The aws:route53/healthCheck:HealthCheck resource, part of the Pulumi AWS provider, defines Route 53 health checks that probe endpoints, aggregate child checks, or monitor CloudWatch alarms to determine resource health. This guide focuses on three capabilities: HTTP endpoint monitoring with status codes and content matching, calculated health checks that aggregate multiple checks, and CloudWatch alarm integration with synchronization.
Health checks reference endpoints, CloudWatch alarms, or other health checks that must exist separately. The examples are intentionally small. Combine them with your own DNS records, failover policies, and monitoring infrastructure.
Check HTTP endpoint connectivity and status codes
Most health checks verify that HTTP endpoints respond with acceptable status codes, marking them unhealthy after consecutive failures.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.route53.HealthCheck("example", {
fqdn: "example.com",
port: 80,
type: "HTTP",
resourcePath: "/",
failureThreshold: 5,
requestInterval: 30,
tags: {
Name: "tf-test-health-check",
},
});
import pulumi
import pulumi_aws as aws
example = aws.route53.HealthCheck("example",
fqdn="example.com",
port=80,
type="HTTP",
resource_path="/",
failure_threshold=5,
request_interval=30,
tags={
"Name": "tf-test-health-check",
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/route53"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := route53.NewHealthCheck(ctx, "example", &route53.HealthCheckArgs{
Fqdn: pulumi.String("example.com"),
Port: pulumi.Int(80),
Type: pulumi.String("HTTP"),
ResourcePath: pulumi.String("/"),
FailureThreshold: pulumi.Int(5),
RequestInterval: pulumi.Int(30),
Tags: pulumi.StringMap{
"Name": pulumi.String("tf-test-health-check"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Route53.HealthCheck("example", new()
{
Fqdn = "example.com",
Port = 80,
Type = "HTTP",
ResourcePath = "/",
FailureThreshold = 5,
RequestInterval = 30,
Tags =
{
{ "Name", "tf-test-health-check" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.route53.HealthCheck;
import com.pulumi.aws.route53.HealthCheckArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new HealthCheck("example", HealthCheckArgs.builder()
.fqdn("example.com")
.port(80)
.type("HTTP")
.resourcePath("/")
.failureThreshold(5)
.requestInterval(30)
.tags(Map.of("Name", "tf-test-health-check"))
.build());
}
}
resources:
example:
type: aws:route53:HealthCheck
properties:
fqdn: example.com
port: 80
type: HTTP
resourcePath: /
failureThreshold: '5'
requestInterval: '30'
tags:
Name: tf-test-health-check
Route 53 probes the endpoint every requestInterval seconds (30 seconds here). After failureThreshold consecutive failures (5 here), the check transitions to unhealthy. The type property determines the protocol; resourcePath specifies the URL path to request.
Verify response body content with string matching
Beyond status codes, string matching verifies that endpoints return expected content by checking the first 5120 bytes of the response.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.route53.HealthCheck("example", {
failureThreshold: 5,
fqdn: "example.com",
port: 443,
requestInterval: 30,
resourcePath: "/",
searchString: "example",
type: "HTTPS_STR_MATCH",
});
import pulumi
import pulumi_aws as aws
example = aws.route53.HealthCheck("example",
failure_threshold=5,
fqdn="example.com",
port=443,
request_interval=30,
resource_path="/",
search_string="example",
type="HTTPS_STR_MATCH")
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/route53"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := route53.NewHealthCheck(ctx, "example", &route53.HealthCheckArgs{
FailureThreshold: pulumi.Int(5),
Fqdn: pulumi.String("example.com"),
Port: pulumi.Int(443),
RequestInterval: pulumi.Int(30),
ResourcePath: pulumi.String("/"),
SearchString: pulumi.String("example"),
Type: pulumi.String("HTTPS_STR_MATCH"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Route53.HealthCheck("example", new()
{
FailureThreshold = 5,
Fqdn = "example.com",
Port = 443,
RequestInterval = 30,
ResourcePath = "/",
SearchString = "example",
Type = "HTTPS_STR_MATCH",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.route53.HealthCheck;
import com.pulumi.aws.route53.HealthCheckArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new HealthCheck("example", HealthCheckArgs.builder()
.failureThreshold(5)
.fqdn("example.com")
.port(443)
.requestInterval(30)
.resourcePath("/")
.searchString("example")
.type("HTTPS_STR_MATCH")
.build());
}
}
resources:
example:
type: aws:route53:HealthCheck
properties:
failureThreshold: '5'
fqdn: example.com
port: 443
requestInterval: '30'
resourcePath: /
searchString: example
type: HTTPS_STR_MATCH
The HTTPS_STR_MATCH type combines HTTPS connectivity with content validation. The searchString property defines the text to find in the response body. If the string isn’t found, the check fails even with a 200 status code.
Combine multiple health checks with calculated status
Complex deployments monitor multiple endpoints or regions. Calculated health checks aggregate child checks and report healthy when a threshold of children pass.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const parent = new aws.route53.HealthCheck("parent", {
type: "CALCULATED",
childHealthThreshold: 1,
childHealthchecks: [child.id],
tags: {
Name: "tf-test-calculated-health-check",
},
});
import pulumi
import pulumi_aws as aws
parent = aws.route53.HealthCheck("parent",
type="CALCULATED",
child_health_threshold=1,
child_healthchecks=[child["id"]],
tags={
"Name": "tf-test-calculated-health-check",
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/route53"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := route53.NewHealthCheck(ctx, "parent", &route53.HealthCheckArgs{
Type: pulumi.String("CALCULATED"),
ChildHealthThreshold: pulumi.Int(1),
ChildHealthchecks: pulumi.StringArray{
child.Id,
},
Tags: pulumi.StringMap{
"Name": pulumi.String("tf-test-calculated-health-check"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var parent = new Aws.Route53.HealthCheck("parent", new()
{
Type = "CALCULATED",
ChildHealthThreshold = 1,
ChildHealthchecks = new[]
{
child.Id,
},
Tags =
{
{ "Name", "tf-test-calculated-health-check" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.route53.HealthCheck;
import com.pulumi.aws.route53.HealthCheckArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var parent = new HealthCheck("parent", HealthCheckArgs.builder()
.type("CALCULATED")
.childHealthThreshold(1)
.childHealthchecks(child.id())
.tags(Map.of("Name", "tf-test-calculated-health-check"))
.build());
}
}
resources:
parent:
type: aws:route53:HealthCheck
properties:
type: CALCULATED
childHealthThreshold: 1
childHealthchecks:
- ${child.id}
tags:
Name: tf-test-calculated-health-check
The CALCULATED type doesn’t probe endpoints directly. Instead, it evaluates childHealthchecks and reports healthy when at least childHealthThreshold children are healthy. This lets you require “2 of 3 regions healthy” or similar logic.
Monitor CloudWatch alarms as health check input
Some health signals come from CloudWatch metrics rather than direct endpoint probes, letting Route 53 respond to metric thresholds like CPU or error rates.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const foobar = new aws.cloudwatch.MetricAlarm("foobar", {
name: "test-foobar5",
comparisonOperator: "GreaterThanOrEqualToThreshold",
evaluationPeriods: 2,
metricName: "CPUUtilization",
namespace: "AWS/EC2",
period: 120,
statistic: "Average",
threshold: 80,
alarmDescription: "This metric monitors ec2 cpu utilization",
});
const foo = new aws.route53.HealthCheck("foo", {
type: "CLOUDWATCH_METRIC",
cloudwatchAlarmName: foobar.name,
cloudwatchAlarmRegion: "us-west-2",
insufficientDataHealthStatus: "Healthy",
});
import pulumi
import pulumi_aws as aws
foobar = aws.cloudwatch.MetricAlarm("foobar",
name="test-foobar5",
comparison_operator="GreaterThanOrEqualToThreshold",
evaluation_periods=2,
metric_name="CPUUtilization",
namespace="AWS/EC2",
period=120,
statistic="Average",
threshold=80,
alarm_description="This metric monitors ec2 cpu utilization")
foo = aws.route53.HealthCheck("foo",
type="CLOUDWATCH_METRIC",
cloudwatch_alarm_name=foobar.name,
cloudwatch_alarm_region="us-west-2",
insufficient_data_health_status="Healthy")
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/cloudwatch"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/route53"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
foobar, err := cloudwatch.NewMetricAlarm(ctx, "foobar", &cloudwatch.MetricAlarmArgs{
Name: pulumi.String("test-foobar5"),
ComparisonOperator: pulumi.String("GreaterThanOrEqualToThreshold"),
EvaluationPeriods: pulumi.Int(2),
MetricName: pulumi.String("CPUUtilization"),
Namespace: pulumi.String("AWS/EC2"),
Period: pulumi.Int(120),
Statistic: pulumi.String("Average"),
Threshold: pulumi.Float64(80),
AlarmDescription: pulumi.String("This metric monitors ec2 cpu utilization"),
})
if err != nil {
return err
}
_, err = route53.NewHealthCheck(ctx, "foo", &route53.HealthCheckArgs{
Type: pulumi.String("CLOUDWATCH_METRIC"),
CloudwatchAlarmName: foobar.Name,
CloudwatchAlarmRegion: pulumi.String("us-west-2"),
InsufficientDataHealthStatus: pulumi.String("Healthy"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var foobar = new Aws.CloudWatch.MetricAlarm("foobar", new()
{
Name = "test-foobar5",
ComparisonOperator = "GreaterThanOrEqualToThreshold",
EvaluationPeriods = 2,
MetricName = "CPUUtilization",
Namespace = "AWS/EC2",
Period = 120,
Statistic = "Average",
Threshold = 80,
AlarmDescription = "This metric monitors ec2 cpu utilization",
});
var foo = new Aws.Route53.HealthCheck("foo", new()
{
Type = "CLOUDWATCH_METRIC",
CloudwatchAlarmName = foobar.Name,
CloudwatchAlarmRegion = "us-west-2",
InsufficientDataHealthStatus = "Healthy",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cloudwatch.MetricAlarm;
import com.pulumi.aws.cloudwatch.MetricAlarmArgs;
import com.pulumi.aws.route53.HealthCheck;
import com.pulumi.aws.route53.HealthCheckArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var foobar = new MetricAlarm("foobar", MetricAlarmArgs.builder()
.name("test-foobar5")
.comparisonOperator("GreaterThanOrEqualToThreshold")
.evaluationPeriods(2)
.metricName("CPUUtilization")
.namespace("AWS/EC2")
.period(120)
.statistic("Average")
.threshold(80.0)
.alarmDescription("This metric monitors ec2 cpu utilization")
.build());
var foo = new HealthCheck("foo", HealthCheckArgs.builder()
.type("CLOUDWATCH_METRIC")
.cloudwatchAlarmName(foobar.name())
.cloudwatchAlarmRegion("us-west-2")
.insufficientDataHealthStatus("Healthy")
.build());
}
}
resources:
foobar:
type: aws:cloudwatch:MetricAlarm
properties:
name: test-foobar5
comparisonOperator: GreaterThanOrEqualToThreshold
evaluationPeriods: '2'
metricName: CPUUtilization
namespace: AWS/EC2
period: '120'
statistic: Average
threshold: '80'
alarmDescription: This metric monitors ec2 cpu utilization
foo:
type: aws:route53:HealthCheck
properties:
type: CLOUDWATCH_METRIC
cloudwatchAlarmName: ${foobar.name}
cloudwatchAlarmRegion: us-west-2
insufficientDataHealthStatus: Healthy
The CLOUDWATCH_METRIC type monitors an existing alarm by name and region. The insufficientDataHealthStatus property controls behavior when CloudWatch lacks data: Healthy, Unhealthy, or LastKnownStatus.
