Getting Health checks failed with these codes: [403] error in Target groups


After domain renewal, I started getting 403 error on my website. After checking the console, got to know that in the load balancer, it was showing instance health status as unhealthy. Even though the instance state is healthy, I failed to understand why am I getting this 403 access-related issue.

1 Answer

Since you mentioned use of Target group and HTTP error, I am assuming you are using an ALB. Please correct me if my assumption is not accurate. The ALB will respond with the HTTP 403 error if you are using WAF with the ALB and that is restricting access to your load balancer. As explained in document below: "You configured an AWS WAF web access control list (web ACL) to monitor requests to your Application Load Balancer and it blocked a request."

However WAF will not impact health checks, if your health checks are failing with HTTP 403 error, it will be because your target instances are responding with that HTTP error codes. Here are couple of things you can do to test which will verify if target is responding with 403 or not. From a test instance/another instance that belong to the same VPC as the target instance run the following Tests:

  • Curl command test : "curl -IvKL http://<IP address of target instance>:<port number>/<path>"
    (please note the parameters will change from this test based on your configuration, for example if the ALB forward the traffic to HTTP on port 80 then the test will have port number as 80. Similarly if no path is configured you do not need to add "/")
  • Run Telnet test : telnet <IP address of target instance> <port number>

Make sure that the target instances are allowing traffic in from Test instances for the above test to work successfully. The tests above will bypass the load balancer completely and will tell if it is the ALB responding with 403 or is it your target instance.

Further you can also check following metrics and data on ALB to determine the cause of the HTTP 403 error:

In addition to above you can also try the following:

  • Make sure the webserver is running and HTTP ports are open.
  • Try to reboot instance and see if that helps.
  • Here is link to knowledge center article which talks on troubleshooting health check failure for the ALB, you can verify steps mentioned in this to further investigate :
  • If the above does not work you can open up case with AWS premium support (ELB team) and we can help you troubleshoot this issue further.

I hope the above information helps.

answered 2 years ago
profile picture
reviewed 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions