@@ -5,33 +5,146 @@ Terraform AWS Classic Load Balancer
55
66A Terraform module for building a classic load balancer in AWS.
77
8+ The load balancer requires:
9+ * An existing VPC
10+ * Some existing subnets
11+ * A domain name and public and private hosted zones
12+
13+ The ECS load balancer consists of:
14+ * An ELB
15+ * Deployed across the provided subnet IDs
16+ * Either internal or internet-facing as specified
17+ * With listeners for each of the supplied listener configurations
18+ * With a health check using the specified target
19+ * With connection draining as specified
20+ * A security group allowing access to/from the load balancer according to the
21+ specified access control and egress CIDRs configuration
22+ * A security group for use by instances allowing access from the load balancer
23+ according to the specified access control configuration
24+ * A DNS entry
25+ * In the public hosted zone if specified
26+ * In the private hosted zone if specified
27+
28+ ![ Diagram of infrastructure managed by this module] ( /docs/architecture.png?raw=true )
29+
830Usage
931-----
1032
11- To use the module, include something like the following in your terraform configuration:
33+ To use the module, include something like the following in your terraform
34+ configuration:
1235
1336``` hcl-terraform
1437module "classic_load_balancer" {
1538 source = "git@github.com:infrablocks/terraform-aws-classic-load-balancer.git//src"
16-
39+
1740 region = "eu-west-2"
41+ vpc_id = "vpc-fb7dc365"
42+ subnet_ids = "subnet-ae4533c4,subnet-443e6b12"
43+
44+ component = "important-component"
45+ deployment_identifier = "production"
46+
47+ domain_name = "example.com"
48+ public_zone_id = "Z1WA3EVJBXSQ2V"
49+ private_zone_id = "Z3CVA9QD5NHSW3"
50+
51+ listeners = [
52+ {
53+ lb_port = 443
54+ lb_protocol = "HTTPS"
55+ instance_port = 443
56+ instance_protocol = "HTTPS"
57+ ssl_certificate_id = "arn:aws:iam::123456789012:server-certificate/default"
58+ },
59+ {
60+ lb_port = 6567
61+ lb_protocol = "TCP"
62+ instance_port = 6567
63+ instance_protocol = "TCP"
64+ }
65+ ]
66+
67+ access_control = [
68+ {
69+ lb_port = 443
70+ instance_port = 443
71+ allow_cidr = '0.0.0.0/0'
72+ },
73+ {
74+ lb_port = 6567
75+ instance_port = 6567
76+ allow_cidr = '10.0.0.0/8'
77+ }
78+ ]
79+
80+ egress_cidrs = '10.0.0.0/8'
81+
82+ health_check_target = 'HTTPS:443/ping'
83+ health_check_timeout = 10
84+ health_check_interval = 30
85+ health_check_unhealthy_threshold = 5
86+ health_check_healthy_threshold = 5
87+
88+ enable_cross_zone_load_balancing = 'yes'
89+
90+ enable_connection_draining = 'yes'
91+ connection_draining_timeout = 60
92+
93+ idle_timeout = 60
94+
95+ include_public_dns_record = 'yes'
96+ include_private_dns_record = 'yes'
97+
98+ expose_to_public_internet = 'yes'
1899}
19100```
20101
21102Executing ` terraform get ` will fetch the module.
22103
104+ As mentioned above, the load balancer deploys into an existing base network.
105+ Whilst the base network can be created using any mechanism you like, the
106+ [ AWS Base Networking] ( https://github.com/tobyclemson/terraform-aws-base-networking )
107+ module will create everything you need. See the
108+ [ docs] ( https://github.com/tobyclemson/terraform-aws-base-networking/blob/master/README.md )
109+ for usage instructions.
23110
24- ### Inputs
25111
26- | Name | Description | Default | Required |
27- | -----------------------------| ---------------------------------------------| :-------:| :--------:|
28- | region | The region into which to deploy the VPC | - | yes |
112+ ### Inputs
29113
114+ | Name | Description | Default | Required |
115+ | ----------------------------------| -------------------------------------------------------------------------------| :-------------------:| :------------------------------------:|
116+ | region | The region into which to deploy the load balancer | - | yes |
117+ | vpc_id | The ID of the VPC into which to deploy the load balancer | - | yes |
118+ | subnet_ids | The IDs of the subnets for the ELB | - | yes |
119+ | component | The component for which the load balancer is being created | - | yes |
120+ | deployment_identifier | An identifier for this instantiation | - | yes |
121+ | domain_name | The domain name of the supplied Route 53 zones | - | yes |
122+ | public_zone_id | The ID of the public Route 53 zone | - | if include_public_dns_record is yes |
123+ | private_zone_id | The ID of the private Route 53 zone | - | if include_private_dns_record is yes |
124+ | listeners | A list of listener configurations for the ELB | - | yes |
125+ | access_control | A list of access control configurations for the security groups | - | yes |
126+ | egress_cidrs | The CIDRs that the load balancer is allowed to access | The CIDR of the VPC | no |
127+ | health_check_target | The target to use for health checks | TCP:80 | yes |
128+ | health_check_timeout | The time after which a health check is considered failed in seconds | 5 | yes |
129+ | health_check_interval | The time between health check attempts in seconds | 30 | yes |
130+ | health_check_unhealthy_threshold | The number of failed health checks before an instance is taken out of service | 2 | yes |
131+ | health_check_healthy_threshold | The number of successful health checks before an instance is put into service | 10 | yes |
132+ | enable_cross_zone_load_balancing | Whether or not to enable cross zone load balancing ("yes" or "no") | yes | yes |
133+ | enable_connection_draining | Whether or not to enable connection draining ("yes" or "no") | no | yes |
134+ | connection_draining_timeout | The time after which connection draining is aborted in seconds | 300 | yes |
135+ | idle_timeout | The time after which idle connections are closed | 60 | yes |
136+ | include_public_dns_record | Whether or not to create a public DNS entry ("yes" or "no") | no | yes |
137+ | include_private_dns_record | Whether or not to create a private DNS entry ("yes" or "no") | yes | yes |
138+ | expose_to_public_internet | Whether or not to the ELB should be internet facing ("yes" or "no") | no | yes |
30139
31140### Outputs
32141
33- | Name | Description |
34- | ------------------------------| -------------------------------------------------------|
142+ | Name | Description |
143+ | -----------------------------------------| -----------------------------------------------------------|
144+ | name | The name of the created ELB |
145+ | address | The address of the DNS record(s) for the created ELB |
146+ | security_group_id | The ID of the ELB security group |
147+ | open_to_load_balancer_security_group_id | The ID of the security group allowing access from the ELB |
35148
36149
37150Development
@@ -111,7 +224,7 @@ To destroy the module contents:
111224Contributing
112225------------
113226
114- Bug reports and pull requests are welcome on GitHub at https://github.com/infrablocks/terraform-aws-encrypted-bucket .
227+ Bug reports and pull requests are welcome on GitHub at https://github.com/infrablocks/terraform-aws-classic-load-balancer .
115228This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to
116229the [ Contributor Covenant] ( http://contributor-covenant.org ) code of conduct.
117230
0 commit comments