performing health checks to application VPC internal applications
Hello AWS experts,
We have EC2 instances running applications in docker containers for which the auto-scaling part is managed bij ECS. It's all running internally in the VPC. So these EC2 instances or docker containers have no public internet-routeable IP addresses.
What we want to do is use Route 53 health checks to check certain TCP ports and send HTTP requests to the applications coming from various locations. The problem is of course that these probes on the various locations cannot get to services running internally on the VPC. What's the proper and easiest way to go to accomplish this?
We want to avoid setting up a monitoring service inside the VPC
We want it to be setup in a way that when we autoscale we don't have to change anything.
Thanks
We have EC2 instances running applications in docker containers for which the auto-scaling part is managed bij ECS. It's all running internally in the VPC. So these EC2 instances or docker containers have no public internet-routeable IP addresses.
What we want to do is use Route 53 health checks to check certain TCP ports and send HTTP requests to the applications coming from various locations. The problem is of course that these probes on the various locations cannot get to services running internally on the VPC. What's the proper and easiest way to go to accomplish this?
We want to avoid setting up a monitoring service inside the VPC
We want it to be setup in a way that when we autoscale we don't have to change anything.
Thanks
ASKER
When using catchpoint with option 1 that could make sense.
Bu when using it with option 2 (opening up for the whitelist) then I can just as well open up the services and whitelist the AWS Route 53 health check probes, no?
The tricky part is it also has to continue working when autoscaling will start to be used.
Any ideas on how to accomplish that?
Bu when using it with option 2 (opening up for the whitelist) then I can just as well open up the services and whitelist the AWS Route 53 health check probes, no?
The tricky part is it also has to continue working when autoscaling will start to be used.
Any ideas on how to accomplish that?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
For various reasons I don't want to open it up even it has a ACL. So in the meantime I did a lot of reading and apparently a way to do it without opening the services to the internet is using an ABL (appl. load balancer). You can then use the health checks to monitor your services and be notified. Advantage is that it is aware of the concept of docker containers.
I set it up but for some reason it is reporting the services as Not healthy. Anyone has experience with AWS ALBs and is free to take a look together using a remote session?
Thanks
I set it up but for some reason it is reporting the services as Not healthy. Anyone has experience with AWS ALBs and is free to take a look together using a remote session?
Thanks
Either you open your VPC to external monitoring, or set up a monitoring service inside the VPC.
There is however a sort of "middle ground".
Catchpoint have 2 things to help you going.
1. They have OnPrem agents, that communicate with the Catchpoint service only via outbound traffic.
2. When using their public nodes, you can get a specific list of IPs to whitelist, so you don't have to open your VPC to the entire world.
Look out for similar capabilities with other monitoring tools.
PS
Catchpoint Is Expensive.
Some integrators (such as the company I work at) can give you a slice of the enterprise package at sane costs with low commitments.
If you come to a point when you decide that you need it, contact me.