTTP and HTTPS health checks. This is typically the fully qualified DNS name of the website on which you want Amazon Route 53 to perform health checks. When Amazon Route 53 checks the health of an endpoint, here is how it constructs the Host header:

  • If you specify a value of 80 for Port and HTTP for Protocol, Amazon Route 53 passes to the endpoint a Host header that contains the value of Host name.

  • If you specify a value of 443 for Port and HTTPS for Protocol, Amazon Route 53 passes to the endpoint a Host header that contains the value of Host name.

  • If you specify another value for Port and either HTTP or HTTPS for Protocol, Amazon Route 53 passes to the endpoint a Host header that contains the value Host name:Port.

If you choose to specify the endpoint by IP address and you don't specify a value for Host name, Amazon Route 53 substitutes the value of IP address in the Host header in each of the preceding cases.

Port

The port on the endpoint on which you want Amazon Route 53 to perform health checks.

Domain name ("Specify endpoint by domain name" Only, All Protocols)

The domain name of the endpoint on which you want Amazon Route 53 to perform health checks, if you choose Specify endpoint by domain name.

If you choose to specify the endpoint by domain name, Amazon Route 53 sends a DNS query to resolve the domain name that you specify in Domain name at the interval you specify in Request interval. Using an IP address that DNS returns, Amazon Route 53 then checks the health of the endpoint.

Note

If you specify the endpoint by domain name, Amazon Route 53 uses only IPv4 to send health checks to the endpoint. If there's no resource record set with a type of A for the name that you specify for Domain name, the health check fails with a "DNS resolution failed" error.

If you want to check the health of weighted, latency, geolocation routing, or failover resource record sets, and you choose to specify the endpoint by domain name, we recommend that you create a separate health check for each endpoint. For example, create a health check for each HTTP server that is serving content for www.example.com. For the value of Domain name, specify the domain name of the server (such as us-east-2-www.example.com), not the name of the resource record sets (www.example.com).

Important

In this configuration, if you create a health check for which the value of Domain name matches the name of the resource record sets and then associate the health check with those resource record sets, health check results will be unpredictable.

In addition, if the value of Protocol is HTTP or HTTPS, Amazon Route 53 passes the value of Domain name in the Host header as described in Host name, earlier in this list. If the value of Protocol is TCP, Amazon Route 53 doesn't pass a Host header.

Note

If you specify a non-AWS endpoint, an additional charge applies. For more information, including a definition of AWS endpoints, see Health Checks on the Amazon Route 53 Pricing page.

Path (HTTP and HTTPS Protocols Only)

The path that you want Amazon Route 53 to request when performing health checks. The path can be any value for which your endpoint will return an HTTP status code of 2xx or 3xx when the endpoint is healthy, such as the file /docs/route53-health-check.html. Amazon Route 53 automatically adds a leading / character.

Monitoring Other Health Checks (Calculated Health Checks)

If you want this health check to monitor the status of other health checks, specify the following values:

Health checks to monitor

The health checks that you want Amazon Route 53 to monitor to determine the health of this health check.

You can add up to 256 health checks to Health checks to monitor. To remove a health check from the list, choose the x at the right end of the highlight for that health check.

Note

You can't configure a calculated health check to monitor the health of other calculated health checks.

Report healthy when

The calculation that you want Amazon Route 53 to perform to determine whether this health check is healthy:

  • Report healthy when at least x of y selected health checks are healthy – Amazon Route 53 considers this health check to be healthy when the specified number of health checks that you added to Health checks to monitor are healthy. Note the following:

    • If you specify a number greater than the number of health checks in Health checks to monitor, Amazon Route 53 always considers this health check to be unhealthy.

    • If you specify 0, Amazon Route 53 always considers this health check to be healthy.

  • Report healthy when all health checks are healthy (AND) – Amazon Route 53 considers this health check to be healthy only when all of the health checks that you added to Health checks to monitor are healthy.

  • Report healthy when one or more health checks are healthy (OR) – Amazon Route 53 considers this health check to be healthy when at least one of the health checks that you added to Health checks to monitor is healthy.

Invert health check status

Choose whether you want Amazon Route 53 to invert the status of a health check. If you choose this option, Amazon Route 53 considers health checks to be unhealthy when the status is healthy and vice versa.

Monitoring a CloudWatch Alarm

If you want this health check to monitor the alarm state of a CloudWatch alarm, specify the following values:

CloudWatch alarm

Choose the CloudWatch alarm that you want Amazon Route 53 to use to determine whether this health check is healthy.

If you want to create a new alarm, perform the following steps:

  1. Choose create, and the CloudWatch console appears in a new browser tab.

  2. Enter the applicable values. For more information, see Create an alarm in the Amazon CloudWatch User Guide.

  3. Return to the browser tab that the Amazon Route 53 console appears in.

  4. Choose the refresh button next to the CloudWatch alarm list.

  5. Choose the new alarm from the list.

Important

If you change settings for the CloudWatch alarm after you create a health check, you must update the health check. For more information, see Updating Health Checks When You Change CloudWatch Alarm Settings (Health Checks that Monitor a CloudWatch Alarm Only).

Health check status

Choose the status of the health check when CloudWatch has insufficient data to determine the state of the alarm that you chose in CloudWatch alarm. If you choose to use the last known status, Amazon Route 53 uses the status of the health check from the last time CloudWatch had sufficient data to determine the alarm state. For new health checks that have no last known status, the default status for the health check is healthy.

Invert health check status

Choose whether you want Amazon Route 53 to invert the status of a health check. If you choose this option, Amazon Route 53 considers health checks to be unhealthy when the status is healthy and vice versa.

Advanced Configuration ("Monitor an endpoint" Only)

If you choose the option to monitor an endpoint, you can also specify the following settings:

Request interval

The number of seconds between the time that each Amazon Route 53 health checker gets a response from your endpoint and the time that it sends the next health check request. If you choose an interval of 30 seconds, each of the Amazon Route 53 health checkers in data centers around the world will send your endpoint a health check request every 30 seconds. On average, your endpoint will receive a health check request about every two seconds. If you choose an interval of 10 seconds, the endpoint will receive a request more than once per second.

Note that Amazon Route 53 health checkers in different data centers don't coordinate with one another, so you'll sometimes see several requests per second regardless of the interval you chose, followed by a few seconds with no health checks at all.

After you create a health check, you can't change the value of Request interval.

Note

If you choose Fast (10 seconds) for the value of Request interval, an additional charge applies. For more information, see Amazon Route 53 Pricing.

Failure threshold

The number of consecutive health checks that an endpoint must pass or fail for Amazon Route 53 to change the current status of the endpoint from unhealthy to healthy or vice versa. For more information, see How Amazon Route 53 Determines Whether an Endpoint Is Healthy.

String matching (HTTP and HTTPS Only)

Whether you want Amazon Route 53 to determine the health of an endpoint by submitting an HTTP or HTTPS request to the endpoint and searching the response body for a specified string. If the response body contains the value that you specify in Search string, Amazon Route 53 considers the endpoint healthy. If not, or if the endpoint doesn't respond, Amazon Route 53 considers the endpoint unhealthy. The search string must appear entirely within the first 5,120 bytes of the response body.

After you create a health check, you can't change the value of String matching.

Note

If you choose Yes for the value of String matching, an additional charge applies. For more information, see Amazon Route 53 Pricing.

Search string (Only When "String matching" Is Enabled)

The string that you want Amazon Route 53 to search for in the body of the response from your endpoint. The maximum length is 255 characters.

Amazon Route 53 considers case when searching for Search string in the response body.

Latency graphs

Choose whether you want Amazon Route 53 to measure the latency between health checkers in multiple AWS regions and your endpoint and to display Amazon CloudWatch latency graphs on the Latency tab on the Health checks page in the Amazon Route 53 console. If Amazon Route 53 health checkers can't connect to the endpoint, Amazon Route 53 can't display latency graphs for that endpoint.

After you create a health check, you can't change the value of Latency measurements.

Note

If you configure Amazon Route 53 to measure the latency between health checkers and your endpoint, an additional charge applies. For more information, see Amazon Route 53 Pricing.

Enable SNI (HTTPS Only)

Specify whether you want Amazon Route 53 to send the host name to the endpoint in the client_hello message during TLS negotiation. This allows the endpoint to respond to the HTTPS request with the applicable SSL/TLS certificate.

Some endpoints require that HTTPS requests include the host name in the client_hello message. If you don't enable SNI, the status of the health check will be SSL alert handshake_failure. A health check can also have that status for other reasons. If SNI is enabled and you're still getting the error, check the SSL/TLS configuration on your endpoint and confirm that your certificate is valid.

Note the following requirements:

  • The endpoint must support SNI.

  • The SSL/TLS certificate on your endpoint includes a domain name in the Common Name field and possibly several more in the Subject Alternative Names field. One of the domain names in the certificate must match the value that you specify for Host name.

Health checker regions

Choose whether you want Amazon Route 53 to check the health of the endpoint by using health checkers in the recommended regions or by using health checkers in regions that you specify.

If you update a health check to remove a region that has been performing health checks, Amazon Route 53 will briefly continue to perform checks from that region to ensure that some health checkers are always checking the endpoint (for example, if you replace three regions with four different regions).

If you choose Customize, choose the x for a region to remove it. Click the space at the bottom of the list to add a region back to the list. You must specify at least three regions.

Invert health check status

Choose whether you want Amazon Route 53 to invert the status of a health check. If you choose this option, Amazon Route 53 considers health checks to be unhealthy when the status is healthy and vice versa.

Get Notified When a Health Check Fails

Use the following options to configure email notification when a health check fails:

Create alarm (Only When Creating Health Checks)

Specify whether you want to create a default CloudWatch alarm. If you choose Yes, CloudWatch sends you an Amazon SNS notification when the status of this endpoint changes to unhealthy and Amazon Route 53 considers the endpoint unhealthy for one minute.

If you want to create an alarm for an existing health check or you want to receive notifications when Amazon Route 53 considers the endpoint unhealthy for more or less than one minute (the default value), select No, and add an alarm after you create the health check. For more information, see Monitoring Health Checks Using CloudWatch.

Send notification to (Only When Creating an Alarm)

Specify whether you want CloudWatch to send notifications to an existing Amazon SNS topic or to a new one:

  • Existing SNS topic – Select the name of the topic from the list

  • New SNS topic – Enter a name for the topic in Topic name, and enter the email addresses that you want to send notifications to in Recipients

Topic name (Only When Creating a New SNS Topic)

If you specified New SNS Topic, enter the name of the new topic.

Recipient email addresses (Only When Creating a New SNS Topic)

If you specified New SNS topic, enter the email addresses that you want to send notifications to. Separate multiple names with commas (,), semicolons (;), or spaces.

Values that Amazon Route 53 Displays

The Create Health Check page displays the following values based on the values that you entered:

URL

Either the full URL (for HTTP or HTTPS health checks) or the IP address and port (for TCP health checks) to which Amazon Route 53 will send requests when performing health checks.

Health Check Type

Either Basic or Basic + additional options based on the settings that you specified for this health check. For information about pricing for the additional options, see Amazon Route 53 Pricing.