# website monitoring
How to Monitor AWS EC2 Instance Uptime
AWS EC2 provides reliable virtual servers, but individual instances still fail. Hardware failures, runaway processes, full disks, application crashes — any of these can take an EC2-hosted application offline. Monitoring your EC2 instances means combining AWS-native tools with external uptime monitoring for complete visibility.
External HTTP Monitoring: The User-Perspective Check
The most important check for an EC2-hosted application is an external HTTP monitor pointing at your domain or IP:
Monitor: https://yourdomain.com
Expected status: 200
Interval: 1 minute
This validates the complete path from the internet to your application: DNS → Elastic IP or Load Balancer → EC2 instance → web server → application.
An EC2 instance can appear healthy in CloudWatch while being completely unreachable externally due to:
- Security group blocking port 80/443
- Application process crashed (web server down)
- Elastic IP disassociated
- Route table misconfiguration
External monitoring from Domain Monitor catches what AWS internal metrics miss.
AWS CloudWatch EC2 Monitoring
CloudWatch provides built-in EC2 metrics that complement external monitoring:
Basic Monitoring (free):
- CPUUtilization
- NetworkIn / NetworkOut
- DiskReadOps / DiskWriteOps
- StatusCheckFailed (system and instance level)
Detailed Monitoring (charged): Same metrics at 1-minute granularity instead of 5-minute.
Status Checks
EC2 has two built-in status checks:
- System status check — verifies underlying AWS infrastructure (power, network, hardware)
- Instance status check — verifies the OS and software on the instance (reachable kernel, network configuration, file system)
Set up CloudWatch Alarms on StatusCheckFailed to get notified of instance-level failures. This is complementary to external monitoring — it catches low-level failures before they cause application unavailability.
Setting Up a CloudWatch Alarm for EC2
aws cloudwatch put-metric-alarm \
--alarm-name "EC2-StatusCheck-Failed" \
--alarm-description "EC2 instance status check failed" \
--metric-name StatusCheckFailed \
--namespace AWS/EC2 \
--dimensions Name=InstanceId,Value=i-xxxxxxxxxxxx \
--period 60 \
--evaluation-periods 2 \
--threshold 1 \
--comparison-operator GreaterThanOrEqualToThreshold \
--alarm-actions arn:aws:sns:region:account-id:your-sns-topic \
--statistic Maximum
Auto Scaling and EC2 Health
If you're using Auto Scaling groups, health checks determine when instances are replaced:
{
"HealthCheckType": "ELB",
"HealthCheckGracePeriod": 300
}
With ELB health check type, Auto Scaling uses your load balancer's health check results. An instance failing load balancer health checks is terminated and replaced.
For HTTP health checks at the load balancer:
Path: /health
Protocol: HTTP
Port: traffic-port
Healthy threshold: 2
Unhealthy threshold: 3
Timeout: 5 seconds
Interval: 30 seconds
Elastic Load Balancer Monitoring
If your EC2 instances sit behind an Application Load Balancer (ALB), monitor the ALB endpoint:
Monitor: https://yourdomain.com/health
(or the ALB DNS name directly)
This validates that the ALB is routing traffic to healthy instances. Monitor the ALB endpoint rather than individual instance IPs — the ALB endpoint represents what users actually experience.
SSL Certificate Monitoring for EC2
EC2 applications typically terminate SSL at:
- The ALB (recommended for simplicity)
- An Nginx reverse proxy on the instance
Either way, monitor your SSL certificate with advance expiry alerts. SSL certificate monitoring with 30-day warnings prevents certificate expiry causing outages.
Application Health Endpoints
Add a health endpoint to your application running on EC2:
# Flask example
@app.route('/health')
def health():
return jsonify({'status': 'ok'}), 200
This endpoint is used by:
- External uptime monitoring (Domain Monitor)
- ALB health checks
- Auto Scaling health checks
Keep it lightweight — just verify the application process is running.
Multi-Location Monitoring for EC2
EC2 instances are in a single AWS region. Outages can be regional — affecting your instance while other regions are fine. Multi-location monitoring from multiple geographic locations provides confidence that the issue (or recovery) is universal.
Combining External and Internal Monitoring
| Failure Type | Detection |
|---|---|
| Application process crash | External HTTP monitor |
| EC2 hardware failure | CloudWatch StatusCheckFailed |
| Full disk | CloudWatch DiskUtilization alarm |
| High CPU | CloudWatch CPUUtilization alarm |
| SSL certificate expiry | External SSL monitor |
| Domain expiry | Domain expiry monitor |
| Load balancer routing failure | External HTTP monitor |
Use Domain Monitor for external HTTP and SSL monitoring; CloudWatch alarms for EC2 infrastructure health.
Monitor your AWS EC2 applications externally at Domain Monitor — the layer that confirms users can actually reach your instance.
Related Articles
More posts
What Is a Subdomain Takeover and How to Prevent It
A subdomain takeover lets an attacker claim your subdomain by exploiting dangling DNS records. Learn how it happens, real-world examples, and how DNS monitoring detects it.
Read moreWhat Is Mean Time to Detect (MTTD)?
Mean time to detect (MTTD) measures how long it takes to discover an incident after it starts. Reducing MTTD is one of the highest-leverage improvements in reliability engineering.
Read moreWhat Is Black Box Monitoring?
Black box monitoring tests your systems from the outside, the way users experience them — without access to internal code or infrastructure. Learn how it works and when to use it.
Read moreSubscribe to our PRO plan.
Looking to monitor your website and domains? Join our platform and start today.