Skip to content

Instantly share code, notes, and snippets.

@ketzacoatl
Created October 6, 2017 11:41
Show Gist options
  • Save ketzacoatl/be53b0d3bb286093648584fe32045665 to your computer and use it in GitHub Desktop.
Save ketzacoatl/be53b0d3bb286093648584fe32045665 to your computer and use it in GitHub Desktop.
Terraform example ALB w/ target groups for an ASG
# Security Group for ALB
resource "aws_security_group" "atlassian-alb" {
name = "${var.name}-load-balancer"
description = "allow HTTPS to ${var.name} Load Balancer (ALB)"
vpc_id = "${module.vpc.vpc_id}"
ingress {
from_port = "443"
to_port = "443"
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
tags {
Name = "${var.name}"
}
}
# Create a single load balancer for all Atlassian services
resource "aws_alb" "atlassian" {
name = "${var.name}"
internal = false
idle_timeout = "300"
security_groups = [
"${aws_security_group.atlassian-alb.id}",
"${module.open-egress-sg.id}"
]
subnets = ["${module.vpc.public_subnet_ids}"]
enable_deletion_protection = true
# access_logs {
# bucket = "${aws_s3_bucket.alb_logs.bucket}"
# prefix = "test-alb"
# }
tags {
Name = "${var.name}"
}
}
# Define a listener
resource "aws_alb_listener" "atlassian" {
load_balancer_arn = "${aws_alb.atlassian.arn}"
port = "443"
protocol = "HTTPS"
ssl_policy = "ELBSecurityPolicy-2015-05"
certificate_arn = "${var.ssl_arn}"
default_action {
target_group_arn = "${aws_alb_target_group.bitbucket.arn}"
type = "forward"
}
}
# Connect bitbucket ASG up to the Application Load Balancer (see load-balancer.tf)
resource "aws_alb_target_group" "bitbucket" {
name = "${var.name}-bitbucket"
port = 7990
protocol = "HTTP"
vpc_id = "${module.vpc.vpc_id}"
}
resource "aws_alb_listener_rule" "bitbucket" {
listener_arn = "${aws_alb_listener.atlassian.arn}"
priority = 99
action {
type = "forward"
target_group_arn = "${aws_alb_target_group.bitbucket.arn}"
}
condition {
field = "host-header"
values = ["bitbucket.example.com"]
}
}
# create single-node auto-scaling group to run bitbucket
module "bitbucket-asg" {
...
alb_target_group_arns = ["${aws_alb_target_group.bitbucket.arn}"]
}
@danyal2050
Copy link

How do I attach Application Load Balancer (ALB) directly with Auto-scaling Group(ASG) in aws.

@ketzacoatl
Copy link
Author

How do I attach Application Load Balancer (ALB) directly with Auto-scaling Group(ASG) in aws.

Sorry to have missed your message @danyal2050! I'll assume you were able to answer it, but to address the question for future readers:

The ALB can be attached to an ASG in one of several ways between AWS and Terraform.

First, the ALB and ELB are slightly different. Next, it's possible to attach either "by-instance" or "by-ASG".

On the Terraform side, we are creating a link between several resource types. We can either link them when creating the resources, or we can create the resources and attach them with a third "attachment" resource.

For example, when creating an ASG, we have load_balancers for ELB, and target_group_arns for ALB. These are parameters on the aws_autoscaling_group resource:

load_balancers (Optional) A list of elastic load balancer names to add to the autoscaling group names. Only valid for classic load balancers. For ALBs, use target_group_arns instead.

target_group_arns (Optional) A list of aws_alb_target_group ARNs, for use with Application or Network Load Balancing.
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_group#target_group_arns

It is also possible to associate those resources after creating them, using the elb_attachment resource for ELB, and the lb_target_group_attachment resource for ALB. Creating the resources separately, and then using the attachment resource allows for slightly better control over which ASG are associated with which TG, for A/B deployments, and similar operational strategies.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment