What Does Route 53 health check Mean?
On This Page
Quick Definition
A Route 53 health check is a test that checks if your website or application is working properly. It regularly sends requests to your server from different places around the world. If it detects a problem, it automatically stops sending visitors to that server and redirects them to a healthy backup. This keeps your site online even if something goes wrong.
Commonly Confused With
An EC2 status check is an automated test performed by the EC2 hypervisor to verify the health of the underlying physical server and the instance's operating system. It runs every minute and is visible in the EC2 console. A Route 53 health check, on the other hand, tests application-level availability from multiple external locations using HTTP, HTTPS, or TCP. EC2 status checks do not replace application-level monitoring; they only report on the instance's hypervisor and OS health.
If your web application is hung but the OS is still running, the EC2 status check would show 'OK' while the Route 53 health check would show 'Unhealthy' because it cannot get an HTTP response.
A CloudWatch alarm monitors aggregated metrics (like CPU utilization or error rates) or a health check's status and can trigger actions like Auto Scaling or SNS notifications. A Route 53 health check is the thing that tests the endpoint; the CloudWatch alarm is the thing that reacts to the health check's state change. They are often used together, but they are separate services. A health check can exist without a CloudWatch alarm, and an alarm can monitor metrics other than health checks.
You set up a Route 53 health check for your website. You then create a CloudWatch alarm that watches that health check and sends you an email when it fails. The health check does the testing; the alarm does the alerting.
Route 53 DNS failover is the mechanism that automatically changes DNS responses based on health check status. The health check is the component that determines if an endpoint is healthy; DNS failover is the action of switching from an unhealthy record to a healthy one. They are tightly coupled but distinct: you can have a health check without DNS failover (just for monitoring), and you can have DNS failover without a health check (using static records).
You create a health check for your primary server. You then configure a failover routing policy to use that health check. When the health check says 'unhealthy', the failover routing policy returns the IP of your backup server instead.
Must Know for Exams
Route 53 health checks are a significant topic in AWS certification exams, particularly the AWS Certified Solutions Architect (SAA-C03), AWS Certified Developer (DVA-C02), AWS Certified SysOps Administrator (SOA-C02), and the AWS Certified Advanced Networking (ANS-C01). In these exams, health checks appear under the 'High Availability and Reliability' domain, but they also intersect with networking, security, and fault tolerance.
For the Solutions Architect exam, you are expected to understand how to design a multi-tier architecture using Route 53 health checks with failover routing. Typical questions present a scenario where an application needs to be highly available across two regions. You must choose the correct combination of health checks, routing policies, and failover configurations. You might also need to understand how to use calculated health checks to monitor a chain of dependencies.
In the SysOps exam, questions go deeper into operational aspects. You may need to troubleshoot why a health check is showing 'unhealthy' even though the endpoint is responding. You must understand how firewall rules, response timeouts, and string matching affect health check status. There may be questions about configuring CloudWatch alarms based on health check failures, or about using health checks with Auto Scaling to replace unhealthy instances.
The Developer exam focuses on integration. You might need to configure health checks as part of an application’s deployment pipeline or set up DNS failover for an API. Questions may ask how to set up a health check for an HTTP endpoint that requires authentication, or how to use custom headers.
The Advanced Networking exam covers health checks at a deeper level, including how they interact with Direct Connect, VPN, and hybrid architectures. You may need to understand how to use health checks in conjunction with weighted routing for blue-green deployments, or how to set up health checks for internal resources using Route 53 Resolver endpoints.
Across exams, question types include: - Scenario-based: Which routing policy works best for active-passive failover? - Multiple choice: What happens when an endpoint fails? - Drag and drop: Arrange steps to set up a health check. - Troubleshooting: An application is returning 503 errors. How does the health check react?
Specific objectives include understanding health check intervals (10 vs 30 seconds), failure thresholds, calculated health checks, and the difference between simple, failover, and latency routing policies. You should also know that health checks can monitor endpoints without being associated with a record-they can be standalone for monitoring purposes.
Memorizing the default HTTP success codes (2xx and 3xx) and the ability to configure custom strings is exam-relevant. Also, understanding that health checkers come from known IP ranges that must be allowed in security groups or network ACLs is a common exam point.
health checks are not just a feature-they are a core concept in the exam objectives for many AWS certifications. A thorough understanding of how they work, how to configure them, and how they integrate with other AWS services is essential for passing these exams.
Simple Meaning
Imagine you run a small bakery with two locations. You want customers to always find fresh bread, even if one shop has a power outage. So you hire a team of people to call each bakery every few minutes. If the first bakery doesn't answer the phone, the team immediately tells customers to go to the second bakery instead. That team is like a Route 53 health check. It monitors your servers by sending test requests from around the world. If a server becomes unavailable, the health check updates the DNS records so that new traffic flows to the healthy server.
Think of DNS as the phone book of the internet. When someone types your website name, DNS looks up the address of your server. A Route 53 health check monitors that address continuously. If the server stops responding, the health check tells Route 53 to use a different IP address. This happens in seconds, often without users noticing any interruption.
Health checks can monitor servers using simple pings or by checking that a specific webpage loads correctly. They can also monitor your network and other AWS resources like load balancers. The key idea is that the health check acts as a watchful guard that automatically reroutes traffic when trouble strikes. This is crucial for businesses that need their website to be available 24/7, because even a few minutes of downtime can cost money and trust.
In everyday language, a Route 53 health check is like a smart assistant that constantly checks if your online store is open and ready to serve customers. If the store has a problem, the assistant quickly sends everyone to the backup store without any hassle. This keeps your business running smoothly and your customers happy.
Full Technical Definition
A Route 53 health check is a DNS-level monitoring mechanism within Amazon Web Services (AWS) that assesses the availability and responsiveness of a specified endpoint-such as an Amazon EC2 instance, an Application Load Balancer, or an on-premises server-from multiple geographically distributed checkers. The health check operates by sending requests at a configurable interval (10 or 30 seconds) using one of three protocols: HTTP, HTTPS, or TCP. For HTTP and HTTPS, the health check sends a GET request to a specific path and evaluates the response status code, which must be 2xx or 3xx by default, though custom success criteria can be defined. For TCP checks, the health check attempts to establish a three-way handshake; success is defined by the endpoint opening the TCP connection within a configurable timeout.
Each health check is associated with a group of at least two but often several dozen health checkers deployed across AWS global locations. The health check aggregates results from all checkers and computes a health status based on a configurable threshold. For example, if you set the threshold to 3 out of 3, the endpoint is considered healthy only if all checkers report success. If you set it to 2 out of 3, one failure is tolerated. This design prevents false positives from transient network issues affecting a single location.
Route 53 health checks support several advanced features. You can create a calculated health check that combines the status of multiple child health checks using Boolean logic (AND, OR, or NOT). This is useful for scenarios where a service depends on multiple underlying components. You can also associate a CloudWatch alarm with a health check, so that if the endpoint fails, an alarm can trigger actions such as sending an SNS notification or auto scaling a replacement instance. Another key feature is latency-based routing, where Route 53 automatically directs users to the region with the lowest latency, but only if the health check for that region reports healthy.
For integration with DNS failover, you configure Route 53 routing policies such as failover, weighted, latency-based, or geolocation routing to include health check associations. When a health check fails, Route 53 removes the unhealthy record from DNS responses, so client traffic automatically redirects to a healthy record. This failover happens very quickly, typically within a few seconds to a minute, depending on the DNS TTL and the health check interval. Health checks also support optional string matching on the response body, request intervals, and custom headers, making them flexible for complex application monitoring.
From a standards perspective, Route 53 health checks use standard HTTP/1.1 and TCP/IP protocols. The checkers are not customer-controlled; AWS manages the infrastructure. Each health check is an independent resource in the Route 53 console, and you can create up to 200 health checks per AWS account by default, though this can be increased. Billing is per health check per month, with additional charges for endpoint monitoring.
In real IT implementations, administrators use Route 53 health checks to build highly available architectures across multiple availability zones and regions. A common pattern is to have an active-passive failover setup: a primary record associated with a health check, and a secondary record with a lower priority. If the primary health check fails, Route 53 returns the secondary IP. This is critical for disaster recovery and for meeting service level agreements. Health checks can also monitor non-AWS endpoints, such as on-premises data center servers, as long as they are reachable from the internet.
One critical aspect is that health checks originate from public IP addresses managed by AWS. If your endpoint is behind a firewall, you must allow incoming traffic from these IP addresses. AWS publishes the list of health checker IP ranges, which you can obtain programmatically. Failure to configure firewall rules correctly can lead to false negative health checks.
Exam-accurate understanding includes knowing that Route 53 health checks are separate from Amazon CloudWatch, though they can integrate with CloudWatch alarms. The health check does not track application performance metrics like response time; it only checks in- service status. However, you can set a 'fast fail' configuration by using a low interval (10 seconds) and a low failure threshold (1 out of 2), which improves detection speed but increases false positives. Balancing speed and accuracy is a key design decision.
Real-Life Example
Think of a busy airport with two control towers. Each tower guides planes safely to the runways. Now imagine that one tower's radar system overheats and shuts down. Without a backup, planes would have to circle aimlessly, causing delays and chaos. The airport decides to hire a team of spotters stationed at different points around the airfield. These spotters continuously look at both towers. If they see the radar lights from Tower A go dark, they immediately radio the pilots: 'Do not go to Runway A; use Runway B.' That is exactly what a Route 53 health check does for your website.
Your website is like an airport. The servers are the control towers. Users trying to access your site are the inbound planes. A Route 53 health check is the team of spotters. They stand at multiple locations globally-like New York, London, Tokyo-and constantly test whether your server responds. They might send a simple 'ping' (like a radio check) or request a specific page (like asking 'are you receiving?' and expecting the answer 'loud and clear').
If the server in New York stops answering, the health check detects it within seconds. It then tells Route 53 to stop sending users to that server and instead redirect them to a backup server in, say, Virginia. This happens automatically, without the users ever knowing there was a problem. For the users, their request goes to the backup, and the website loads smoothly.
In this analogy, the spotters are the health checkers. The radio they use to call the towers is the health check request. The backup tower is the failover record. The entire system ensures that even if one component fails, the service remains available. Just as an airport cannot afford to have planes circling endlessly, a business cannot afford to have users hitting an error page. The health check acts as that reliable spotters team, keeping traffic flowing to the place that works.
Why This Term Matters
Route 53 health checks are foundational to building resilient, highly available applications in AWS. In a world where even a few seconds of downtime can cost thousands of dollars and erode customer trust, the ability to automatically detect and react to failures is non-negotiable. Health checks turn a static DNS system into an intelligent traffic manager that adapts to real-time conditions.
Without health checks, DNS records would simply point to a fixed IP address. If the server behind that IP goes down, users would see errors until the DNS record is manually updated-a process that could take minutes to hours, depending on the time-to-live (TTL) settings. Health checks automate this failover, reducing recovery time from minutes to seconds. This directly impacts the Recovery Time Objective (RTO) in disaster recovery plans.
In multi-region architectures, health checks enable global load balancing. You can route users to the region with the lowest latency, but only if that region's health check passes. This optimizes both performance and availability. For example, if the primary region (say, US-East) becomes unhealthy, traffic automatically shifts to a secondary region (say, EU-West) without manual intervention.
Health checks also matter for compliance and SLAs. Many enterprises require 99.99% uptime or higher. A Route 53 health check combined with failover routing is a proven method to meet those targets. It provides audit trails and can be integrated into monitoring dashboards for visibility.
From a cost perspective, health checks are inexpensive compared to the cost of downtime. Each health check costs a few dollars per month, but preventing even one major outage can save thousands. This makes it a high-value investment for any organization running public-facing applications.
For IT professionals, understanding health checks is crucial for designing robust architectures. They appear in job interviews, certification exams, and real-world scenarios. Knowing how to configure them, interpret their status, and troubleshoot false positives is a core skill for cloud engineers.
How It Appears in Exam Questions
Questions involving Route 53 health checks appear in three main patterns: scenario-based design, configuration choices, and troubleshooting.
Scenario-based questions often describe a business requirement. For example: 'An e-commerce application runs on EC2 instances in two Availability Zones. The company needs to configure DNS so that traffic goes to the healthy zone automatically. Which Route 53 routing policy and health check configuration should be used?' The correct answer typically involves a failover routing policy with a primary record associated with a health check, and a secondary record without a health check (or with a separate health check). The exam might also ask about the interval: if the company needs faster failure detection, the candidate must choose a 10-second interval with a low threshold.
Another common scenario is multi-region disaster recovery. The question might say: 'The application is deployed in us-east-1 and eu-west-1. Users should be directed to the region with the lowest latency, but only if the region is healthy. What combination of routing policy and health checks should be used?' Here, the answer is latency-based routing with health checks on each region's endpoint. Candidates must know that latency routing inherently considers health if you associate a health check; otherwise, it might send traffic to an unhealthy region.
Troubleshooting questions present a health check that is showing 'unhealthy' when the endpoint is actually responsive. For example: 'A developer configures an HTTPS health check for an application. The health check fails. The developer verifies that the application is running. What could be the issue?' Possible answers include: the security group does not allow inbound traffic from health checker IPs; the health check is hitting a path that returns a 403 Forbidden; the SSL certificate on the endpoint is not valid; or the health check timeout is too low. The candidate must systematically identify the cause.
