I get load balancer errors with My Amazon Elastic Container Service (Amazon ECS) task on AWS Fargate.
Resolution
Update your IAM permissions
Amazon ECS uses the AWS Identity and Access Management (IAM) service-linked role named AWSServiceRoleForECS. To manage the registration and deregistration of ECS tasks with the load balancer, configure your service with the AWSServiceRoleForECS role.
Update your container security group ingress rules
For containers that are mapped to port 80, your container security group must allow inbound traffic on port 80. If your security group doesn't allow inbound traffic on port 80, then your load balancer doesn't pass health checks.
To resolve this issue, update your security group rules.
Configure your load balancer for all the service Availability Zones
If a service uses a load balancer and starts a task located in an Availability Zone that the load balancer isn't configured to use, then the task never passes the health check and the task is stopped.
Configure your load balancer to use all the Availability Zones in an AWS Region, or at least all the Availability Zones for your containers.
Update your load balancer health check
If you have load balancer errors, the load balancer health check parameters might be too restrictive or point to resources that don't exist. Unhealthy tasks are removed from the load balancer.
You must configure the following parameters for your service load balancer:
- Ping Port
- Ping Path
- Response Timeout
- Health Check Interval
- Unhealthy Threshold
For more information, review the Elastic Load Balancing load balancer health check misconfigured section of Troubleshooting service load balancers.
For more information on health check failures caused by load balancers, see How do I troubleshoot health check failures for Amazon ECS tasks on Fargate?