AWS ELB Application Load Balancer

AWS ELB Application Load Balancer

Elastic Load Balancing automatically distributes your incoming traffic across multiple targets, such as EC2 instances, containers, and IP addresses, in one or more Availability Zones.

Available solutions




This template is for Zabbix version: 7.0
Also available for: 6.4 6.0

Source: https://git.zabbix.com/projects/ZBX/repos/zabbix/browse/templates/cloud/AWS/aws_elb_http?at=release/7.0

AWS ELB Application Load Balancer by HTTP

Overview

Please scroll down for AWS ELB Network Load Balancer by HTTP.

The template is designed to monitor AWS ELB Application Load Balancer by HTTP via Zabbix, and it works without any external scripts. Most of the metrics are collected in one go, thanks to Zabbix bulk data collection.

This template uses the GetMetricData CloudWatch API calls to list and retrieve metrics. For more information, please refer to the CloudWatch pricing page.

Additional information about metrics and API methods used in the template:

Requirements

Zabbix version: 7.0 and higher.

Tested versions

This template has been tested on:

  • AWS ELB Application Load Balancer with Target Groups by HTTP

Configuration

Zabbix should be configured according to the instructions in the Templates out of the box section.

Setup

The template gets AWS ELB Application Load Balancer metrics and uses the script item to make HTTP requests to the CloudWatch API.

Before using the template, you need to create an IAM policy with the necessary permissions for the Zabbix role in your AWS account. For more information, visit the ELB policies page on the AWS website.

Add the following required permissions to your Zabbix IAM policy in order to collect AWS ELB Application Load Balancer metrics.

{
    "Version":"2012-10-17",
    "Statement":[
        {
          "Action":[
              "cloudwatch:DescribeAlarms",
              "cloudwatch:GetMetricData",
              "elasticloadbalancing:DescribeTargetGroups"
          ],
          "Effect":"Allow",
          "Resource":"*"
        }
    ]
  }

If you are using role-based authorization, set the appropriate permissions:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "iam:PassRole",
            "Resource": "arn:aws:iam::<<--account-id-->>:role/<<--role_name-->>"
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": [
                "cloudwatch:DescribeAlarms",
                "cloudwatch:GetMetricData",
                "elasticloadbalancing:DescribeTargetGroups",
                "ec2:AssociateIamInstanceProfile",
                "ec2:ReplaceIamInstanceProfileAssociation"
            ],
            "Resource": "*"
        }
    ]
}

Set the macros {$AWS.AUTH_TYPE}, {$AWS.REGION}, and {$AWS.ELB.ARN}. If you are using access key-based authorization, set the macros {$AWS.ACCESS.KEY.ID} and {$AWS.SECRET.ACCESS.KEY}.

For more information about managing access keys, see official AWS documentation.

See the section below for a list of macros used for LLD filters.

Macros used

Name Description Default
{$AWS.DATA.TIMEOUT}

API response timeout.

 60s
{$AWS.PROXY}

Sets the HTTP proxy value. If this macro is empty, no proxy is used.
{$AWS.ACCESS.KEY.ID}

Access key ID.
{$AWS.SECRET.ACCESS.KEY}

Secret access key.
{$AWS.REGION}

AWS Application Load Balancer region code.

 us-west-1
{$AWS.AUTH_TYPE}

Authorization method. Possible values: role_base, access_key.

 access_key
{$AWS.ELB.ARN}

Amazon Resource Names (ARN) of the load balancer.
{$AWS.HTTP.4XX.FAIL.MAX.WARN}

Maximum number of HTTP request failures for a trigger expression.

 5
{$AWS.HTTP.5XX.FAIL.MAX.WARN}

Maximum number of HTTP request failures for a trigger expression.

 5
{$AWS.ELB.LLD.FILTER.TARGET.GROUP.MATCHES}

Filter of discoverable target groups by name.

 .*
{$AWS.ELB.LLD.FILTER.TARGET.GROUP.NOT_MATCHES}

Filter to exclude discovered target groups by name.

 CHANGE_IF_NEEDED
{$AWS.ELB.LLD.FILTER.ALARM_SERVICE_NAMESPACE.MATCHES}

Filter of discoverable alarms by namespace.

 .*
{$AWS.ELB.LLD.FILTER.ALARM_SERVICE_NAMESPACE.NOT_MATCHES}

Filter to exclude discovered alarms by namespace.

 CHANGE_IF_NEEDED
{$AWS.ELB.LLD.FILTER.ALARM_NAME.MATCHES}

Filter of discoverable alarms by name.

 .*
{$AWS.ELB.LLD.FILTER.ALARM_NAME.NOT_MATCHES}

Filter to exclude discovered alarms by name.

 CHANGE_IF_NEEDED

Items

Name Description Type Key and additional info
Get metrics data

Get ELB Application Load Balancer metrics.

Full metrics list related to Application Load Balancer: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-cloudwatch-metrics.html

 Script aws.elb.alb.get_metrics

Preprocessing

  • Check for not supported value: any error

    ⛔️Custom on fail: Discard value
Get target groups

Get ELB target group.

DescribeTargetGroups API method: https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/API_DescribeTargetGroups.html

 Script aws.elb.alb.get_target_groups

Preprocessing

  • Check for not supported value: any error

    ⛔️Custom on fail: Discard value
Get ELB ALB alarms data

DescribeAlarms API method: https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_DescribeAlarms.html

 Script aws.elb.alb.get_alarms

Preprocessing

  • Check for not supported value: any error

    ⛔️Custom on fail: Discard value
Get metrics check

Check that the Application Load Balancer metrics data has been received correctly.

 Dependent item aws.elb.alb.metrics.check

Preprocessing

  • JSON Path: $.error

    ⛔️Custom on fail: Set value to

  • Discard unchanged with heartbeat: 3h
Get alarms check

Check that the alarm data has been received correctly.

