How can I identify and resolve unwanted health checks from Route 53?

2 minute read
0

My server is receiving unwanted requests from Amazon Route 53 health check servers.

Short description

When you associate health checks with an endpoint, Amazon Route 53 sends health check requests to the endpoint IP address. These health checks validate that the endpoint IP addresses are operating as intended. An issue might occur if an incorrect IP address is specified or if a health check isn't updated or deleted when necessary.

Resolution

Identify the source of unwanted requests

1.    Use Route 53 IP address ranges to find the source IP address of the unwanted request. For more information, see ROUTE53_HEALTHCHECKS in IP address ranges of Route 53 servers.

2.    Check the application server logs to determine whether the Route 53 health check servers sent the request. When performing health checks, Route 53 health checks set the following HTTP header:

"Amazon-Route53-Health-Check-Service (ref <reference ID/ b5996862-d894-4595-88da-7940808e9665>; report http://amzn.to/1vsZADi)"

Example Application Load Balancer access log:

http 2020-05-12T14:14:25.000265Z app/myapplicationloadbalancer 54.241.32.97:49816 10.0.3.64:80 -1 -1 -1 502 - 241 288 "GET http:// <ALB DNS NAME>:80/ HTTP/1.1" "Amazon-Route53-Health-Check-Service (ref b5996862-d894-4595-88da-7940808e9665; report http://amzn.to/1vsZADi)" - - arn:aws:elasticloadbalancing:us-east-1:<account ID>:targetgroup/mytargetgroup

Example Microsoft Internet Information Services (IIS) access log:

Amazon+Route+53+Health+Check+Service;+ref:b5996862-d894-4595-88da-7940808e9665;+report+http://amzn.to/1vsZADi

Example Apache access log:

54.228.16.1 - - [time] "GET / HTTP/1.1" 403 3839 "-" "Amazon Route 53 Health Check Service; ref:47d9bc51-39d6-4cd9-9a7f-4c981c5db165; report http://amzn.to/1vsZADi"

Example NGINX access log:

NGINX access log entry: 54.232.40.80 - - [time] "GET / HTTP/1.1" 200 3770 "-" "Amazon Route 53 Health Check Service; ref:2e44063d-3b85-47c3-801e-6748cd542386; report http://amzn.to/1vsZADi" "-"

Delete or block the source of unwanted requests

1.    Copy the health check ID from the application service logs.

2.    If the health check is available from your AWS account, then update the health check to monitor the intended IP address or domain name. Or, if it's no longer required, then delete the health check.

If the health check isn't available from your AWS account, then block the IP address of the health check. To block the IP address, use firewall rules, security groups, or network access control lists (NACLs).

Important: To report suspected Route 53 health check abuse, see Stop unwanted Amazon Route 53 health checks.

Related information

How can I stop Route 53 health check requests that are sent to my application?

AWS OFFICIAL
AWS OFFICIALUpdated a year ago