- Notifications
You must be signed in to change notification settings - Fork0
Create AWS Network Load Balancer with Terraform - Demo for both TCP and TLS Listeners. This repository contains configuration files and a step-by-step guide to creating an AWS Network Load Balancer (NLB) using Terraform.
NotificationsYou must be signed in to change notification settings
gerardodavidlopezcastillo/TF_NLB-NetworkLoadBalancer_Public
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
| description |
|---|
Create AWS Network Load Balancer with Terraform - Demo for both TCP and TLS Listeners. This repository contains configuration files and a step-by-step guide to creating an AWS Network Load Balancer (NLB) using Terraform. The focus is on creating both TCP and TLS Listeners, along with creating an associated Target Group. Through this project, you will be able to efficiently deploy and manage an NLB on your AWS infrastructure, providing reliable and scalable load balancing for your applications. |
- CreateAWS Network Load Balancer using Terraform Module
- Create TCP Listener
- Create TLS Listener
- Create Target Group
- NLB requires private security group EC2 Instances to have the
ingress_cidr_blocksas0.0.0.0/0
# Before ingress_cidr_blocks = [module.vpc.vpc_cidr_block]# After ingress_cidr_blocks = ["0.0.0.0/0"]# Required for NLB
- Place holder file for NLB variables.
- CreateAWS Network Load Balancer using Terraform Module
- Create TCP Listener
- Create TLS Listener
- Create Target Group
# Terraform AWS Network Load Balancer (NLB)module"nlb" { source ="terraform-aws-modules/alb/aws" version ="9.4.0" name_prefix ="mynlb-" load_balancer_type ="network" vpc_id = module.vpc.vpc_id dns_record_client_routing_policy ="availability_zone_affinity" security_groups = [module.loadbalancer_sg.security_group_id]# https://github.com/hashicorp/terraform-provider-aws/issues/17281 subnets = module.vpc.public_subnets# For example only enable_deletion_protection = false# Listeners listeners = {# Listener-1: TCP Listenermy-tcp = { port = 80 protocol ="TCP" forward = { target_group_key ="mytg1" } }# End Listener-1: TCP Listener# Listener-2: TLS Listener (SSL)my-tls = { port = 443 protocol ="TLS" certificate_arn = module.acm.acm_certificate_arn forward = { target_group_key ="mytg1" } }# End Listener-2: TLS Listener (SSL) }# End Listeners Block# Target Groups target_groups = {# Target Group-1: mytg1 mytg1 = { create_attachment = false name_prefix ="mytg1-" protocol ="TCP" port = 80 target_type ="instance" deregistration_delay = 10 health_check = { enabled = true interval = 30 path ="/app1/index.html" port ="traffic-port" healthy_threshold = 3 unhealthy_threshold = 3 timeout = 6 }# End Health Check Block }# End Target Group-1: mytg1 } tags =local.common_tags}# End NLB Module
# Terraform AWS Network Load Balancer (NLB) Outputs################################################################################# Load Balancer################################################################################output"id" { description ="The ID and ARN of the load balancer we created" value = module.nlb.id}output"arn" { description ="The ID and ARN of the load balancer we created" value = module.nlb.arn}output"arn_suffix" { description ="ARN suffix of our load balancer - can be used with CloudWatch" value = module.nlb.arn_suffix}output"dns_name" { description ="The DNS name of the load balancer" value = module.nlb.dns_name}output"zone_id" { description ="The zone_id of the load balancer to assist with creating DNS records" value = module.nlb.zone_id}################################################################################# Listener(s)################################################################################output"listeners" { description ="Map of listeners created and their attributes" value = module.nlb.listeners}output"listener_rules" { description ="Map of listeners rules created and their attributes" value = module.nlb.listener_rules}################################################################################# Target Group(s)################################################################################output"target_groups" { description ="Map of target groups created and their attributes" value = module.nlb.target_groups}################################################################################# Security Group################################################################################output"security_group_arn" { description ="Amazon Resource Name (ARN) of the security group" value = module.nlb.security_group_arn}output"security_group_id" { description ="ID of the security group" value = module.nlb.security_group_id}################################################################################# Route53 Record(s)################################################################################output"route53_records" { description ="The Route53 records created and attached to the load balancer" value = module.nlb.route53_records}
- Change-1: Update DNS Name
- Change-2: Update
alias name - Change-3: Update
alias zone_id
# DNS Registrationresource"aws_route53_record""apps_dns" { zone_id = data.aws_route53_zone.mydomain.zone_id name ="nlb1.devopsincloud.com" type ="A" alias { name = module.nlb.lb_dns_name zone_id = module.nlb.lb_zone_id evaluate_target_health = true } }
- Change the module name for
target_group_arnstonlb
# Before target_group_arns = [module.alb.target_groups["mytg1"].arn]# After target_group_arns = [module.nlb.target_groups["mytg1"].arn]
- Comment TTSP ALB policy which is not applicable to NLB
# TTS - Scaling Policy-2: Based on ALB Target Requests# THIS POLICY IS SPECIFIC TO ALB and NOT APPLICABLE TO NLB/*resource "aws_autoscaling_policy" "alb_target_requests_greater_than_yy" { name = "alb-target-requests-greater-than-yy" policy_type = "TargetTrackingScaling" # Important Note: The policy type, either "SimpleScaling", "StepScaling" or "TargetTrackingScaling". If this value isn't provided, AWS will default to "SimpleScaling." autoscaling_group_name = aws_autoscaling_group.my_asg.id estimated_instance_warmup = 120 # defaults to ASG default cooldown 300 seconds if not set # Number of requests > 10 completed per target in an Application Load Balancer target group. target_tracking_configuration { predefined_metric_specification { predefined_metric_type = "ALBRequestCountPerTarget" resource_label = "${module.alb.lb_arn_suffix}/${module.alb.target_group_arn_suffixes[0]}" } target_value = 10.0 }}*/
# Terraform Initializeterraform init# Terrafom Validateterraform validate# Terraform Planterraform plan# Terraform Applyterraform apply -auto-approve
- Confirm SNS Subscription in your email
- Verify EC2 Instances
- Verify Launch Templates (High Level)
- Verify Autoscaling Group (High Level)
- Verify Network Load Balancer
- TCP Listener
- TLS Listener
- Verify Network Load Balancer Target Group
- Health Checks - both nodes should be healthy
- Access and Test
# Access and Test with Port 80 - TCP Listenerhttp://nlb.devopsincloud.comhttp://nlb.devopsincloud.com/app1/index.htmlhttp://nlb.devopsincloud.com/app1/metadata.html# Access and Test with Port 443 - TLS Listenerhttps://nlb.devopsincloud.comhttps://nlb.devopsincloud.com/app1/index.htmlhttps://nlb.devopsincloud.com/app1/metadata.html
# Terraform Destroyterraform destroy -auto-approve# Clean-Up Filesrm -rf .terraform*rm -rf terraform.tfstate*
About
Create AWS Network Load Balancer with Terraform - Demo for both TCP and TLS Listeners. This repository contains configuration files and a step-by-step guide to creating an AWS Network Load Balancer (NLB) using Terraform.
Topics
Resources
Uh oh!
There was an error while loading.Please reload this page.
Stars
Watchers
Forks
Releases
No releases published
Packages0
No packages published