egonSchiele · December 27, 2024 22:03
diff --git a/alb.tf b/alb.tf
 terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 5.0"
    }
  }
 }

 provider "aws" {
  region = "us-west-1"

  # This will tag all resources we create
  # so we can easily find them later to delete.
  default_tags {
    tags = {
      Terraform = "true"
      Name      = "alb-test"
    }
  }
 }

 resource "aws_vpc" "main" {
  cidr_block = "10.1.0.0/16"

  tags = {
    Name = "alb-test-vpc"
  }
 }

 # two subnets in different availability zones
 resource "aws_subnet" "public1" {
  vpc_id            = aws_vpc.main.id
  cidr_block        = "10.1.3.0/24"
  availability_zone = "us-west-1a"
 }

 resource "aws_subnet" "public2" {
  vpc_id            = aws_vpc.main.id
  cidr_block        = "10.1.2.0/24"
  availability_zone = "us-west-1c"
 }

 # two instances in the two subnets,
 # each running a simple web server with a different message
 resource "aws_instance" "web1" {
  ami           = "ami-038bba9a164eb3dc1"
  instance_type = "t3.nano"

  # assign it a public ip so we can connect to it
  associate_public_ip_address = true

  # references security group created below
  vpc_security_group_ids = [aws_security_group.instance_sg.id]

  lifecycle {
    replace_triggered_by = [aws_security_group.instance_sg]
  }

  # subnet to launch the instance in
  subnet_id = aws_subnet.public1.id

  user_data = <<-EOF
 #!/bin/bash
 sudo yum upgrade
 sudo yum install -y httpd
 sudo systemctl start httpd
 sudo systemctl enable httpd

 echo "<h1>Hello, World from web1!</h1>" > /var/www/html/index.html
 EOF
 }

 resource "aws_instance" "web2" {
  ami           = "ami-038bba9a164eb3dc1"
  instance_type = "t3.nano"

  # assign it a public ip so we can connect to it
  associate_public_ip_address = true

  # references security group created below
  vpc_security_group_ids = [aws_security_group.instance_sg.id]

  lifecycle {
    replace_triggered_by = [aws_security_group.instance_sg]
  }

  # subnet to launch the instance in
  subnet_id = aws_subnet.public2.id

  # slightly different message
  user_data = <<-EOF
 #!/bin/bash
 sudo yum upgrade
 sudo yum install -y httpd
 sudo systemctl start httpd
 sudo systemctl enable httpd

 echo "<h1>Hello, World from web2!</h1>" > /var/www/html/index.html
 EOF
 }

 resource "aws_security_group" "alb_sg" {
  name = "terraform"

  # We need to explicitly put the security group in this VPC
  vpc_id = aws_vpc.main.id

  # Inbound HTTP from anywhere
  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  # Outbound HTTP to anywhere
  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
 }

 resource "aws_security_group" "instance_sg" {
  name = "terraform_instance"

  # We need to explicitly put the security group in this VPC
  vpc_id = aws_vpc.main.id

  # Inbound HTTP only from the load balancer
  ingress {
    from_port       = 80
    to_port         = 80
    protocol        = "tcp"
    security_groups = [aws_security_group.alb_sg.id]
  }

  # Outbound HTTP to anywhere
  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
 }

 #boilerplate code for internet gateway, route table, and route table association
 resource "aws_internet_gateway" "igw" {
  vpc_id = aws_vpc.main.id
 }

 resource "aws_route_table" "public" {
  vpc_id = aws_vpc.main.id

  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = aws_internet_gateway.igw.id
  }
 }

 resource "aws_route_table_association" "public_subnet_asso" {
  subnet_id      = aws_subnet.public1.id
  route_table_id = aws_route_table.public.id
 }
 resource "aws_route_table_association" "public_subnet_asso2" {
  subnet_id      = aws_subnet.public2.id
  route_table_id = aws_route_table.public.id
 }

 resource "aws_lb" "test" {
  name               = "test-lb-tf"
  internal           = false
  load_balancer_type = "application"
  security_groups    = [aws_security_group.alb_sg.id]
  subnets            = [aws_subnet.public1.id, aws_subnet.public2.id]

  #  If true, deletion of the load balancer will be disabled via the AWS API. This will prevent Terraform from deleting the load balancer. Defaults to false.
  enable_deletion_protection = false

  tags = {
    Name = "terraform-example-lb"
  }
 }

 resource "aws_lb_target_group" "test" {
  name     = "tf-example-lb-tg"
  port     = 80
  protocol = "HTTP"
  vpc_id   = aws_vpc.main.id
 }

 # Attach the instances to the target group
 resource "aws_lb_target_group_attachment" "att1" {
  target_group_arn = aws_lb_target_group.test.arn
  target_id        = aws_instance.web1.id
  port             = 80
 }
 resource "aws_lb_target_group_attachment" "att2" {
  target_group_arn = aws_lb_target_group.test.arn
  target_id        = aws_instance.web2.id
  port             = 80
 }

 # requests to port 80 on the load balancer will be forwarded to the target group
 resource "aws_lb_listener" "test" {
  load_balancer_arn = aws_lb.test.arn
  port              = "80"
  protocol          = "HTTP"

  default_action {
    type             = "forward"
    target_group_arn = aws_lb_target_group.test.arn
  }
 }

 # print IPs so we can test
 output "alb_dns_name" {
  value = aws_lb.test.dns_name
 }

 output "web1_public_ip" {
  value = aws_instance.web1.public_ip
 }

 output "web2_public_ip" {
  value = aws_instance.web2.public_ip
 }
	terraform {
	required_providers {
	aws = {
	source = "hashicorp/aws"
	version = "~> 5.0"
	}
	}
	}

	provider "aws" {
	region = "us-west-1"

	# This will tag all resources we create
	# so we can easily find them later to delete.
	default_tags {
	tags = {
	Terraform = "true"
	Name = "alb-test"
	}
	}
	}

	resource "aws_vpc" "main" {
	cidr_block = "10.1.0.0/16"

	tags = {
	Name = "alb-test-vpc"
	}
	}

	# two subnets in different availability zones
	resource "aws_subnet" "public1" {
	vpc_id = aws_vpc.main.id
	cidr_block = "10.1.3.0/24"
	availability_zone = "us-west-1a"
	}

	resource "aws_subnet" "public2" {
	vpc_id = aws_vpc.main.id
	cidr_block = "10.1.2.0/24"
	availability_zone = "us-west-1c"
	}

	# two instances in the two subnets,
	# each running a simple web server with a different message
	resource "aws_instance" "web1" {
	ami = "ami-038bba9a164eb3dc1"
	instance_type = "t3.nano"

	# assign it a public ip so we can connect to it
	associate_public_ip_address = true

	# references security group created below
	vpc_security_group_ids = [aws_security_group.instance_sg.id]

	lifecycle {
	replace_triggered_by = [aws_security_group.instance_sg]
	}

	# subnet to launch the instance in
	subnet_id = aws_subnet.public1.id

	user_data = <<-EOF
	#!/bin/bash
	sudo yum upgrade
	sudo yum install -y httpd
	sudo systemctl start httpd
	sudo systemctl enable httpd

	echo "<h1>Hello, World from web1!</h1>" > /var/www/html/index.html
	EOF
	}

	resource "aws_instance" "web2" {
	ami = "ami-038bba9a164eb3dc1"
	instance_type = "t3.nano"

	# assign it a public ip so we can connect to it
	associate_public_ip_address = true

	# references security group created below
	vpc_security_group_ids = [aws_security_group.instance_sg.id]

	lifecycle {
	replace_triggered_by = [aws_security_group.instance_sg]
	}

	# subnet to launch the instance in
	subnet_id = aws_subnet.public2.id

	# slightly different message
	user_data = <<-EOF
	#!/bin/bash
	sudo yum upgrade
	sudo yum install -y httpd
	sudo systemctl start httpd
	sudo systemctl enable httpd

	echo "<h1>Hello, World from web2!</h1>" > /var/www/html/index.html
	EOF
	}

	resource "aws_security_group" "alb_sg" {
	name = "terraform"

	# We need to explicitly put the security group in this VPC
	vpc_id = aws_vpc.main.id

	# Inbound HTTP from anywhere
	ingress {
	from_port = 80
	to_port = 80
	protocol = "tcp"
	cidr_blocks = ["0.0.0.0/0"]
	}

	# Outbound HTTP to anywhere
	egress {
	from_port = 0
	to_port = 0
	protocol = "-1"
	cidr_blocks = ["0.0.0.0/0"]
	}
	}

	resource "aws_security_group" "instance_sg" {
	name = "terraform_instance"

	# We need to explicitly put the security group in this VPC
	vpc_id = aws_vpc.main.id

	# Inbound HTTP only from the load balancer
	ingress {
	from_port = 80
	to_port = 80
	protocol = "tcp"
	security_groups = [aws_security_group.alb_sg.id]
	}

	# Outbound HTTP to anywhere
	egress {
	from_port = 0
	to_port = 0
	protocol = "-1"
	cidr_blocks = ["0.0.0.0/0"]
	}
	}

	#boilerplate code for internet gateway, route table, and route table association
	resource "aws_internet_gateway" "igw" {
	vpc_id = aws_vpc.main.id
	}

	resource "aws_route_table" "public" {
	vpc_id = aws_vpc.main.id

	route {
	cidr_block = "0.0.0.0/0"
	gateway_id = aws_internet_gateway.igw.id
	}
	}

	resource "aws_route_table_association" "public_subnet_asso" {
	subnet_id = aws_subnet.public1.id
	route_table_id = aws_route_table.public.id
	}
	resource "aws_route_table_association" "public_subnet_asso2" {
	subnet_id = aws_subnet.public2.id
	route_table_id = aws_route_table.public.id
	}

	resource "aws_lb" "test" {
	name = "test-lb-tf"
	internal = false
	load_balancer_type = "application"
	security_groups = [aws_security_group.alb_sg.id]
	subnets = [aws_subnet.public1.id, aws_subnet.public2.id]

	# If true, deletion of the load balancer will be disabled via the AWS API. This will prevent Terraform from deleting the load balancer. Defaults to false.
	enable_deletion_protection = false

	tags = {
	Name = "terraform-example-lb"
	}
	}

	resource "aws_lb_target_group" "test" {
	name = "tf-example-lb-tg"
	port = 80
	protocol = "HTTP"
	vpc_id = aws_vpc.main.id
	}

	# Attach the instances to the target group
	resource "aws_lb_target_group_attachment" "att1" {
	target_group_arn = aws_lb_target_group.test.arn
	target_id = aws_instance.web1.id
	port = 80
	}
	resource "aws_lb_target_group_attachment" "att2" {
	target_group_arn = aws_lb_target_group.test.arn
	target_id = aws_instance.web2.id
	port = 80
	}

	# requests to port 80 on the load balancer will be forwarded to the target group
	resource "aws_lb_listener" "test" {
	load_balancer_arn = aws_lb.test.arn
	port = "80"
	protocol = "HTTP"

	default_action {
	type = "forward"
	target_group_arn = aws_lb_target_group.test.arn
	}
	}

	# print IPs so we can test
	output "alb_dns_name" {
	value = aws_lb.test.dns_name
	}

	output "web1_public_ip" {
	value = aws_instance.web1.public_ip
	}

	output "web2_public_ip" {
	value = aws_instance.web2.public_ip
	}