Search code examples
amazon-web-servicesamazon-elastic-beanstalkaws-elb

Elastic Beanstalk Health Severe, failing with a code 400 -- even though I can visit my site

I have a Django application running on Elastic Beanstalk. I can visit my site no problem at example.com. I've set up automatic https redirect, so that it always directs to https. I've set it up so you can't view the site example.elasticbeanstalk.com domain -- if you go there you end up getting response code 400.

My auto scaling group is load balanced. My app is failing the health checks with status code 400, even though I can navigate to my site no problem with response code 200. My logs show:

***amazon IP*** (-) - - [date] "GET / HTTP/1.1" 400 26 "-" "ELB-HealthChecker/2.0"

I'm guessing the error is either from

  1. Not allowing connection at example.elasticbeanstalk.com
  2. Haivng automatic HTTP -> HTTPS redirect (although that would come up with a 302 I'd guess)

When the Health Check pings a site, is it pinging your custom domain (example.com) or is pining the elasticbeanstalk.com domain? What can I do to either fix this or further diagnose the error? I'd rather not allow traffic at the elasticbeanstalk.com domain, because I don't think I can get SSL on that.

Solution

  • If you recently migrated to Amazon Linux 2 and got hit with IMDSv2 then you have to use security token like this

    import requests
EC2_PRIVATE_IP = None
try:
    security_token = requests.put(
        'http://169.254.169.254/latest/api/token',
        headers={'X-aws-ec2-metadata-token-ttl-seconds': '60'}).text

    EC2_PRIVATE_IP = requests.get(
        'http://169.254.169.254/latest/meta-data/local-ipv4',
        headers={'X-aws-ec2-metadata-token': security_token},
        timeout=0.01).text
except requests.exceptions.RequestException:
    pass

if EC2_PRIVATE_IP:
    ALLOWED_HOSTS.append(EC2_PRIVATE_IP)