Skip to content

rackspace-infrastructure-automation/aws-terraform-nlb

BranchesTags

Repository files navigation

aws-terraform-nlb

This module provides the functionality to deploy a Network Load Balancer complete with listeners and target groups.

Usage:

This and other examples available here

module "nlb" {
  source         = "git@github.com:rackspace-infrastructure-automation/aws-terraform-nlb.git//?ref=v0.12.2"

  # enable alarm actions for TG alarms. vars available for these parameters
  enable_cloudwatch_alarm_actions = true
  environment                     = "Test"

  hc_map = {
    listener1 = {
      protocol            = "TCP"
      healthy_threshold   = 3
      unhealthy_threshold = 3
      interval            = 30
    }

    listener2 = {
      protocol            = "HTTP"
      healthy_threshold   = 3
      unhealthy_threshold = 3
      interval            = 30
      matcher             = "200-399"
      path                = "/"
    }
  }

   listener_map_count = 2

  listener_map = {
    listener1 = {
      port = 80
    }

    listener2 = {
      certificate_arn = "arn:aws:acm:us-east-1:123456789012:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
      port            = 443
      protocol        = "TLS"
    }
  }

  name       = "MyNLB"
  subnet_ids = ["subnet-xxxxxxxxxxxxxxxxx", "subnet-xxxxxxxxxxxxxxxxx"]
  vpc_id     = "vpc-xxxxxxxxxxxxxxxxx"

  tags = {
    "role"    = "load-balancer"
    "contact" = "someone@somewhere.com"
  }

  # if `name` is not defined, then the map index is used for this value
  tg_map = {
    listener1 = {
      name        = "listener1-tg-name"
      port        = 80
      dereg_delay = 300
      target_type = "instance"
    }

    listener2 = {
      name        = "listener2-tg-name"
      port        = 8080
      dereg_delay = 300
      target_type = "instance"
    }
  }
}

Limitations

  • Current module does not support the use of elastic IPs on the NLB at this time, due to a limitation in generating the SubnetMappings list. This is expected to be corrected with the release of terraform v0.12.

Other TF Modules Used

Using aws-terraform-cloudwatch_alarm to create the following CloudWatch Alarms:

  • unhealthy_host_count_alarm

Requirements

Name Version
terraform >= 0.12
aws >= 2.20

Providers

Name Version
aws >= 2.20
null n/a

Modules

Name Source Version
unhealthy_host_count_alarm git@github.com:rackspace-infrastructure-automation/aws-terraform-cloudwatch_alarm//?ref=v0.12.6

Resources

Name
aws_caller_identity
aws_elb_service_account
aws_iam_policy_document
aws_lb
aws_lb_listener
aws_lb_target_group
aws_network_interface
aws_region
aws_route53_record
aws_s3_bucket
aws_s3_bucket_policy
null_data_source

Inputs

Name Description Type Default Required
create_internal_zone_record Create Route 53 internal zone record for the NLB. i.e true | false bool false no
create_logging_bucket Create a new S3 logging bucket. i.e. true | false bool false no
cross_zone configure cross zone load balancing bool true no
enable_deletion_protection If true, deletion of the load balancer will be disabled via the AWS API. This will prevent Terraform from deleting the load balancer. Defaults to false. bool false no
eni_count explicitly tell terraform how many subnets to expect number 0 no
environment environment name e.g. dev; prod string "test" no
facing is this load-balancer internal or external? string "external" no
hc_map health check map map(map(string)) n/a yes
internal_record_name Record Name for the new Resource Record in the Internal Hosted Zone. i.e. nlb.example.com string "" no
kms_key_id The AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of sse_algorithm as aws:kms. string "" no
listener_map listener map map(map(string)) n/a yes
listener_map_count The number of listener maps to utilize number 1 no
logging_bucket_acl Define ACL for Bucket. Must be either authenticated-read, aws-exec-read, log-delivery-write, private, public-read or public-read-write. Via https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl string "private" no
logging_bucket_encyption Enable default bucket encryption. i.e. AES256 | aws:kms string "AES256" no
logging_bucket_force_destroy Whether all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable. ie. true | false bool false no
logging_bucket_name The name of the S3 bucket for the access logs. The bucket name can contain only lowercase letters, numbers, periods (.), and dashes (-). If creating a new logging bucket enter desired bucket name. string "" no
logging_bucket_prefix The prefix for the location in the S3 bucket. If you don't specify a prefix, the access logs are stored in the root of the bucket. Entry must not start with a / or end with one. i.e. 'logs' or 'data/logs' string null no
logging_bucket_retention The number of days to retain load balancer logs. Parameter is ignored if not creating a new S3 bucket. i.e. between 1 - 999 number 14 no
logging_enabled Whether logging for this bucket is enabled. bool false no
name name for this load balancer string n/a yes
notification_topic List of SNS Topic ARNs to use for customer notifications. list(string) [] no
rackspace_alarms_enabled Specifies whether alarms will create a Rackspace ticket. Ignored if rackspace_managed is set to false. bool false no
rackspace_managed Boolean parameter controlling if instance will be fully managed by Rackspace support teams, created CloudWatch alarms that generate tickets, and utilize Rackspace managed SSM documents. bool true no
route_53_hosted_zone_id the zone_id in which to create our ALIAS string "" no
subnet_ids list of subnet ids (1 per AZ only) to attach to this NLB list(string) n/a yes
subnet_map not implemented subnet -> EIP mapping map(list(string)) 
{
  "0": [
    "eip-1",
    "subnet-1"
  ]
}
 no
tags tags map map(string) {} no
tg_map target group map map(map(string)) n/a yes
vpc_id VPC ID string n/a yes

Outputs

Name Description
dns_name the DNS name of the load balancer
eni_ips the private IPs of this LB for use in EC2 security groups
load_balancer_arn_suffix The ARN suffix for use with CloudWatch Metrics.
load_balancer_id the ID and ARN of the load balancer
load_balancer_zone_id The canonical hosted zone ID of the load balancer (to be used in a Route 53 Alias record).
logging_bucket_arn The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.
logging_bucket_domain_name The bucket domain name. Will be of format bucketname.s3.amazonaws.com.
logging_bucket_hosted_zone_id The Route 53 Hosted Zone ID for this bucket's region.
logging_bucket_id The name of the bucket.
logging_bucket_region The AWS region this bucket resides in.
logging_bucket_regional_domain_name The bucket region-specific domain name. The bucket domain name including the region name.
target_group_arn_suffixes ARN suffixes of our target groups - can be used with CloudWatch.
target_group_arns ARNs of the target groups. Useful for passing to your Auto Scaling group.
target_group_names Name of the target group. Useful for passing to your CodeDeploy Deployment Group

About

No description or website provided.

Topics

rax-tf-module navi-rax-supeng

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

5 stars

Watchers

74 watching

Forks

5 forks
Report repository

Releases 11

CI Updates, Stickiness, Logging Bucket ACL fixes Latest
Dec 1, 2020
+ 10 releases

Packages

No packages published

Contributors 11

Languages