aws-terraform-nlb
This module provides the functionality to deploy a Network Load Balancer complete with listeners and target groups.
Usage:
This and other examples available here
module "nlb" {
source = "[email protected]:rackspace-infrastructure-automation/aws-terraform-nlb.git//?ref=v0.12.2"
# enable alarm actions for TG alarms. vars available for these parameters
enable_cloudwatch_alarm_actions = true
environment = "Test"
hc_map = {
listener1 = {
protocol = "TCP"
healthy_threshold = 3
unhealthy_threshold = 3
interval = 30
}
listener2 = {
protocol = "HTTP"
healthy_threshold = 3
unhealthy_threshold = 3
interval = 30
matcher = "200-399"
path = "/"
}
}
listener_map_count = 2
listener_map = {
listener1 = {
port = 80
}
listener2 = {
certificate_arn = "arn:aws:acm:us-east-1:123456789012:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
port = 443
protocol = "TLS"
}
}
name = "MyNLB"
subnet_ids = ["subnet-xxxxxxxxxxxxxxxxx", "subnet-xxxxxxxxxxxxxxxxx"]
vpc_id = "vpc-xxxxxxxxxxxxxxxxx"
tags = {
"role" = "load-balancer"
"contact" = "[email protected]"
}
# if `name` is not defined, then the map index is used for this value
tg_map = {
listener1 = {
name = "listener1-tg-name"
port = 80
dereg_delay = 300
target_type = "instance"
}
listener2 = {
name = "listener2-tg-name"
port = 8080
dereg_delay = 300
target_type = "instance"
}
}
}Limitations
- Current module does not support the use of elastic IPs on the NLB at this time, due to a limitation in generating the SubnetMappings list. This is expected to be corrected with the release of terraform v0.12.
Other TF Modules Used
Using aws-terraform-cloudwatch_alarm to create the following CloudWatch Alarms:
- unhealthy_host_count_alarm
Providers
| Name | Version |
|---|---|
| aws | >= 2.20 |
| null | n/a |
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| create_internal_zone_record | Create Route 53 internal zone record for the NLB. i.e true | false | bool |
false |
no |
| create_logging_bucket | Create a new S3 logging bucket. i.e. true | false | bool |
false |
no |
| cross_zone | configure cross zone load balancing | bool |
true |
no |
| enable_deletion_protection | If true, deletion of the load balancer will be disabled via the AWS API. This will prevent Terraform from deleting the load balancer. Defaults to false. | bool |
false |
no |
| eni_count | explicitly tell terraform how many subnets to expect | number |
0 |
no |
| environment | environment name e.g. dev; prod | string |
"test" |
no |
| facing | is this load-balancer internal or external? | string |
"external" |
no |
| hc_map | health check map | map(map(string)) |
n/a | yes |
| internal_record_name | Record Name for the new Resource Record in the Internal Hosted Zone. i.e. nlb.example.com | string |
"" |
no |
| kms_key_id | The AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of sse_algorithm as aws:kms. | string |
"" |
no |
| listener_map | listener map | map(map(string)) |
n/a | yes |
| listener_map_count | The number of listener maps to utilize | number |
1 |
no |
| logging_bucket_acl | Define ACL for Bucket. Must be either authenticated-read, aws-exec-read, log-delivery-write, private, public-read or public-read-write. Via https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl | string |
"private" |
no |
| logging_bucket_encyption | Enable default bucket encryption. i.e. AES256 | aws:kms | string |
"AES256" |
no |
| logging_bucket_force_destroy | Whether all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable. ie. true | false | bool |
false |
no |
| logging_bucket_name | The name of the S3 bucket for the access logs. The bucket name can contain only lowercase letters, numbers, periods (.), and dashes (-). If creating a new logging bucket enter desired bucket name. | string |
"" |
no |
| logging_bucket_prefix | The prefix for the location in the S3 bucket. If you don't specify a prefix, the access logs are stored in the root of the bucket. Entry must not start with a / or end with one. i.e. 'logs' or 'data/logs' | string |
n/a | yes |
| logging_bucket_retention | The number of days to retain load balancer logs. Parameter is ignored if not creating a new S3 bucket. i.e. between 1 - 999 | number |
14 |
no |
| logging_enabled | Whether logging for this bucket is enabled. | bool |
false |
no |
| name | name for this load balancer | string |
n/a | yes |
| notification_topic | List of SNS Topic ARNs to use for customer notifications. | list(string) |
[] |
no |
| rackspace_alarms_enabled | Specifies whether alarms will create a Rackspace ticket. Ignored if rackspace_managed is set to false. | bool |
false |
no |
| rackspace_managed | Boolean parameter controlling if instance will be fully managed by Rackspace support teams, created CloudWatch alarms that generate tickets, and utilize Rackspace managed SSM documents. | bool |
true |
no |
| route_53_hosted_zone_id | the zone_id in which to create our ALIAS | string |
"" |
no |
| subnet_ids | list of subnet ids (1 per AZ only) to attach to this NLB | list(string) |
n/a | yes |
| subnet_map | not implemented subnet -> EIP mapping | map(list(string)) |
{ |
no |
| tags | tags map | map(string) |
{} |
no |
| tg_map | target group map | map(map(string)) |
n/a | yes |
| vpc_id | VPC ID | string |
n/a | yes |
Outputs
| Name | Description |
|---|---|
| dns_name | the DNS name of the load balancer |
| eni_ips | the private IPs of this LB for use in EC2 security groups |
| load_balancer_arn_suffix | The ARN suffix for use with CloudWatch Metrics. |
| load_balancer_id | the ID and ARN of the load balancer |
| load_balancer_zone_id | The canonical hosted zone ID of the load balancer (to be used in a Route 53 Alias record). |
| logging_bucket_arn | The ARN of the bucket. Will be of format arn:aws:s3:::bucketname. |
| logging_bucket_domain_name | The bucket domain name. Will be of format bucketname.s3.amazonaws.com. |
| logging_bucket_hosted_zone_id | The Route 53 Hosted Zone ID for this bucket's region. |
| logging_bucket_id | The name of the bucket. |
| logging_bucket_region | The AWS region this bucket resides in. |
| logging_bucket_regional_domain_name | The bucket region-specific domain name. The bucket domain name including the region name. |
| target_group_arn_suffixes | ARN suffixes of our target groups - can be used with CloudWatch. |
| target_group_arns | ARNs of the target groups. Useful for passing to your Auto Scaling group. |
| target_group_names | Name of the target group. Useful for passing to your CodeDeploy Deployment Group |
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent