An AWS Elastic Load Balancer (ELB) is configured with a health check that targets HTTP port 80 and path /status. The health check interval is 30 seconds, with 3 healthy threshold and 2 unhealthy threshold.
If a target instance returns HTTP 500 for 2 consecutive health checks, what will be the ELB's behavior?
Remember the unhealthy threshold defines how many consecutive failed checks are needed before marking unhealthy.
The unhealthy threshold is 2, meaning the instance must fail 2 consecutive health checks to be marked unhealthy and removed from the load balancer. The healthy threshold of 3 applies to recovering from an unhealthy state and is not relevant here.
You want to configure an Application Load Balancer (ALB) target group health check to use HTTPS on port 443 and path /health. Which JSON snippet correctly defines this health check configuration?
Check the protocol and port consistency for HTTPS health checks.
For HTTPS health checks, the protocol must be HTTPS and the port must be 443. Option A correctly sets both. Option A uses HTTP protocol on port 443 which is invalid. Option A uses HTTPS protocol but port 80 which is incorrect. Option A uses TCP protocol which does not support HTTP path.
You have an Auto Scaling Group (ASG) spanning 3 Availability Zones (AZs) with instances behind an ELB. You want to ensure that unhealthy instances are replaced quickly without affecting availability. Which health check configuration best supports this goal?
Think about combining ELB and ASG health checks for fast detection and replacement.
Using ELB health checks with low interval and low unhealthy threshold allows quick detection of unhealthy instances. Configuring ASG to use ELB health checks ensures ASG replaces instances marked unhealthy by ELB. This combination supports fast replacement without impacting availability across AZs.
Your web application exposes a health check endpoint /health that returns detailed system status including database connection info. What is the best security practice regarding this health check endpoint?
Consider who really needs access to sensitive health information.
Restricting access to the health check endpoint to only trusted sources like load balancer IPs prevents attackers from accessing sensitive system details. Making it public or removing it entirely can cause availability or monitoring issues. TLS encryption alone does not restrict access.
You manage a fleet of 1000 EC2 instances behind an ELB. Health checks are currently set to run every 10 seconds with a timeout of 5 seconds. This causes high CloudWatch costs and occasional false positives due to network latency spikes. Which health check configuration change best balances cost, performance, and reliability?
Think about how increasing intervals and thresholds affects cost and false positives.
Increasing the interval and timeout reduces the number of health check requests, lowering costs. Increasing the unhealthy threshold reduces false positives caused by transient network issues. Decreasing intervals or disabling health checks either increases cost or reduces reliability.