Skip to content

rackspace-infrastructure-automation/aws-terraform-alb

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

114 Commits

.circleci

.circleci

 
 

.github

.github

 
 

examples

examples

 
 

tests

tests

 
 

.gitignore

.gitignore

 
 

.terraform-version

.terraform-version

 
 

CONTRIBUTING.md

CONTRIBUTING.md

 
 

LICENSE.md

LICENSE.md

 
 

README.md

README.md

 
 

main.tf

main.tf

 
 

outputs.tf

outputs.tf

 
 

variables.tf

variables.tf

 
 

Repository files navigation

aws-terraform-alb

This module deploys an Application Load Balancer with associated resources, such as an unhealthy host count CloudWatch alarm, S3 log bucket, and Route 53 internal zone record.

Basic Usage

module "alb" {
  source = "git@github.com:rackspace-infrastructure-automation/aws-terraform-alb//?ref=v0.12.5"

  http_listeners_count = 1
  name                 = "MyALB"
  security_groups      = ["${module.sg.public_web_security_group_id}"]
  subnets              = ["${module.vpc.public_subnets}"]
  target_groups_count  = 1
  vpc_id               = "${module.vpc.vpc_id}"

  http_listeners = [
    {
      port     = 80
      protocol = "HTTP"
    },
  ]

  target_groups = [
    {
      backend_port     = 80
      backend_protocol = "HTTP"
      name             = "MyTargetGroup"
    }
  ]
}

Full working references are available at examples

Terraform 0.12 upgrade

Several changes were required while adding terraform 0.12 compatibility. The following changes should
made when upgrading from a previous release to version 0.12.0 or higher.

Terraform State File

During the conversion, we have removed dependency on upstream modules. This does require some resources to be relocated
within the state file. The following statements can be used to update existing resources. In each command, <MODULE_NAME>
should be replaced with the logic name used where the module is referenced. One block applies to load balancers configured
with S3 logging, and the other for those with logging disabled

ALBs configured with S3 logging

terraform state mv module.<MODULE_NAME>.module.alb.aws_lb.application module.<MODULE_NAME>.aws_lb.alb
terraform state mv module.<MODULE_NAME>.module.alb.aws_lb_target_group.main module.<MODULE_NAME>.aws_lb_target_group.main
terraform state mv module.<MODULE_NAME>.module.alb.aws_lb_listener.frontend_http_tcp module.<MODULE_NAME>.aws_lb_listener.http
terraform state mv module.<MODULE_NAME>.module.alb.aws_lb_listener.frontend_https module.<MODULE_NAME>.aws_lb_listener.https

ALBs configured with logging disabled

terraform state mv module.<MODULE_NAME>.module.alb.aws_lb.application_no_logs module.<MODULE_NAME>.aws_lb.alb
terraform state mv module.<MODULE_NAME>.module.alb.aws_lb_target_group.main_no_logs module.<MODULE_NAME>.aws_lb_target_group.main
terraform state mv module.<MODULE_NAME>.module.alb.aws_lb_listener.frontend_http_tcp_no_logs module.<MODULE_NAME>.aws_lb_listener.http
terraform state mv module.<MODULE_NAME>.module.alb.aws_lb_listener.frontend_https_no_logs module.<MODULE_NAME>.aws_lb_listener.https

Module variables

The following module variables were updated to better meet current Rackspace style guides:

  • alb_name -> name
  • alb_tags -> tags
  • logging_bucket_encryption_kms_mster_key -> kms_key_id
  • route_53_hosted_zone_id -> internal_zone_id

Requirements

Name Version
terraform >= 0.13.7
aws ~> 3.0

Providers

Name Version
aws ~> 3.0
null n/a

Modules

Name Source Version
unhealthy_host_count_alarm git@github.com:rackspace-infrastructure-automation/aws-terraform-cloudwatch_alarm//?ref=v0.12.6

Resources

Name
aws_elb_service_account
aws_iam_policy_document
aws_lb
aws_lb_listener
aws_lb_listener_certificate
aws_lb_listener_rule
aws_lb_target_group
aws_lb_target_group_attachment
aws_route53_record
aws_s3_bucket
aws_s3_bucket_policy
aws_wafregional_web_acl_association
null_data_source

Inputs

Name Description Type Default Required
add_waf Add an existing Regional WAF to the ALB. true | false bool false no
create_internal_zone_record Create Route 53 internal zone record for the ALB. i.e true | false bool false no
create_logging_bucket Create a new S3 logging bucket. i.e. true | false bool true no
customer_alarms_cleared Specifies whether alarms will notify customers when returning to an OK status. bool false no
customer_alarms_enabled Specifies whether alarms will notify customers. Automatically enabled if rackspace_managed is set to false bool false no
drop_invalid_header_fields Indicates whether HTTP headers with header fields that are not valid are removed by the load balancer (true) or routed to targets (false). bool false no
enable_deletion_protection If true, deletion of the load balancer will be disabled via the AWS API. This will prevent Terraform from deleting the load balancer. Defaults to false. bool false no
enable_http2 If true sets HTTP/2 to enabled. bool true no
enable_https_redirect If true and at least one HTTP and one HTTPS listener is created, HTTP listeners will have a redirect rule created to forward all traffic to the first HTTPS listener. bool false no
environment Application environment for which this network is being created. one of: ('Development', 'Integration', 'PreProduction', 'Production', 'QA', 'Staging', 'Test') string "Development" no
extra_ssl_certs A list of maps describing any extra SSL certificates to apply to the HTTPS listeners. Certificates must be in the same region as the ALB. Required key/values: certificate_arn, https_listener_index (the index of the listener within https_listeners which the cert applies toward). [{'certificate_arn', 'arn:aws:iam::123456789012:server-certificate/other_test_cert-123456789012', 'https_listener_index', 1}] list(map(string)) [] no
extra_ssl_certs_count The number of extra ssl certs to be added. number 0 no
http_listeners List of Maps of HTTP listeners (port, protocol, target_group_index). i.e. [{'port', 80 , 'protocol', 'HTTP'}, {'port', 8080, 'protocol', 'HTTP'}] list(map(string)) 
[
  {
    "port": 80,
    "protocol": "HTTP"
  }
]
 no
http_listeners_count The number of HTTP listeners to be created. number 1 no
https_listeners List of Maps of HTTPS listeners. Certificate must be in the same region as the ALB. (port, certificate_arn, ssl_policy (optional: defaults to ELBSecurityPolicy-2016-08), target_group_index (optional: defaults to 0)) i.e. [{'certificate_arn', 'arn:aws:iam::123456789012:server-certificate/test_cert-123456789012', 'port', 443}] list(map(string)) [] no
https_listeners_count The number of HTTPS listeners to be created. string 0 no
idle_timeout The idle timeout value, in seconds. The valid range is 1-3600. The default is 60 seconds. number 60 no
internal_record_name Record Name for the new Resource Record in the Internal Hosted Zone. i.e. alb.example.com string "" no
internal_zone_id The Route53 Internal Hosted Zone ID. string "" no
kms_key_id The AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of sse_algorithm as aws:kms. string "" no
load_balancer_create_timeout Timeout value when creating the ALB. string "10m" no
load_balancer_delete_timeout Timeout value when deleting the ALB. string "10m" no
load_balancer_is_internal Indicates whether the load balancer is Internet-facing or internal. i.e. true | false bool false no
load_balancer_update_timeout Timeout value when updating the ALB. string "10m" no
logging_bucket_acl Define ACL for Bucket. Must be either authenticated-read, aws-exec-read, log-delivery-write, private, public-read or public-read-write. Via https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl string "private" no
logging_bucket_encyption Enable default bucket encryption. i.e. AES256 | aws:kms string "AES256" no
logging_bucket_force_destroy Whether all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable. ie. true | false bool false no
logging_bucket_name The name of the S3 bucket for the access logs. The bucket name can contain only lowercase letters, numbers, periods (.), and dashes (-). If creating a new logging bucket enter desired bucket name. string "" no
logging_bucket_prefix The prefix for the location in the S3 bucket. If you don't specify a prefix, the access logs are stored in the root of the bucket. Entry must not start with a / or end with one. i.e. 'logs' or 'data/logs' string null no
logging_bucket_retention The number of days to retain load balancer logs. Parameter is ignored if not creating a new S3 bucket. i.e. between 1 - 999 number 14 no
logging_enabled Whether logging for this bucket is enabled. bool false no
name A name for the load balancer, which must be unique within your AWS account. string n/a yes
notification_topic List of SNS Topic ARNs to use for customer notifications. list(string) [] no
rackspace_alarms_enabled Specifies whether alarms will create a Rackspace ticket. Ignored if rackspace_managed is set to false. bool false no
rackspace_managed Boolean parameter controlling if instance will be fully managed by Rackspace support teams, created CloudWatch alarms that generate tickets, and utilize Rackspace managed SSM documents. bool true no
register_instance_targets List of Maps with the index of the target group and the instance id being registered with that group. i.e. [{'instance_id' : 'i-052f1856e2a471b74', 'target_group_index' : 0}, {'instance_id' : 'i-0cc4b566324707026', 'target_group_index' : 0}] list(map(string)) [] no
register_instance_targets_count Count of ec2 instances being added to the target groups. number 0 no
security_groups A list of EC2 security group ids to assign to this resource. i.e. ['sg-edcd9784', 'sg-edcd9785'] list(string) n/a yes
subnets A list of at least two IDs of the subnets to associate with the load balancer. i.e ['subnet-abcde012', 'subnet-bcde012a'] list(string) n/a yes
tags A map of tags to be applied to the ALB. i.e {Environment='Development'} map(string) {} no
target_groups A list of maps containing key/value pairs that define the target groups to be created. Order of these maps is important and the index of these are to be referenced in listener definitions. Optional key/values are in the target_groups_defaults variable. i.e. [{'name', 'foo', 'backend_protocol', 'HTTP', 'backend_port', '80'}] list(map(string)) 
[
  {
    "backend_port": 80,
    "backend_protocol": "HTTP",
    "name": "ALB-TargetGroup"
  }
]
 no
target_groups_count The number of target groups to create number 1 no
target_groups_defaults Default values for target groups as defined by the list of maps. i.e. [{ 'cookie_duration': 86400, 'deregistration_delay': 300, 'health_check_healthy_threshold': 3, 'health_check_interval': 10, 'health_check_matcher': '200-299', 'health_check_path': '/', 'health_check_port': 'traffic-port', 'health_check_timeout': 5, 'health_check_unhealthy_threshold': 3, 'stickiness_enabled': true, 'load_balancing_algorithm_type': 'round_robin', 'target_type': 'instance' }] list(map(string)) 
[
  {
    "cookie_duration": 86400,
    "deregistration_delay": 30,
    "health_check_healthy_threshold": 5,
    "health_check_interval": 30,
    "health_check_matcher": "200-299",
    "health_check_path": "/",
    "health_check_port": "traffic-port",
    "health_check_timeout": 5,
    "health_check_unhealthy_threshold": 2,
    "load_balancing_algorithm_type": "round_robin",
    "slow_start": 0,
    "stickiness_enabled": false,
    "target_type": "instance"
  }
]
 no
vpc_id The VPC in which your targets are located. i.e. vpc-abcde012 string n/a yes
waf_id The unique identifier (ID) for the Regional Web Application Firewall (WAF) ACL. i.e. 329d10ec-e221-49d1-9f4b-e1294150d292 string "" no

Outputs

Name Description
alb_dns_name The DNS name of the load balancer.
http_tcp_listener_arns The ARN of the TCP and HTTP load balancer listeners created.
http_tcp_listener_ids The IDs of the TCP and HTTP load balancer listeners created.
https_listener_arns The ARNs of the HTTPS load balancer listeners created.
https_listener_ids The IDs of the load balancer listeners created.
load_balancer_arn_suffix ARN suffix of our load balancer - can be used with CloudWatch.
load_balancer_id The ID and ARN of the load balancer we created.
load_balancer_zone_id The zone_id of the load balancer to assist with creating DNS records.
logging_bucket_arn The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.
logging_bucket_domain_name The bucket domain name. Will be of format bucketname.s3.amazonaws.com.
logging_bucket_hosted_zone_id The Route 53 Hosted Zone ID for this bucket's region.
logging_bucket_id The name of the bucket.
logging_bucket_region The AWS region this bucket resides in.
logging_bucket_regional_domain_name The bucket region-specific domain name. The bucket domain name including the region name.
target_group_arn_suffixes ARN suffixes of our target groups - can be used with CloudWatch.
target_group_arns ARNs of the target groups. Useful for passing to your Auto Scaling group.
target_group_names Name of the target group. Useful for passing to your CodeDeploy Deployment Group.
unhealthy_host_alarm_id The ID of the health check.

About

AWS ELBv2 / Application Load Balancer Terraform module for Rackspace Customers

Topics

rax-tf-module navi-rax-supeng

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

8 stars

Watchers

76 watching

Forks

8 forks
Report repository

Releases 24

v0.12.11 Latest
Jun 16, 2022
+ 23 releases

Packages

No packages published

Contributors 16

+ 2 contributors

Languages