Created
October 6, 2017 11:41
-
-
Save ketzacoatl/be53b0d3bb286093648584fe32045665 to your computer and use it in GitHub Desktop.
Terraform example ALB w/ target groups for an ASG
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Security Group for ALB | |
| resource "aws_security_group" "atlassian-alb" { | |
| name = "${var.name}-load-balancer" | |
| description = "allow HTTPS to ${var.name} Load Balancer (ALB)" | |
| vpc_id = "${module.vpc.vpc_id}" | |
| ingress { | |
| from_port = "443" | |
| to_port = "443" | |
| protocol = "tcp" | |
| cidr_blocks = ["0.0.0.0/0"] | |
| } | |
| tags { | |
| Name = "${var.name}" | |
| } | |
| } | |
| # Create a single load balancer for all Atlassian services | |
| resource "aws_alb" "atlassian" { | |
| name = "${var.name}" | |
| internal = false | |
| idle_timeout = "300" | |
| security_groups = [ | |
| "${aws_security_group.atlassian-alb.id}", | |
| "${module.open-egress-sg.id}" | |
| ] | |
| subnets = ["${module.vpc.public_subnet_ids}"] | |
| enable_deletion_protection = true | |
| # access_logs { | |
| # bucket = "${aws_s3_bucket.alb_logs.bucket}" | |
| # prefix = "test-alb" | |
| # } | |
| tags { | |
| Name = "${var.name}" | |
| } | |
| } | |
| # Define a listener | |
| resource "aws_alb_listener" "atlassian" { | |
| load_balancer_arn = "${aws_alb.atlassian.arn}" | |
| port = "443" | |
| protocol = "HTTPS" | |
| ssl_policy = "ELBSecurityPolicy-2015-05" | |
| certificate_arn = "${var.ssl_arn}" | |
| default_action { | |
| target_group_arn = "${aws_alb_target_group.bitbucket.arn}" | |
| type = "forward" | |
| } | |
| } | |
| # Connect bitbucket ASG up to the Application Load Balancer (see load-balancer.tf) | |
| resource "aws_alb_target_group" "bitbucket" { | |
| name = "${var.name}-bitbucket" | |
| port = 7990 | |
| protocol = "HTTP" | |
| vpc_id = "${module.vpc.vpc_id}" | |
| } | |
| resource "aws_alb_listener_rule" "bitbucket" { | |
| listener_arn = "${aws_alb_listener.atlassian.arn}" | |
| priority = 99 | |
| action { | |
| type = "forward" | |
| target_group_arn = "${aws_alb_target_group.bitbucket.arn}" | |
| } | |
| condition { | |
| field = "host-header" | |
| values = ["bitbucket.example.com"] | |
| } | |
| } | |
| # create single-node auto-scaling group to run bitbucket | |
| module "bitbucket-asg" { | |
| ... | |
| alb_target_group_arns = ["${aws_alb_target_group.bitbucket.arn}"] | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Sorry to have missed your message @danyal2050! I'll assume you were able to answer it, but to address the question for future readers:
The ALB can be attached to an ASG in one of several ways between AWS and Terraform.
First, the ALB and ELB are slightly different. Next, it's possible to attach either "by-instance" or "by-ASG".
On the Terraform side, we are creating a link between several resource types. We can either link them when creating the resources, or we can create the resources and attach them with a third "attachment" resource.
For example, when creating an ASG, we have
load_balancersfor ELB, andtarget_group_arnsfor ALB. These are parameters on theaws_autoscaling_groupresource:It is also possible to associate those resources after creating them, using the
elb_attachmentresource for ELB, and thelb_target_group_attachmentresource for ALB. Creating the resources separately, and then using the attachment resource allows for slightly better control over which ASG are associated with which TG, for A/B deployments, and similar operational strategies.