Synchronize health checks when alarms change
When CloudWatch alarms are updated, health checks don’t automatically detect the change. The triggers property forces updates when referenced alarm properties change.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.cloudwatch.MetricAlarm("example", {
name: "example",
comparisonOperator: "GreaterThanOrEqualToThreshold",
evaluationPeriods: 2,
metricName: "CPUUtilization",
namespace: "AWS/EC2",
period: 120,
statistic: "Average",
threshold: 80,
alarmDescription: "This metric monitors ec2 cpu utilization",
});
const exampleHealthCheck = new aws.route53.HealthCheck("example", {
type: "CLOUDWATCH_METRIC",
cloudwatchAlarmName: example.name,
cloudwatchAlarmRegion: "us-west-2",
insufficientDataHealthStatus: "Healthy",
triggers: {
threshold: example.threshold,
},
});
import pulumi
import pulumi_aws as aws
example = aws.cloudwatch.MetricAlarm("example",
name="example",
comparison_operator="GreaterThanOrEqualToThreshold",
evaluation_periods=2,
metric_name="CPUUtilization",
namespace="AWS/EC2",
period=120,
statistic="Average",
threshold=80,
alarm_description="This metric monitors ec2 cpu utilization")
example_health_check = aws.route53.HealthCheck("example",
type="CLOUDWATCH_METRIC",
cloudwatch_alarm_name=example.name,
cloudwatch_alarm_region="us-west-2",
insufficient_data_health_status="Healthy",
triggers={
"threshold": example.threshold,
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/cloudwatch"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/route53"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := cloudwatch.NewMetricAlarm(ctx, "example", &cloudwatch.MetricAlarmArgs{
Name: pulumi.String("example"),
ComparisonOperator: pulumi.String("GreaterThanOrEqualToThreshold"),
EvaluationPeriods: pulumi.Int(2),
MetricName: pulumi.String("CPUUtilization"),
Namespace: pulumi.String("AWS/EC2"),
Period: pulumi.Int(120),
Statistic: pulumi.String("Average"),
Threshold: pulumi.Float64(80),
AlarmDescription: pulumi.String("This metric monitors ec2 cpu utilization"),
})
if err != nil {
return err
}
_, err = route53.NewHealthCheck(ctx, "example", &route53.HealthCheckArgs{
Type: pulumi.String("CLOUDWATCH_METRIC"),
CloudwatchAlarmName: example.Name,
CloudwatchAlarmRegion: pulumi.String("us-west-2"),
InsufficientDataHealthStatus: pulumi.String("Healthy"),
Triggers: pulumi.StringMap{
"threshold": example.Threshold,
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.CloudWatch.MetricAlarm("example", new()
{
Name = "example",
ComparisonOperator = "GreaterThanOrEqualToThreshold",
EvaluationPeriods = 2,
MetricName = "CPUUtilization",
Namespace = "AWS/EC2",
Period = 120,
Statistic = "Average",
Threshold = 80,
AlarmDescription = "This metric monitors ec2 cpu utilization",
});
var exampleHealthCheck = new Aws.Route53.HealthCheck("example", new()
{
Type = "CLOUDWATCH_METRIC",
CloudwatchAlarmName = example.Name,
CloudwatchAlarmRegion = "us-west-2",
InsufficientDataHealthStatus = "Healthy",
Triggers =
{
{ "threshold", example.Threshold },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cloudwatch.MetricAlarm;
import com.pulumi.aws.cloudwatch.MetricAlarmArgs;
import com.pulumi.aws.route53.HealthCheck;
import com.pulumi.aws.route53.HealthCheckArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new MetricAlarm("example", MetricAlarmArgs.builder()
.name("example")
.comparisonOperator("GreaterThanOrEqualToThreshold")
.evaluationPeriods(2)
.metricName("CPUUtilization")
.namespace("AWS/EC2")
.period(120)
.statistic("Average")
.threshold(80.0)
.alarmDescription("This metric monitors ec2 cpu utilization")
.build());
var exampleHealthCheck = new HealthCheck("exampleHealthCheck", HealthCheckArgs.builder()
.type("CLOUDWATCH_METRIC")
.cloudwatchAlarmName(example.name())
.cloudwatchAlarmRegion("us-west-2")
.insufficientDataHealthStatus("Healthy")
.triggers(Map.of("threshold", example.threshold()))
.build());
}
}
resources:
example:
type: aws:cloudwatch:MetricAlarm
properties:
name: example
comparisonOperator: GreaterThanOrEqualToThreshold
evaluationPeriods: '2'
metricName: CPUUtilization
namespace: AWS/EC2
period: '120'
statistic: Average
threshold: '80'
alarmDescription: This metric monitors ec2 cpu utilization
exampleHealthCheck:
type: aws:route53:HealthCheck
name: example
properties:
type: CLOUDWATCH_METRIC
cloudwatchAlarmName: ${example.name}
cloudwatchAlarmRegion: us-west-2
insufficientDataHealthStatus: Healthy
triggers:
threshold: ${example.threshold}
The triggers map tracks alarm properties. When the threshold changes, Pulumi updates the health check in place. This keeps health checks synchronized with alarm configuration without manual intervention.
Beyond these examples
These snippets focus on specific health check features: endpoint connectivity and content validation, calculated health checks and CloudWatch alarm integration, and synchronization with upstream alarm changes. They’re intentionally minimal rather than full DNS failover configurations.
The examples may reference pre-existing infrastructure such as HTTP/HTTPS endpoints to monitor, CloudWatch alarms for alarm-based checks, and child health checks for calculated checks. They focus on configuring the health check rather than provisioning the monitored resources.
To keep things focused, common health check patterns are omitted, including:
- SNI configuration for HTTPS (enableSni)
- IP address targeting instead of FQDN (ipAddress)
- Latency measurement (measureLatency)
- Health check inversion for negative logic (invertHealthcheck)
- Disabling checks without deletion (disabled)
- Recovery Controller routing controls (routingControlArn)
These omissions are intentional: the goal is to illustrate how each health check feature is wired, not provide drop-in monitoring modules. See the Route 53 HealthCheck resource reference for all available configuration options.
Let's configure AWS Route53 Health Checks
Get started with Pulumi Cloud, then follow our quick setup guide to deploy this infrastructure.
Try Pulumi Cloud for FREEFrequently Asked Questions
Health Check Types & Setup
What types of health checks can I create?
Route 53 supports eight health check types:
HTTP, HTTPS, HTTP_STR_MATCH, HTTPS_STR_MATCH, TCP, CALCULATED (aggregate), CLOUDWATCH_METRIC, and RECOVERY_CONTROL.How do I check for specific content in HTTP responses?
Use type
HTTP_STR_MATCH or HTTPS_STR_MATCH with the searchString property, which searches the first 5120 bytes of the response body.How do I monitor multiple health checks together?
Use type
CALCULATED with childHealthchecks (list of health check IDs) and childHealthThreshold (minimum number that must be healthy, 0-256).CloudWatch Integration
How do I sync my health check when a CloudWatch alarm changes?
Use the
triggers property with alarm attributes (like threshold) to trigger in-place updates when the alarm is modified.What does insufficientDataHealthStatus control?
It sets the health check status when CloudWatch has insufficient data about the alarm state. Valid values are
Healthy, Unhealthy, and LastKnownStatus.Disabling & Traffic Control
What's the difference between disabled and invertHealthcheck?
Setting
disabled to true stops health checks but Route 53 considers the check always healthy and continues routing traffic. To actually stop routing traffic, use invertHealthcheck instead.Immutable Properties & Limitations
What properties can't I change after creating a health check?
The following properties are immutable and require replacement:
type, measureLatency, requestInterval, referenceName, and routingControlArn.Why can't I remove the regions property from my configuration?
Once the
regions argument is set, removing it from your configuration has no effect on the actual health check. Plan carefully before setting this property.Advanced Configuration
How does enableSni work with different health check types?
For
HTTPS type, enableSni defaults to true (sends FQDN to endpoint). For all other types, it defaults to false.What happens when I set both fqdn and ipAddress?
Route 53 uses
ipAddress for the health check but passes fqdn in the Host header.How many consecutive failures trigger an unhealthy status?
The
failureThreshold property controls how many consecutive health checks an endpoint must pass or fail before Route 53 changes its status.Using a different cloud?
Explore networking guides for other cloud providers: