diff --git a/README.md b/README.md
index 4d83067..f9cacfb 100644
--- a/README.md
+++ b/README.md
@@ -27,7 +27,6 @@ Required deployment iam privileges.
 ]
 ```
 
-
 ## ci
 
 Commits to `main` will kick off a deployment.
diff --git a/justfile b/justfile
index 3130c44..69c57fe 100644
--- a/justfile
+++ b/justfile
@@ -1,4 +1,9 @@
 format:
     #!/usr/bin/env bash
     cd tf
-    terraform fmt --recursive
\ No newline at end of file
+    terraform fmt --recursive
+
+check:
+    #!/usr/bin/env bash
+    cd tf
+    terraform validate
\ No newline at end of file
diff --git a/src/app.js b/src/app.js
index 9a65d05..34773f4 100644
--- a/src/app.js
+++ b/src/app.js
@@ -13,7 +13,7 @@ app.use((req, res, next) => {
   next();
 });
 
-app.get('/hello', (req, res) => {
+app.get('/health', (req, res) => {
   res.status(200).json({msg: "Hello, this is your API"});
 });
 
diff --git a/tf/container_definitions.tpl b/tf/container_definitions.tpl
index c9d9732..625fae5 100644
--- a/tf/container_definitions.tpl
+++ b/tf/container_definitions.tpl
@@ -16,7 +16,7 @@
         "healthcheck": {
             "command": [
                 "CMD-SHELL", 
-                "wget --quiet --spider --tries=1 http://localhost:${container_port}/hello || exit 1"
+                "wget --quiet --spider --tries=1 http://localhost:${container_port}/health || exit 1"
             ],
             "interval": 30,
             "retries": 3,
diff --git a/tf/data.tf b/tf/data.tf
index f2fbfce..6664f23 100644
--- a/tf/data.tf
+++ b/tf/data.tf
@@ -28,7 +28,7 @@ data "aws_iam_policy_document" "assume_role" {
   }
 }
 
-data "aws_iam_policy_document" "ecr_policy" {
+data "aws_iam_policy_document" "logs_policy" {
   statement {
     actions = [
       "logs:CreateLogStream",
@@ -37,7 +37,7 @@ data "aws_iam_policy_document" "ecr_policy" {
 
     effect = "Allow"
 
-    resources = ["*"]
+    resources = [aws_cloudwatch_log_group.ecs_log_group.arn]
   }
 }
 
diff --git a/tf/main.tf b/tf/main.tf
index 4b88fcf..03e03d5 100644
--- a/tf/main.tf
+++ b/tf/main.tf
@@ -40,9 +40,9 @@ resource "aws_ecs_cluster" "cluster" {
   name = "${var.project_name}-cluster"
 }
 
-resource "aws_iam_policy" "ecr_access_policy" {
+resource "aws_iam_policy" "logs_access_policy" {
   name   = "${local.formatted_name}_ecr_access_policy"
-  policy = data.aws_iam_policy_document.ecr_policy.json
+  policy = data.aws_iam_policy_document.logs_policy.json
 }
 
 resource "aws_iam_role" "ecs_task_role" {
@@ -50,9 +50,9 @@ resource "aws_iam_role" "ecs_task_role" {
   assume_role_policy = data.aws_iam_policy_document.assume_role.json
 }
 
-resource "aws_iam_role_policy_attachment" "ecr_access_policy_attachment" {
+resource "aws_iam_role_policy_attachment" "logs_access_policy_attachment" {
   role       = aws_iam_role.ecs_task_role.name
-  policy_arn = aws_iam_policy.ecr_access_policy.arn
+  policy_arn = aws_iam_policy.logs_access_policy.arn
 }
 
 resource "aws_ecs_task_definition" "task" {
@@ -168,6 +168,16 @@ resource "aws_lb_target_group" "tg" {
   vpc_id   = data.aws_vpc.vpc.id
 
   target_type = "ip"
+
+  health_check {
+    interval            = 30
+    path                = "/health"
+    protocol            = "HTTP"
+    matcher             = "200"
+    timeout             = 5
+    healthy_threshold   = 5
+    unhealthy_threshold = 2
+  }
 }
 
 resource "aws_lb_listener" "listener" {