 Dependent item aws.elb.alb.alarms.check

Preprocessing

  • JSON Path: $.error

    ⛔️Custom on fail: Set value to

  • Discard unchanged with heartbeat: 3h
Active Connection Count

The total number of active concurrent TCP connections from clients to the load balancer and from the load balancer to targets.

 Dependent item aws.elb.alb.active_connection_count

Preprocessing

  • JSON Path: The text is too long. Please see the template.

    ⛔️Custom on fail: Discard value
New Connection Count

The total number of new TCP connections established from clients to the load balancer and from the load balancer to targets.

 Dependent item aws.elb.alb.new_connection_count

Preprocessing

  • JSON Path: The text is too long. Please see the template.

    ⛔️Custom on fail: Discard value
Rejected Connection Count

The number of connections that were rejected because the load balancer had reached its maximum number of connections.

 Dependent item aws.elb.alb.rejected_connection_count

Preprocessing

  • JSON Path: The text is too long. Please see the template.

    ⛔️Custom on fail: Discard value
Requests Count

The number of requests processed over IPv4 and IPv6.

This metric is only incremented for requests where the load balancer node was able to choose a target.

Requests that are rejected before a target is chosen are not reflected in this metric.

 Dependent item aws.elb.alb.requests_count

Preprocessing

  • JSON Path: $.[?(@.Label == "RequestCount")].Values.first().first()

    ⛔️Custom on fail: Discard value
Target Response Time

The time elapsed, in seconds, after the request leaves the load balancer until a response from the target is received.

This is equivalent to the target_processing_time field in the access logs.

 Dependent item aws.elb.alb.target_response_time

Preprocessing

  • JSON Path: The text is too long. Please see the template.

    ⛔️Custom on fail: Discard value
HTTP Fixed Response Count

The number of fixed-response actions that were successful.

 Dependent item aws.elb.alb.http_fixed_response_count

Preprocessing

  • JSON Path: The text is too long. Please see the template.

    ⛔️Custom on fail: Discard value
Rule Evaluations

The number of rules processed by the load balancer given a request rate averaged over an hour.

 Dependent item aws.elb.alb.rule_evaluations

Preprocessing

  • JSON Path: $.[?(@.Label == "RuleEvaluations")].Values.first().first()

    ⛔️Custom on fail: Discard value
Client TLS Negotiation Error Count

The number of TLS connections initiated by the client that did not establish a session with the load balancer due to a TLS error.

Possible causes include a mismatch of ciphers or protocols or the client failing to verify the server certificate and closing the connection.

 Dependent item aws.elb.alb.client_tls_negotiation_error_count

Preprocessing

  • JSON Path: The text is too long. Please see the template.

    ⛔️Custom on fail: Discard value
Target TLS Negotiation Error Count

The number of TLS connections initiated by the load balancer that did not establish a session with the target.

Possible causes include a mismatch of ciphers or protocols. This metric does not apply if the target is a Lambda function.

 Dependent item aws.elb.alb.target_tls_negotiation_error_count

Preprocessing

  • JSON Path: The text is too long. Please see the template.

    ⛔️Custom on fail: Discard value
Target Connection Error Count

The number of connections that were not successfully established between the load balancer and target.

This metric does not apply if the target is a Lambda function.

 Dependent item aws.elb.alb.target_connection_error_count

Preprocessing

  • JSON Path: The text is too long. Please see the template.

    ⛔️Custom on fail: Discard value
Consumed LCUs

The number of load balancer capacity units (LCU) used by your load balancer.

You pay for the number of LCUs that you use per hour.

More information on Elastic Load Balancing pricing here: https://aws.amazon.com/elasticloadbalancing/pricing/

 Dependent item aws.elb.alb.capacity_units

Preprocessing

  • JSON Path: $.[?(@.Label == "ConsumedLCUs")].Values.first().first()

    ⛔️Custom on fail: Discard value
Processed Bytes

The total number of bytes processed by the load balancer over IPv4 and IPv6 (HTTP header and HTTP payload).

This count includes traffic to and from clients and Lambda functions, and traffic from an Identity Provider (IdP) if user authentication is enabled.

 Dependent item aws.elb.alb.processed_bytes

Preprocessing

  • JSON Path: $.[?(@.Label == "ProcessedBytes")].Values.first().first()

    ⛔️Custom on fail: Discard value
Desync Mitigation Mode Non Compliant Request Count

The number of requests that fail to comply with HTTP protocols.

 Dependent item aws.elb.alb.non_compliant_request_count

Preprocessing

  • JSON Path: The text is too long. Please see the template.

    ⛔️Custom on fail: Discard value
HTTP Redirect Count

The number of redirect actions that were successful.

 Dependent item aws.elb.alb.http_redirect_count

Preprocessing

  • JSON Path: The text is too long. Please see the template.

    ⛔️Custom on fail: Discard value
HTTP Redirect Url Limit Exceeded Count

The number of redirect actions that could not be completed because the URL in the response location header is larger than 8K bytes.

 Dependent item aws.elb.alb.http_redirect_url_limit_exceeded_count

Preprocessing

  • JSON Path: The text is too long. Please see the template.

    ⛔️Custom on fail: Discard value
ELB HTTP 3XX Count

The number of HTTP 3XX redirection codes that originate from the load balancer.

This count does not include response codes generated by targets.

 Dependent item aws.elb.alb.http_3xx_count

Preprocessing

  • JSON Path: The text is too long. Please see the template.

    ⛔️Custom on fail: Discard value
ELB HTTP 4XX Count

The number of HTTP 4XX client error codes that originate from the load balancer.

Client errors are generated when requests are malformed or incomplete. These requests were not received by the target, other than in the case where the load balancer returns an HTTP 460 error code.

This count does not include any response codes generated by the targets.

 Dependent item aws.elb.alb.http_4xx_count

Preprocessing

  • JSON Path: The text is too long. Please see the template.

    ⛔️Custom on fail: Discard value
ELB HTTP 5XX Count

The number of HTTP 5XX server error codes that originate from the load balancer.

This count does not include any response codes generated by the targets.

