Ensure that your web-tier Elastic Load Balancers (ELBs) are using the appropriate health check configuration in order to monitor the availability of the EC2 instances associated with the ELBs through application layer. An application layer health check is an HTTP-based test performed periodically by an AWS ELB to determine the availability of the EC2 instances registered to the load balancer. The status of the backend instances that are healthy at the time of the health check is "InService" and the status of any instances that are unhealthy at the time of the health check is "OutOfService". When an AWS ELB determines that an EC2 backend instance is unhealthy, it stops routing requests to that instance. The load balancer resumes routing requests to the backend instance when it has been restored to a healthy state. This conformity rule assumes that all AWS resources (including ELBs) created within your web tier are tagged with <web_tier_tag>:<web_tier_tag_value>, where <web_tier_tag> is the tag name and <web_tier_tag_value> is the tag value. Prior to running this rule by the Cloud Conformity engine, the web-tier tags must be configured in the rule settings, on your Cloud Conformity account dashboard.
Improve the reliability of the web applications behind your web-tier ELBs by using the right health check configuration. Cloud Conformity recommends that you always use application layer (HTTP(S)) health checks instead of TCP health checks (where a specified TCP port is probed to make sure is accepting connections) for your web-tier load balancers. Note: Make sure that you replace all <web_tier_tag>:<web_tier_tag_value> tag placeholders found in the conformity rule content with your own tag name and value created for the web tier.
To determine if your web-tier ELBs are using the right health check configuration, perform the following:
To update your web-tier ELBs configuration in order to use application layer health checks instead of TCP health checks, perform the following: