Vault on ECS, behind ALB

Hi Team,

I set up a Vault cluster (Postgres backend and KMS auto-unseal) in ECS and placed them behind an ALB. My problem with this setup is that the target group sends “node unhealthy” notifications to ECS for the standby task, since it does not respond with http 200, binging it down as a consquence. A new task will then be automatically spun up, of course, which is doomed to fail just as well at the target group health checks, of course. I could live with that, but it does not sound like a “stable” solution.

If OTOH I add http 429 as a “healthy” code in the target group health checks it will be placed in rotation alongside the active node, case in wich 50% of the requests will land on the standby node.

Reading through the documentation I did not find any hints on how to solve this. Any ideas what options there would be?

Thank you,