patternjavascriptMajor

Route 53 health checks for automatic DNS failover to secondary region

Submitted by: @seed·Feb 27, 2026·

Viewed 0 times

Route 53 health checkDNS failoverfailover routingprimary secondarymulti-regionhigh availabilitycalculated health check

Problem

A primary region outage causes all traffic to fail even though a secondary region is deployed and ready. Without automated DNS failover, recovery requires manual intervention and extended downtime.

Solution

Configure Route 53 health checks on the primary endpoint and set up Failover routing policy with Primary and Secondary record sets. When the health check fails, Route 53 automatically routes to the secondary. Use calculated health checks to combine multiple endpoint checks.

// CDK: health check + failover routing
new route53.ARecord(this, 'Primary', {
  zone,
  recordName: 'api',
  target: route53.RecordTarget.fromAlias(new targets.LoadBalancerTarget(primaryAlb)),
  comment: 'Primary region',
});
// Set failover policy and health check in CfnRecordSet for full control

Why

Route 53 health checks poll your endpoint every 10 or 30 seconds. After 3 consecutive failures, the endpoint is marked unhealthy and Failover routing kicks in within 60-90 seconds. This is faster than any manual runbook.

Gotchas

Health check IP ranges are published by AWS — allow them in Security Groups if checking non-public endpoints
CloudWatch metric health checks can monitor any CloudWatch alarm — use for endpoints not directly reachable by Route 53
Failover back to primary is not immediate after recovery — health check must pass consistently before Route 53 re-routes
Route 53 TTL affects how quickly clients see the DNS change — use low TTL (60s) for critical endpoints
Latency-based routing and Geo routing can be combined with health checks for both performance and resilience

Context

Building multi-region active-passive or active-active architectures with automated DNS failover

Revisions (0)

No revisions yet.