Another pattern is calculated health checks. A question might ask: 'An application depends on a database and a caching layer. How can you ensure traffic is only sent to the application when both dependencies are healthy?' The answer is to create individual health checks for each dependency, then create a calculated health check with AND logic. If either child check fails, the calculated check fails, and Route 53 stops routing traffic.
Weighted routing with health checks is another pattern. For blue-green deployments, you might use weighted records with health checks. A question could ask: 'You want to test a new version of an application with 10% of traffic, but only if the new version is healthy. What should you do?' The answer: assign a weight of 10 to the new version's record and associate a health check. If the new version fails, the health check makes the record unhealthy, so it gets zero traffic.
Finally, there are questions about health check response strings. 'You configure a health check to validate a specific string in the response body. The health check fails even when the application is working. Why?' The answer might be that the string includes trailing whitespace, or the response is too large and the health check does not examine the entire body. These subtle points are often tested.
In all these patterns, candidates must not only know the theory but also the exact AWS Console options and CLI commands that implement the solution.
Practise Route 53 health check Questions
Test your understanding with exam-style practice questions.
Example Scenario
You are a cloud architect for a company called 'ShopNow' that sells products online. You have set up the application on two EC2 instances in two separate AWS Availability Zones: us-east-1a and us-east-1b. Each instance runs the same web application. You have already registered the domain shopnow.com with Amazon Route 53. Now, you need to configure DNS so that if one instance goes down, users are automatically sent to the other instance.
First, you create a Route 53 health check for the instance in us-east-1a. You choose an HTTP health check on port 80, hitting the path '/' with a 10-second interval and a failure threshold of 2. You also note the health checker IP ranges so you can add them to the instance's security group.
Next, you create a DNS record for the domain 'www.shopnow.com' with a failover routing policy. You create a primary record pointing to the IP address of the instance in us-east-1a and associate it with the health check. Then you create a secondary record pointing to the IP address in us-east-1b, but you set this as a failover record without a health check (or with another health check). You set a TTL of 60 seconds so changes propagate quickly.
Now, imagine that later that day, the instance in us-east-1a suffers a hardware failure. The health check sends an HTTP request to that instance. First, it gets no response within the timeout. After two consecutive failures (the failure threshold of 2), the health check marks the endpoint as unhealthy. Route 53 sees that the primary record is unhealthy and immediately begins returning the secondary record's IP address for new DNS queries. Any users who had cached the old IP will still go to the broken instance, but because the TTL is 60 seconds, their cache will expire soon and they will get the new IP.
This failover happens automatically without any manual intervention. Users experience a brief delay of up to a minute (depending on caching), but most will not notice the outage. Meanwhile, you receive a CloudWatch alarm triggered by the health check change, letting you know that you need to repair or replace the failed instance.
In this scenario, the health check is the critical component that enables automatic recovery. Without it, you would have to manually detect the failure and update the DNS record, which could take much longer and lead to extended downtime.
Common Mistakes
Assuming a health check can monitor private IP addresses without special configuration.
By default, Route 53 health checkers are deployed on the public internet. They cannot reach private IP addresses (like those in a VPC) unless you use a Route 53 Resolver endpoint or place the endpoint behind a public-facing load balancer.
If the endpoint is in a private subnet, either use a public Application Load Balancer with a public DNS name, or use an AWS Lambda function as a custom health check that runs inside the VPC and reports back to Route 53.
Setting the health check interval to 10 seconds but using a default threshold of 3 out of 3, which means you wait 30 seconds for a failure.
If you need fast detection, a 10-second interval with a 3/3 threshold means a failure is only confirmed after 3 consecutive misses, which takes at least 30 seconds. That may be too slow for critical applications.
To achieve faster detection, lower the threshold to 2 out of 3 or even 1 out of 2. Balance speed with the risk of false positives. For low-latency applications, consider 2 out of 3 threshold with a 10-second interval, which gives a maximum detection time of about 20 seconds.
Forgetting to update security groups or firewall rules to allow traffic from the Route 53 health checker IP ranges.
Health checkers must be able to reach the endpoint. If the security group denies inbound traffic from the health checker IPs, the health check will always return 'unhealthy' even if the application is running fine.
Obtain the current list of Route 53 health checker IP ranges from the AWS documentation or by querying the AWS IP address ranges JSON file. Add these IPs to the security group's inbound rules for the health check protocol and port.
Configuring an HTTP health check on a path that requires authentication.
If the path returns a 403 Forbidden or a login page, the health check will treat it as a failure (since the default success is 2xx or 3xx). The health check does not handle authentication.
Create a dedicated health check endpoint (e.g., /health) in your application that returns a 200 OK without authentication. Configure the health check to hit that specific path.
Confusing Route 53 health checks with EC2 status checks.
EC2 status checks monitor the health of the underlying physical host and the instance's operating system. Route 53 health checks monitor the application layer (HTTP/TCP). They are different services and serve different purposes.
Use both: EC2 status checks for infrastructure-level failures, and Route 53 health checks for application-level failures. Integrate them separately as needed.
Exam Trap — Don't Get Fooled
{"trap":"A question states: 'A health check is configured with a 30-second interval and a failure threshold of 3. The endpoint fails at time 0. How long before the record is marked unhealthy?'
The trap is that learners often say 90 seconds (3 intervals), but the actual failover time includes the time when the endpoint first becomes unreachable plus the interval timings.","why_learners_choose_it":"They assume that the health check sends a request exactly at the moment of failure and then counts three consecutive failures. In reality, the health check sends requests at fixed intervals.
If the failure happens just after a successful check, the next check might not occur for up to 30 seconds. Then it takes 3 intervals to confirm failure, so the maximum detection time could be up to 120 seconds (30 seconds until first missed check + 90 seconds for three checks).","how_to_avoid_it":"Understand that the detection time is not simply interval × threshold.
It depends on when the failure occurs relative to the last successful check. For exam questions, focus on the concept that the interval is the gap between check attempts, and the threshold is the number of consecutive failures needed. The worst-case detection time is interval × (threshold + 1) – epsilon.
But for the exam, often the simplified answer is interval × threshold. Pay attention to the wording: if it says 'how long until it is marked unhealthy after the third failure' then it's interval × threshold."
Step-by-Step Breakdown
Create the health check resource
In the Route 53 console, you first create a health check object. This defines the endpoint, protocol, and monitoring parameters. You specify the IP address or DNS name, the protocol (HTTP, HTTPS, or TCP), the port, and optionally a path and search string. This step sets up the 'who' and 'how' of the monitoring.
Configure health check settings
You choose the time interval (10 or 30 seconds) and the failure threshold (number of consecutive failures to mark unhealthy). A lower interval gives faster detection but costs more. The threshold balances speed vs. false positives. You also set the request timeout (default 5 seconds) and optional string matching. These settings determine the sensitivity of the health check.
Configure firewall rules
AWS health checkers use public IP addresses in specific ranges. You must add inbound rules to your security group or firewall to allow traffic from these IPs on the health check port. Without this step, the health check will see a timeout and mark the endpoint as unhealthy. This is a common cause of false negatives.
Associate the health check with a DNS record
You can associate the health check with a Route 53 routing policy like failover, weighted, latency, or geolocation. When you create the DNS record, you specify the health check ID. This association tells Route 53 to consider the health check status when deciding which record to return in DNS queries.
Monitor and react
Once configured, the health check sends requests at the chosen interval. If it detects a failure, it marks the endpoint unhealthy. Route 53 stops returning the unhealthy record in DNS responses. You can also create a CloudWatch alarm that triggers notifications or automation. This step completes the failover loop.
Test and validate
After setup, you should deliberately cause a failure to verify that failover works correctly. You can stop the application or block the health checker IPs temporarily. Observe whether DNS responses change as expected. This validation step is critical for ensuring the architecture works in production.
Practical Mini-Lesson
A Route 53 health check is more than just a simple ping. It is a robust monitoring mechanism that integrates deeply with AWS DNS routing. To implement it effectively, you need to understand both the configuration options and the underlying networking.
Start with the endpoint. You can monitor either a public IP address or a DNS name (like an ALB DNS name). If you use a DNS name, the health check will resolve that name to an IP address and then test that IP. This is useful for load balancers whose IPs can change. However, note that the health check only resolves the name once per health check configuration; subsequent updates to the DNS record might not be picked up automatically.
Next, consider the protocol. For most web applications, HTTP or HTTPS is best because it can verify not just connectivity but also the correctness of the application layer. For TCP, you only verify that the port is open. That is faster but less thorough. If you use HTTPS, the health check will validate the SSL certificate; an expired certificate will cause the check to fail. This can be used as a proactive alert for certificate renewal.
The search string option allows you to check for specific content in the response body. For example, you can look for the string 'healthy' in the response. This helps ensure that the application is not just running but also returning the expected data. However, if the response is very large, the health check only examines the first few kilobytes. If your health check string is not within that range, the check will fail.
Now, talk about calculated health checks. This is an advanced feature where you combine the status of multiple health checks using Boolean logic. For instance, you might have a database health check and an application health check. You want the overall service to be considered unhealthy if either one fails. You create a calculated health check with the OR operator, so if any child check fails, the parent fails. This is powerful for managing dependencies.
Troubleshooting health checks is a key skill. Start by checking the endpoint's network accessibility. Use tools like curl or telnet from a machine outside the AWS network. If you can reach the endpoint but the health check says unhealthy, the issue could be the security group not allowing the health checker IPs, or the search string not matching, or the response code being outside the expected range. Also, check the health check's logs: you can view the status of each individual checker if you enable detailed billing.
Another common issue is the health check calling the endpoint via a path that requires a host header for virtual hosting. You can add custom headers to the health check, including the Host header, to simulate a specific request. This is essential when the endpoint serves multiple sites.
Finally, understand the cost implications. Each health check costs a fixed monthly fee plus a per-request fee. If you use a 10-second interval, you have 6 requests per minute, which adds up. For large deployments, you might want to use a 30-second interval to save costs, but at the risk of slower detection.
In practice, professionals often use health checks in combination with Auto Scaling. They may configure a health check to trigger a CloudWatch alarm that launches a new instance if the current one is unhealthy. This creates a self-healing architecture. They use health checks for blue-green deployments by shifting weights based on health. The health check is the core feedback loop that makes the system reactive.
Understanding these practical details is what separates a theoretical knowledge from a working implementation. For the exam, you should know the defaults and the trade-offs, but in real-world, you need to actively design for your specific application needs.
Memory Tip
Remember 'HIT' for Health check: Heartbeat (it's a constant test), Interval (10 or 30 sec), Threshold (consecutive failures to declare down).
Covered in These Exams
Current Exam Context
Current exam versions that test this topic — use these objectives when studying.
Related Glossary Terms
An A record is a type of DNS resource record that maps a domain name to an IPv4 address.
An AAAA record is a DNS record that maps a domain name to an IPv6 address, allowing devices to find each other over the internet using the newer IP addressing system.
Two-factor authentication (2FA) is a security method that requires two different types of proof before granting access to an account or system.
5G is the fifth generation of cellular network technology, designed to deliver faster speeds, lower latency, and support for many more connected devices than previous generations.
802.1Q is the networking standard that allows multiple virtual LANs (VLANs) to share a single physical network link by tagging Ethernet frames with VLAN identification information.
802.1X is a network access control standard that authenticates devices before they are allowed to connect to a wired or wireless network.
AAA (Authentication, Authorization, and Accounting) is a security framework that controls who can access a network, what they are allowed to do, and tracks what they did.
A/B testing is a controlled experiment that compares two versions of a single variable to determine which one performs better against a predefined metric.
Frequently Asked Questions
Can I use a Route 53 health check to monitor an on-premises server?
Yes, as long as the server is reachable from the public internet and you configure your on-premises firewall to allow incoming traffic from the Route 53 health checker IP ranges. The health check does not differentiate between AWS and non-AWS endpoints.
What is the difference between a simple health check and a calculated health check?
A simple health check monitors a single endpoint. A calculated health check combines the status of multiple health checks using Boolean logic like AND, OR, or NOT. This is useful for monitoring composite dependencies.
How quickly can a Route 53 health check detect a failure?
It depends on the interval and failure threshold. With a 10-second interval and a threshold of 2, a failure can be detected in as little as 10 seconds (worst case about 20 seconds). With a 30-second interval and a threshold of 3, detection could take up to 120 seconds.
Does a Route 53 health check affect DNS propagation?
No, the health check itself does not affect DNS propagation. However, once it marks a record as unhealthy, Route 53 stops returning that record in DNS responses. The change in DNS responses takes effect after the DNS TTL expires on the client's resolver.
Can I create a health check for an endpoint that requires authentication?
You can, but the health check must be configured to send the appropriate authentication header. If the endpoint returns a 401 or 403 without authentication, the health check will count it as a failure unless you configure custom success codes or use a dedicated health check endpoint that does not require auth.
What is the cost of a Route 53 health check?
AWS charges a monthly fee per health check (around $0.50 to $0.75 per month depending on the configuration) plus a small fee per request. The cost is generally very low, making it a cost-effective way to improve reliability.