 Dependent item aws.elb.alb.http_5xx_count

Preprocessing

  • JSON Path: The text is too long. Please see the template.

    ⛔️Custom on fail: Discard value
ELB HTTP 500 Count

The number of HTTP 500 error codes that originate from the load balancer.

 Dependent item aws.elb.alb.http_500_count

Preprocessing

  • JSON Path: The text is too long. Please see the template.

    ⛔️Custom on fail: Discard value
ELB HTTP 502 Count

The number of HTTP 502 error codes that originate from the load balancer.

 Dependent item aws.elb.alb.http_502_count

Preprocessing

  • JSON Path: The text is too long. Please see the template.

    ⛔️Custom on fail: Discard value
ELB HTTP 503 Count

The number of HTTP 503 error codes that originate from the load balancer.

 Dependent item aws.elb.alb.http_503_count

Preprocessing

  • JSON Path: The text is too long. Please see the template.

    ⛔️Custom on fail: Discard value
ELB HTTP 504 Count

The number of HTTP 504 error codes that originate from the load balancer.

 Dependent item aws.elb.alb.http_504_count

Preprocessing

  • JSON Path: The text is too long. Please see the template.

    ⛔️Custom on fail: Discard value
ELB Auth Error

The number of user authentications that could not be completed because an authenticate action was misconfigured, the load balancer could not establish a connection with the IdP, or the load balancer could not complete the authentication flow due to an internal error.

 Dependent item aws.elb.alb.auth_error

Preprocessing

  • JSON Path: $.[?(@.Label == "ELBAuthError")].Values.first().first()

    ⛔️Custom on fail: Discard value
ELB Auth Failure

The number of user authentications that could not be completed because the IdP denied access to the user or an authorization code was used more than once.

 Dependent item aws.elb.alb.auth_failure

Preprocessing

  • JSON Path: $.[?(@.Label == "ELBAuthFailure")].Values.first().first()

    ⛔️Custom on fail: Discard value
ELB Auth User Claims Size Exceeded

The number of times that a configured IdP returned user claims that exceeded 11K bytes in size.

 Dependent item aws.elb.alb.auth_user_claims_size_exceeded

Preprocessing

  • JSON Path: The text is too long. Please see the template.

    ⛔️Custom on fail: Discard value
ELB Auth Latency

The time elapsed, in milliseconds, to query the IdP for the ID token and user info.

If one or more of these operations fail, this is the time to failure.

 Dependent item aws.elb.alb.auth_latency

Preprocessing

  • JSON Path: $.[?(@.Label == "ELBAuthLatency")].Values.first().first()

    ⛔️Custom on fail: Discard value
ELB Auth Success

The number of authenticate actions that were successful.

This metric is incremented at the end of the authentication workflow, after the load balancer has retrieved the user claims from the IdP.

 Dependent item aws.elb.alb.auth_success

Preprocessing

  • JSON Path: $.[?(@.Label == "ELBAuthSuccess")].Values.first().first()

    ⛔️Custom on fail: Discard value

Triggers

Name Description Expression Severity Dependencies and additional info
Failed to get metrics data

Failed to get CloudWatch metrics for Application Load Balancer.

 length(last(/AWS ELB Application Load Balancer by HTTP/aws.elb.alb.metrics.check))>0 Warning
Failed to get alarms data

Failed to get CloudWatch alarms for Application Load Balancer.

 length(last(/AWS ELB Application Load Balancer by HTTP/aws.elb.alb.alarms.check))>0 Warning
Too many HTTP 4XX error codes

Too many requests failed with HTTP 4XX code.

 min(/AWS ELB Application Load Balancer by HTTP/aws.elb.alb.http_4xx_count,5m)>{$AWS.HTTP.4XX.FAIL.MAX.WARN} Warning
Too many HTTP 5XX error codes

Too many requests failed with HTTP 5XX code.

 min(/AWS ELB Application Load Balancer by HTTP/aws.elb.alb.http_5xx_count,5m)>{$AWS.HTTP.5XX.FAIL.MAX.WARN} Warning

LLD rule Load Balancer alarm discovery

Name Description Type Key and additional info
Load Balancer alarm discovery

Used for the discovery of alarm balancers.

 Dependent item aws.elb.alb.alarms.discovery

Preprocessing

  • JavaScript: The text is too long. Please see the template.

  • Discard unchanged with heartbeat: 3h

Item prototypes for Load Balancer alarm discovery

Name Description Type Key and additional info
[{#ALARM_NAME}]: Get metrics

Get metrics about the alarm state and its reason.

 Dependent item aws.elb.alb.alarm.get_metrics["{#ALARM_NAME}"]

Preprocessing

  • JSON Path: $.[?(@.AlarmName == "{#ALARM_NAME}")].first()

    ⛔️Custom on fail: Discard value
[{#ALARM_NAME}]: State reason

An explanation for the alarm state reason in text format.

Alarm description:

{#ALARM_DESCRIPTION}

 Dependent item aws.elb.alb.alarm.state_reason["{#ALARM_NAME}"]

Preprocessing

  • JSON Path: $.StateReason

    ⛔️Custom on fail: Discard value

  • Discard unchanged with heartbeat: 3h
[{#ALARM_NAME}]: State

The value of the alarm state. Possible values:

0 - OK;

1 - INSUFFICIENT_DATA;

2 - ALARM.

Alarm description:

{#ALARM_DESCRIPTION}

 Dependent item aws.elb.alb.alarm.state["{#ALARM_NAME}"]

Preprocessing

  • JSON Path: $.StateValue

    ⛔️Custom on fail: Set value to: 3

  • JavaScript: The text is too long. Please see the template.

Trigger prototypes for Load Balancer alarm discovery

Name Description Expression Severity Dependencies and additional info
[{#ALARM_NAME}] has 'Alarm' state

The alarm {#ALARM_NAME} is in the ALARM state.
Reason: {ITEM.LASTVALUE2}

 last(/AWS ELB Application Load Balancer by HTTP/aws.elb.alb.alarm.state["{#ALARM_NAME}"])=2 and length(last(/AWS ELB Application Load Balancer by HTTP/aws.elb.alb.alarm.state_reason["{#ALARM_NAME}"]))>0 Average
[{#ALARM_NAME}] has 'Insufficient data' state

Either the alarm has just started, the metric is not available, or not enough data is available for the metric to determine the alarm state.

 last(/AWS ELB Application Load Balancer by HTTP/aws.elb.alb.alarm.state["{#ALARM_NAME}"])=1 Info

LLD rule Target groups discovery

Name Description Type Key and additional info
Target groups discovery

Used for the discovery of {$AWS.ELB.TARGET.GROUP.NAME} target groups.

 Dependent item aws.elb.alb.target_groups.discovery

Preprocessing

  • Discard unchanged with heartbeat: 3h

Item prototypes for Target groups discovery

Name Description Type Key and additional info
[{#AWS.ELB.TARGET.GROUP.NAME}]: Get metrics

Get the metrics of the ELB target group {#AWS.ELB.TARGET.GROUP.NAME}.

Full list of metrics related to AWS ELB here: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-cloudwatch-metrics.html#user-authentication-metric-table

 Script aws.elb.alb.target_groups.get_metrics["{#AWS.ELB.TARGET.GROUP.NAME}"]

Preprocessing

  • Check for not supported value: any error

    ⛔️Custom on fail: Discard value
[{#AWS.ELB.TARGET.GROUP.NAME}]: HTTP Code Target 2XX Count

The number of HTTP response 2XX codes generated by the targets.

This does not include any response codes generated by the load balancer.

 Dependent item aws.elb.alb.target_groups.http_2xx_count["{#AWS.ELB.TARGET.GROUP.NAME}"]

Preprocessing

  • JSON Path: The text is too long. Please see the template.

    ⛔️Custom on fail: Discard value
[{#AWS.ELB.TARGET.GROUP.NAME}]: HTTP Code Target 3XX Count

The number of HTTP response 3XX codes generated by the targets.

This does not include any response codes generated by the load balancer.

 Dependent item aws.elb.alb.target_groups.http_3xx_count["{#AWS.ELB.TARGET.GROUP.NAME}"]

Preprocessing

  • JSON Path: The text is too long. Please see the template.

    ⛔️Custom on fail: Discard value
[{#AWS.ELB.TARGET.GROUP.NAME}]: HTTP Code Target 4XX Count

The number of HTTP response 4XX codes generated by the targets.

This does not include any response codes generated by the load balancer.

 Dependent item aws.elb.alb.target_groups.http_4xx_count["{#AWS.ELB.TARGET.GROUP.NAME}"]

Preprocessing

  • JSON Path: The text is too long. Please see the template.

    ⛔️Custom on fail: Discard value
[{#AWS.ELB.TARGET.GROUP.NAME}]: HTTP Code Target 5XX Count

The number of HTTP response 5XX codes generated by the targets.

This does not include any response codes generated by the load balancer.

 Dependent item aws.elb.alb.target_groups.http_5xx_count["{#AWS.ELB.TARGET.GROUP.NAME}"]

Preprocessing

  • JSON Path: The text is too long. Please see the template.

    ⛔️Custom on fail: Discard value
[{#AWS.ELB.TARGET.GROUP.NAME}]: Healthy Host Count

The number of targets that are considered healthy.

 Dependent item aws.elb.alb.target_groups.healthy_host_count["{#AWS.ELB.TARGET.GROUP.NAME}"]

Preprocessing

  • JSON Path: $.[?(@.Label == "HealthyHostCount")].Values.first().first()

    ⛔️Custom on fail: Discard value
[{#AWS.ELB.TARGET.GROUP.NAME}]: Unhealthy Host Count

The number of targets that are considered unhealthy.

 Dependent item aws.elb.alb.target_groups.unhealthy_host_count["{#AWS.ELB.TARGET.GROUP.NAME}"]

Preprocessing

  • JSON Path: The text is too long. Please see the template.

    ⛔️Custom on fail: Discard value
[{#AWS.ELB.TARGET.GROUP.NAME}]: Healthy State Routing

The number of zones that meet the routing healthy state requirements.

 Dependent item aws.elb.alb.target_groups.healthy_state_routing["{#AWS.ELB.TARGET.GROUP.NAME}"]

Preprocessing

  • JSON Path: The text is too long. Please see the template.

    ⛔️Custom on fail: Discard value
[{#AWS.ELB.TARGET.GROUP.NAME}]: Unhealthy State Routing

The number of zones that do not meet the routing healthy state requirements, and therefore the load balancer distributes traffic to all targets in the zone, including the unhealthy targets.

 Dependent item aws.elb.alb.target_groups.unhealthy_state_routing["{#AWS.ELB.TARGET.GROUP.NAME}"]

Preprocessing

  • JSON Path: The text is too long. Please see the template.

    ⛔️Custom on fail: Discard value
[{#AWS.ELB.TARGET.GROUP.NAME}]: Request Count Per Target

The average request count per target, in a target group.

You must specify the target group using the TargetGroup dimension.

 Dependent item aws.elb.alb.target_groups.request["{#AWS.ELB.TARGET.GROUP.NAME}"]

Preprocessing

  • JSON Path: The text is too long. Please see the template.

    ⛔️Custom on fail: Discard value
[{#AWS.ELB.TARGET.GROUP.NAME}]: Unhealthy Routing Request Count

The average request count per target, in a target group.

 Dependent item aws.elb.alb.target_groups.unhealthy_routing_request_count["{#AWS.ELB.TARGET.GROUP.NAME}"]

Preprocessing

  • JSON Path: The text is too long. Please see the template.

    ⛔️Custom on fail: Discard value
[{#AWS.ELB.TARGET.GROUP.NAME}]: Mitigated Host Count

The number of targets under mitigation.

 Dependent item aws.elb.alb.target_groups.mitigated_host_count["{#AWS.ELB.TARGET.GROUP.NAME}"]

Preprocessing

  • JSON Path: The text is too long. Please see the template.

    ⛔️Custom on fail: Discard value
[{#AWS.ELB.TARGET.GROUP.NAME}]: Anomalous Host Count

The number of hosts detected with anomalies.

 Dependent item aws.elb.alb.target_groups.anomalous_host_count["{#AWS.ELB.TARGET.GROUP.NAME}"]

Preprocessing

  • JSON Path: The text is too long. Please see the template.

    ⛔️Custom on fail: Discard value
[{#AWS.ELB.TARGET.GROUP.NAME}]: Healthy State DNS

The number of zones that meet the DNS healthy state requirements.

 Dependent item aws.elb.alb.target_groups.healthy_state_dns["{#AWS.ELB.TARGET.GROUP.NAME}"]

Preprocessing

  • JSON Path: $.[?(@.Label == "HealthyStateDNS")].Values.first().first()

    ⛔️Custom on fail: Discard value
[{#AWS.ELB.TARGET.GROUP.NAME}]: Unhealthy State DNS

The number of zones that do not meet the DNS healthy state requirements and therefore were marked unhealthy in DNS.

 Dependent item aws.elb.alb.target_groups.unhealthy_state_dns["{#AWS.ELB.TARGET.GROUP.NAME}"]

Preprocessing

  • JSON Path: $.[?(@.Label == "UnhealthyStateDNS")].Values.first().first()

    ⛔️Custom on fail: Discard value

AWS ELB Network Load Balancer by HTTP

Overview

The template is designed to monitor AWS ELB Network Load Balancer by HTTP via Zabbix, and it works without any external scripts. Most of the metrics are collected in one go, thanks to Zabbix bulk data collection.

This template uses the GetMetricData CloudWatch API calls to list and retrieve metrics. For more information, please refer to the CloudWatch pricing page.

Additional information about metrics and API methods used in the template:

Requirements

Zabbix version: 7.0 and higher.

Tested versions

This template has been tested on:

  • AWS ELB Network Load Balancer with Target Groups by HTTP

Configuration

Zabbix should be configured according to the instructions in the Templates out of the box section.

Setup

The template gets AWS ELB Network Load Balancer metrics and uses the script item to make HTTP requests to the CloudWatch API.

Before using the template, you need to create an IAM policy with the necessary permissions for the Zabbix role in your AWS account. For more information, visit the ELB policies page on the AWS website.

Add the following required permissions to your Zabbix IAM policy in order to collect AWS ELB Network Load Balancer metrics.

{
    "Version":"2012-10-17",
    "Statement":[
        {
          "Action":[
              "cloudwatch:DescribeAlarms",
              "cloudwatch:GetMetricData",
              "elasticloadbalancing:DescribeTargetGroups"
          ],
          "Effect":"Allow",
          "Resource":"*"
        }
    ]
  }

If you are using role-based authorization, set the appropriate permissions:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "iam:PassRole",
            "Resource": "arn:aws:iam::<<--account-id-->>:role/<<--role_name-->>"
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": [
                "cloudwatch:DescribeAlarms",
                "cloudwatch:GetMetricData",
                "elasticloadbalancing:DescribeTargetGroups",
                "ec2:AssociateIamInstanceProfile",
                "ec2:ReplaceIamInstanceProfileAssociation"
            ],
            "Resource": "*"
        }
    ]
}

Set the macros {$AWS.AUTH_TYPE}, {$AWS.REGION}, and {$AWS.ELB.ARN}. If you are using access key-based authorization, set the macros {$AWS.ACCESS.KEY.ID} and {$AWS.SECRET.ACCESS.KEY}.

For more information about managing access keys, see official AWS documentation.

See the section below for a list of macros used for LLD filters.

Macros used

Name Description Default
{$AWS.DATA.TIMEOUT}

API response timeout.

 60s
{$AWS.PROXY}

Sets the HTTP proxy value. If this macro is empty, no proxy is used.
{$AWS.ACCESS.KEY.ID}

Access key ID.
{$AWS.SECRET.ACCESS.KEY}

Secret access key.
{$AWS.REGION}

AWS Network Load Balancer region code.

 us-west-1
{$AWS.AUTH_TYPE}

Authorization method. Possible values: role_base, access_key.

 access_key
{$AWS.ELB.ARN}

Amazon Resource Names (ARN) of the load balancer.
{$AWS.ELB.LLD.FILTER.TARGET.GROUP.MATCHES}

Filter of discoverable target groups by name.

 .*
{$AWS.ELB.LLD.FILTER.TARGET.GROUP.NOT_MATCHES}

Filter to exclude discovered target groups by name.

 CHANGE_IF_NEEDED
{$AWS.ELB.LLD.FILTER.ALARM_SERVICE_NAMESPACE.MATCHES}

Filter of discoverable alarms by namespace.

 .*
{$AWS.ELB.LLD.FILTER.ALARM_SERVICE_NAMESPACE.NOT_MATCHES}

Filter to exclude discovered alarms by namespace.

 CHANGE_IF_NEEDED
{$AWS.ELB.LLD.FILTER.ALARM_NAME.MATCHES}

Filter of discoverable alarms by name.

 .*
{$AWS.ELB.LLD.FILTER.ALARM_NAME.NOT_MATCHES}

Filter to exclude discovered alarms by name.

 CHANGE_IF_NEEDED
{$AWS.ELB.UNHEALTHY.HOST.MAX}

Maximum number of unhealthy hosts for a trigger expression.

 0

Items

Name Description Type Key and additional info
Get metrics data

Get ELB Network Load Balancer metrics.

Full metrics list related to Network Load Balancer: https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-cloudwatch-metrics.html

 Script aws.elb.nlb.get_metrics

Preprocessing

  • Check for not supported value: any error

    ⛔️Custom on fail: Discard value
Get target groups

Get ELB target group.

DescribeTargetGroups API method: https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/API_DescribeTargetGroups.html

 Script aws.elb.nlb.get_target_groups

Preprocessing

  • Check for not supported value: any error

    ⛔️Custom on fail: Discard value
Get ELB NLB alarms data

DescribeAlarms API method: https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_DescribeAlarms.html

 Script aws.elb.nlb.get_alarms

Preprocessing

  • Check for not supported value: any error

    ⛔️Custom on fail: Discard value
Get metrics check

Check that the Network Load Balancer metrics data has been received correctly.

 Dependent item aws.elb.nlb.metrics.check

Preprocessing

  • JSON Path: $.error

    ⛔️Custom on fail: Set value to

  • Discard unchanged with heartbeat: 3h
Get alarms check

Check that the alarm data has been received correctly.

 Dependent item aws.elb.nlb.alarms.check

Preprocessing

  • JSON Path: $.error

    ⛔️Custom on fail: Set value to

  • Discard unchanged with heartbeat: 3h
Active Flow Count

The total number of concurrent flows (or connections) from clients to targets.

This metric includes connections in the SYN_SENT and ESTABLISHED states.

TCP connections are not terminated at the load balancer, so a client opening a TCP connection to a target counts as a single flow.

 Dependent item aws.elb.nlb.active_flow_count

Preprocessing

  • JSON Path: $.[?(@.Label == "ActiveFlowCount")].Values.first().first()

    ⛔️Custom on fail: Discard value
Active Flow Count TCP

The total number of concurrent TCP flows (or connections) from clients to targets.

This metric includes connections in the SYN_SENT and ESTABLISHED states.

TCP connections are not terminated at the load balancer, so a client opening a TCP connection to a target counts as a single flow.

 Dependent item aws.elb.nlb.active_flow_count_tcp

Preprocessing

  • JSON Path: The text is too long. Please see the template.

    ⛔️Custom on fail: Discard value
Active Flow Count TLS

The total number of concurrent TLS flows (or connections) from clients to targets.

This metric includes connections in the SYN_SENT and ESTABLISHED states.

 Dependent item aws.elb.nlb.active_flow_count_tls

Preprocessing

  • JSON Path: The text is too long. Please see the template.

    ⛔️Custom on fail: Discard value
Active Flow Count UDP

The total number of concurrent UDP flows (or connections) from clients to targets.

 Dependent item aws.elb.nlb.active_flow_count_udp

Preprocessing

  • JSON Path: The text is too long. Please see the template.

    ⛔️Custom on fail: Discard value
Client TLS Negotiation Error Count

The total number of TLS handshakes that failed during negotiation between a client and a TLS listener.

 Dependent item aws.elb.nlb.client_tls_negotiation_error_count

Preprocessing

  • JSON Path: The text is too long. Please see the template.

    ⛔️Custom on fail: Discard value
Consumed LCUs

The number of load balancer capacity units (LCU) used by your load balancer.

You pay for the number of LCUs that you use per hour.

More information on Elastic Load Balancing pricing here: https://aws.amazon.com/elasticloadbalancing/pricing/

 Dependent item aws.elb.nlb.capacity_units

Preprocessing

  • JSON Path: $.[?(@.Label == "ConsumedLCUs")].Values.first().first()

    ⛔️Custom on fail: Discard value
Consumed LCUs TCP

The number of load balancer capacity units (LCU) used by your load balancer for TCP.

You pay for the number of LCUs that you use per hour.

More information on Elastic Load Balancing pricing here: https://aws.amazon.com/elasticloadbalancing/pricing/

 Dependent item aws.elb.nlb.capacity_units_tcp

Preprocessing

  • JSON Path: $.[?(@.Label == "ConsumedLCUs_TCP")].Values.first().first()

    ⛔️Custom on fail: Discard value
Consumed LCUs TLS

The number of load balancer capacity units (LCU) used by your load balancer for TLS.

You pay for the number of LCUs that you use per hour.

More information on Elastic Load Balancing pricing here: https://aws.amazon.com/elasticloadbalancing/pricing/

 Dependent item aws.elb.nlb.capacity_units_tls

Preprocessing

  • JSON Path: $.[?(@.Label == "ConsumedLCUs_TLS")].Values.first().first()

    ⛔️Custom on fail: Discard value
Consumed LCUs UDP

The number of load balancer capacity units (LCU) used by your load balancer for UDP.

You pay for the number of LCUs that you use per hour.

More information on Elastic Load Balancing pricing here: https://aws.amazon.com/elasticloadbalancing/pricing/

 Dependent item aws.elb.nlb.capacity_units_udp

Preprocessing

  • JSON Path: $.[?(@.Label == "ConsumedLCUs_UDP")].Values.first().first()

    ⛔️Custom on fail: Discard value
New Flow Count

The total number of new flows (or connections) established from clients to targets in the specified time period.

 Dependent item aws.elb.nlb.new_flow_count

Preprocessing

  • JSON Path: $.[?(@.Label == "NewFlowCount")].Values.first().first()

    ⛔️Custom on fail: Discard value
New Flow Count TCP

The total number of new TCP flows (or connections) established from clients to targets in the specified time period.

 Dependent item aws.elb.nlb.new_flow_count_tcp

Preprocessing

  • JSON Path: $.[?(@.Label == "NewFlowCount_TCP")].Values.first().first()

    ⛔️Custom on fail: Discard value
New Flow Count TLS

The total number of new TLS flows (or connections) established from clients to targets in the specified time period.

 Dependent item aws.elb.nlb.new_flow_count_tls

Preprocessing

  • JSON Path: $.[?(@.Label == "NewFlowCount_TLS")].Values.first().first()

    ⛔️Custom on fail: Discard value
New Flow Count UDP

The total number of new UDP flows (or connections) established from clients to targets in the specified time period.

 Dependent item aws.elb.nlb.new_flow_count_udp

Preprocessing

  • JSON Path: $.[?(@.Label == "NewFlowCount_UDP")].Values.first().first()

    ⛔️Custom on fail: Discard value
Peak Packets per second

Highest average packet rate (packets processed per second), calculated every 10 seconds during the sampling window.

This metric includes health check traffic.

 Dependent item aws.elb.nlb.peak_packets.rate

Preprocessing

  • JSON Path: The text is too long. Please see the template.

    ⛔️Custom on fail: Discard value
Port Allocation Error Count

The total number of ephemeral port allocation errors during a client IP translation operation. A non-zero value indicates dropped client connections.

Note: Network Load Balancers support 55,000 simultaneous connections or about 55,000 connections per minute to each unique target (IP address and port) when performing client address translation.

To fix port allocation errors, add more targets to the target group.

 Dependent item aws.elb.nlb.port_allocation_error_count

Preprocessing

  • JSON Path: The text is too long. Please see the template.

    ⛔️Custom on fail: Discard value
Processed Bytes

The total number of bytes processed by the load balancer, including TCP/IP headers. This count includes traffic to and from targets, minus health check traffic.

 Dependent item aws.elb.nlb.processed_bytes

Preprocessing

  • JSON Path: $.[?(@.Label == "ProcessedBytes")].Values.first().first()

    ⛔️Custom on fail: Discard value
Processed Bytes TCP

The total number of bytes processed by TCP listeners.

 Dependent item aws.elb.nlb.processed_bytes_tcp

Preprocessing

  • JSON Path: The text is too long. Please see the template.

    ⛔️Custom on fail: Discard value
Processed Bytes TLS

The total number of bytes processed by TLS listeners.

 Dependent item aws.elb.nlb.processed_bytes_tls

Preprocessing

  • JSON Path: The text is too long. Please see the template.

    ⛔️Custom on fail: Discard value
Processed Bytes UDP

The total number of bytes processed by UDP listeners.

 Dependent item aws.elb.nlb.processed_bytes_udp

Preprocessing

  • JSON Path: The text is too long. Please see the template.

    ⛔️Custom on fail: Discard value
Processed Packets

The total number of packets processed by the load balancer. This count includes traffic to and from targets, including health check traffic.

 Dependent item aws.elb.nlb.processed_packets

Preprocessing

  • JSON Path: $.[?(@.Label == "ProcessedPackets")].Values.first().first()

    ⛔️Custom on fail: Discard value
Security Group Blocked Flow Count Inbound ICMP

The number of new ICMP messages rejected by the inbound rules of the load balancer security groups.

 Dependent item aws.elb.nlb.sg_blocked_inbound_icmp

Preprocessing

  • JSON Path: The text is too long. Please see the template.

    ⛔️Custom on fail: Discard value
Security Group Blocked Flow Count Inbound TCP

The number of new TCP flows rejected by the inbound rules of the load balancer security groups.

 Dependent item aws.elb.nlb.sg_blocked_inbound_tcp

Preprocessing

  • JSON Path: The text is too long. Please see the template.

    ⛔️Custom on fail: Discard value
Security Group Blocked Flow Count Inbound UDP

The number of new UDP flows rejected by the inbound rules of the load balancer security groups.

 Dependent item aws.elb.nlb.sg_blocked_inbound_udp

Preprocessing

  • JSON Path: The text is too long. Please see the template.

    ⛔️Custom on fail: Discard value
Security Group Blocked Flow Count Outbound ICMP

The number of new ICMP messages rejected by the outbound rules of the load balancer security groups.

 Dependent item aws.elb.nlb.sg_blocked_outbound_icmp

Preprocessing

  • JSON Path: The text is too long. Please see the template.

    ⛔️Custom on fail: Discard value
Security Group Blocked Flow Count Outbound TCP

The number of new TCP flows rejected by the outbound rules of the load balancer security groups.

 Dependent item aws.elb.nlb.sg_blocked_outbound_tcp

Preprocessing

  • JSON Path: The text is too long. Please see the template.

    ⛔️Custom on fail: Discard value
Security Group Blocked Flow Count Outbound UDP

The number of new UDP flows rejected by the outbound rules of the load balancer security groups.

 Dependent item aws.elb.nlb.sg_blocked_outbound_udp

Preprocessing

  • JSON Path: The text is too long. Please see the template.

    ⛔️Custom on fail: Discard value
Target TLS Negotiation Error Count

The total number of TLS handshakes that failed during negotiation between a TLS listener and a target.

 Dependent item aws.elb.nlb.target_tls_negotiation_error_count

Preprocessing

  • JSON Path: The text is too long. Please see the template.

    ⛔️Custom on fail: Discard value
TCP Client Reset Count

The total number of reset (RST) packets sent from a client to a target.

These resets are generated by the client and forwarded by the load balancer.

 Dependent item aws.elb.nlb.tcp_client_reset_count

Preprocessing

  • JSON Path: The text is too long. Please see the template.

    ⛔️Custom on fail: Discard value
TCP ELB Reset Count

The total number of reset (RST) packets generated by the load balancer.

For more information, see: https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-troubleshooting.html#elb-reset-count-metric

 Dependent item aws.elb.nlb.tcp_elb_reset_count

Preprocessing

  • JSON Path: The text is too long. Please see the template.

    ⛔️Custom on fail: Discard value
TCP Target Reset Count

The total number of reset (RST) packets sent from a target to a client.

These resets are generated by the target and forwarded by the load balancer.

 Dependent item aws.elb.nlb.tcp_target_reset_count

Preprocessing

  • JSON Path: The text is too long. Please see the template.

    ⛔️Custom on fail: Discard value
Unhealthy Routing Flow Count

The number of flows (or connections) that are routed using the routing failover action (fail open).

 Dependent item aws.elb.nlb.unhealthy_routing_flow_count

Preprocessing

  • JSON Path: The text is too long. Please see the template.

    ⛔️Custom on fail: Discard value

Triggers

Name Description Expression Severity Dependencies and additional info
Failed to get metrics data

Failed to get CloudWatch metrics for Network Load Balancer.

 length(last(/AWS ELB Network Load Balancer by HTTP/aws.elb.nlb.metrics.check))>0 Warning
Failed to get alarms data

Failed to get CloudWatch alarms for Network Load Balancer.

 length(last(/AWS ELB Network Load Balancer by HTTP/aws.elb.nlb.alarms.check))>0 Warning

LLD rule Load Balancer alarm discovery

Name Description Type Key and additional info
Load Balancer alarm discovery

Used for the discovery of alarm balancers.

 Dependent item aws.elb.nlb.alarms.discovery

Preprocessing

  • JavaScript: The text is too long. Please see the template.

  • Discard unchanged with heartbeat: 3h

Item prototypes for Load Balancer alarm discovery

Name Description Type Key and additional info
[{#ALARM_NAME}]: Get metrics

Get metrics about the alarm state and its reason.

 Dependent item aws.elb.nlb.alarm.get_metrics["{#ALARM_NAME}"]

Preprocessing

  • JSON Path: $.[?(@.AlarmName == "{#ALARM_NAME}")].first()

    ⛔️Custom on fail: Discard value
[{#ALARM_NAME}]: State reason

An explanation for the alarm state reason in text format.

Alarm description:

{#ALARM_DESCRIPTION}

 Dependent item aws.elb.nlb.alarm.state_reason["{#ALARM_NAME}"]

Preprocessing

  • JSON Path: $.StateReason

    ⛔️Custom on fail: Discard value

  • Discard unchanged with heartbeat: 3h
[{#ALARM_NAME}]: State

The value of the alarm state. Possible values:

0 - OK;

1 - INSUFFICIENT_DATA;

2 - ALARM.

Alarm description:

{#ALARM_DESCRIPTION}

 Dependent item aws.elb.nlb.alarm.state["{#ALARM_NAME}"]

Preprocessing

  • JSON Path: $.StateValue

    ⛔️Custom on fail: Set value to: 3

  • JavaScript: The text is too long. Please see the template.

Trigger prototypes for Load Balancer alarm discovery

Name Description Expression Severity Dependencies and additional info
[{#ALARM_NAME}] has 'Alarm' state

The alarm {#ALARM_NAME} is in the ALARM state.
Reason: {ITEM.LASTVALUE2}

 last(/AWS ELB Network Load Balancer by HTTP/aws.elb.nlb.alarm.state["{#ALARM_NAME}"])=2 and length(last(/AWS ELB Network Load Balancer by HTTP/aws.elb.nlb.alarm.state_reason["{#ALARM_NAME}"]))>0 Average
[{#ALARM_NAME}] has 'Insufficient data' state

Either the alarm has just started, the metric is not available, or not enough data is available for the metric to determine the alarm state.

 last(/AWS ELB Network Load Balancer by HTTP/aws.elb.nlb.alarm.state["{#ALARM_NAME}"])=1 Info

LLD rule Target groups discovery

Name Description Type Key and additional info
Target groups discovery

Used for the discovery of {$AWS.ELB.TARGET.GROUP.NAME} target groups.

 Dependent item aws.elb.nlb.target_groups.discovery

Preprocessing

  • Discard unchanged with heartbeat: 3h

Item prototypes for Target groups discovery

Name Description Type Key and additional info
[{#AWS.ELB.TARGET.GROUP.NAME}]: Get metrics

Get the metrics of the ELB target group {#AWS.ELB.TARGET.GROUP.NAME}.

Full list of metrics related to AWS ELB here: https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-cloudwatch-metrics.html#user-authentication-metric-table

 Script aws.elb.nlb.target_groups.get_metrics["{#AWS.ELB.TARGET.GROUP.NAME}"]

Preprocessing

  • Check for not supported value: any error

    ⛔️Custom on fail: Discard value
[{#AWS.ELB.TARGET.GROUP.NAME}]: Healthy Host Count

The number of targets that are considered healthy.

 Dependent item aws.elb.nlb.target_groups.healthy_host_count["{#AWS.ELB.TARGET.GROUP.NAME}"]

Preprocessing

  • JSON Path: $.[?(@.Label == "HealthyHostCount")].Values.first().first()

    ⛔️Custom on fail: Discard value
[{#AWS.ELB.TARGET.GROUP.NAME}]: Unhealthy Host Count

The number of targets that are considered unhealthy.

 Dependent item aws.elb.nlb.target_groups.unhealthy_host_count["{#AWS.ELB.TARGET.GROUP.NAME}"]

Preprocessing

  • JSON Path: The text is too long. Please see the template.

    ⛔️Custom on fail: Discard value

Trigger prototypes for Target groups discovery

Name Description Expression Severity Dependencies and additional info
[{#AWS.ELB.TARGET.GROUP.NAME}]: Target have become unhealthy

This trigger helps in identifying when your targets have become unhealthy.

 last(/AWS ELB Network Load Balancer by HTTP/aws.elb.nlb.target_groups.healthy_host_count["{#AWS.ELB.TARGET.GROUP.NAME}"]) = 0 Average
[{#AWS.ELB.TARGET.GROUP.NAME}]: Target have unhealthy host

This trigger allows you to become aware when there are no more registered targets.

 last(/AWS ELB Network Load Balancer by HTTP/aws.elb.nlb.target_groups.unhealthy_host_count["{#AWS.ELB.TARGET.GROUP.NAME}"]) > {$AWS.ELB.UNHEALTHY.HOST.MAX} Warning Depends on:
  • [{#AWS.ELB.TARGET.GROUP.NAME}]: Target have become unhealthy

Feedback

Please report any issues with the template at https://support.zabbix.com

You can also provide feedback, discuss the template, or ask for help at ZABBIX forums

Articles and documentation

+ Propose new article

Media

Didn't find what you are looking for?

Request custom integration

Zabbix integration team will develop custom integration based on your requirements and Zabbix best practices.

Request

Propose your integration

Have you already developed high quality integration and want to submit to Zabbix integration repository?

Propose