Skip to content

Commit

Permalink
nlb-targetgroups (#443)
Browse files Browse the repository at this point in the history 
* Modify NLB terraform due it wasn't complete .
* Add target groups feature to this terraform
* Dynamic to add atachments to target groups.
  • Loading branch information
@bcarranza
bcarranza authored Sep 11, 2023
1 parent da99b8c commit 16820d2
Show file tree
Hide file tree
Showing 5 changed files with 128 additions and 99 deletions.
41 changes: 22 additions & 19 deletions terraform-modules/aws/nlb/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,30 +17,33 @@ No modules.
| Name | Type |
|------|------|
| [aws_lb.nlb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb) | resource |
| [aws_lb_listener.listener](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_listener) | resource |
| [aws_lb_target_group.tg](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_target_group) | resource |
| [aws_lb_target_group_attachment.tg_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_target_group_attachment) | resource |

## Inputs

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_access_logs_s3_bucket_name"></a> [access\_logs\_s3\_bucket\_name](#input\_access\_logs\_s3\_bucket\_name) | The name to use for the S3 bucket where the NLB access logs will be stored. If you set this to null, a name will be generated automatically based on var.nlb\_name. | `string` | `null` | no |
| <a name="input_custom_nlb_access_logs_s3_prefix"></a> [custom\_nlb\_access\_logs\_s3\_prefix](#input\_custom\_nlb\_access\_logs\_s3\_prefix) | Prefix to use for access logs to create a sub-folder in S3 Bucket name where NLB logs should be stored. Only used if var.enable\_custom\_nlb\_access\_logs\_s3\_prefix is true. | `string` | `null` | no |
| <a name="input_enable_cross_zone_load_balancing"></a> [enable\_cross\_zone\_load\_balancing](#input\_enable\_cross\_zone\_load\_balancing) | Set enable\_cross\_zone\_load\_balancing | `bool` | `false` | no |
| <a name="input_enable_custom_nlb_access_logs_s3_prefix"></a> [enable\_custom\_nlb\_access\_logs\_s3\_prefix](#input\_enable\_custom\_nlb\_access\_logs\_s3\_prefix) | Set to true to use the value of nlb\_access\_logs\_s3\_prefix for access logs prefix. If false, the nlb\_name will be used. This is useful if you wish to disable the S3 prefix. Only used if var.enable\_nlb\_access\_logs is true. | `bool` | `false` | no |
| <a name="input_enable_deletion_protection"></a> [enable\_deletion\_protection](#input\_enable\_deletion\_protection) | Enable deletion protection | `bool` | `false` | no |
| <a name="input_enable_http2"></a> [enable\_http2](#input\_enable\_http2) | enable\_http2 | `bool` | `false` | no |
| <a name="input_enable_internal"></a> [enable\_internal](#input\_enable\_internal) | Enable internal load balancer | `bool` | `true` | no |
| <a name="input_enable_nlb_access_logs"></a> [enable\_nlb\_access\_logs](#input\_enable\_nlb\_access\_logs) | This is Optional, Only used to output the NLB logs to S3. we need to input bucket\_name and bucket\_prefix to the list. if left empty it will not output the logs to S3 | `list(any)` | `[]` | no |
| <a name="input_force_destroy"></a> [force\_destroy](#input\_force\_destroy) | A boolean that indicates whether the access logs bucket should be destroyed, even if there are files in it, when you run Terraform destroy. Unless you are using this bucket only for test purposes, you'll want to leave this variable set to false. | `bool` | `false` | no |
| <a name="input_nlb_access_logs_s3_bucket_name"></a> [nlb\_access\_logs\_s3\_bucket\_name](#input\_nlb\_access\_logs\_s3\_bucket\_name) | The S3 Bucket name where NLB logs should be stored. If left empty, no NLB logs will be captured. Tip: It's easiest to create the S3 Bucket using the Gruntwork Module https://github.com/gruntwork-io/terraform-aws-monitoring/tree/master/modules/logs/load-balancer-access-logs. | `string` | `null` | no |
| <a name="input_nlb_access_logs_s3_prefix"></a> [nlb\_access\_logs\_s3\_prefix](#input\_nlb\_access\_logs\_s3\_prefix) | nlb\_access\_logs\_s3\_prefix | `string` | `null` | no |
| <a name="input_nlb_name"></a> [nlb\_name](#input\_nlb\_name) | The name of the NLB. Do not include the environment name since this module will automatically append it to the value of this variable. | `string` | n/a | yes |
| <a name="input_nlb_s3_bucket_name"></a> [nlb\_s3\_bucket\_name](#input\_nlb\_s3\_bucket\_name) | nlb\_s3\_bucket\_name | `string` | `null` | no |
| <a name="input_nlb_subnets"></a> [nlb\_subnets](#input\_nlb\_subnets) | NLB Subnets | `list(string)` | n/a | yes |
| <a name="input_nlb_tags"></a> [nlb\_tags](#input\_nlb\_tags) | Tags | `map(any)` | <pre>{<br> "appname": "nlb"<br>}</pre> | no |
| <a name="input_num_days_after_which_archive_log_data"></a> [num\_days\_after\_which\_archive\_log\_data](#input\_num\_days\_after\_which\_archive\_log\_data) | After this number of days, log files should be transitioned from S3 to Glacier. Enter 0 to never archive log data. | `number` | n/a | yes |
| <a name="input_num_days_after_which_delete_log_data"></a> [num\_days\_after\_which\_delete\_log\_data](#input\_num\_days\_after\_which\_delete\_log\_data) | After this number of days, log files should be deleted from S3. Enter 0 to never delete log data. | `number` | n/a | yes |
| <a name="input_should_create_access_logs_bucket"></a> [should\_create\_access\_logs\_bucket](#input\_should\_create\_access\_logs\_bucket) | If true, create a new S3 bucket for access logs with the name in var.access\_logs\_s3\_bucket\_name. If false, assume the S3 bucket for access logs with the name in var.access\_logs\_s3\_bucket\_name already exists, and don't create a new one. Note that if you set this to false, it's up to you to ensure that the S3 bucket has a bucket policy that grants Elastic Load Balancing permission to write the access logs to your bucket. | `bool` | `true` | no |
| <a name="input_enable_cross_zone_load_balancing"></a> [enable\_cross\_zone\_load\_balancing](#input\_enable\_cross\_zone\_load\_balancing) | Set to true to enable cross-zone load balancing for the NLB. | `bool` | `false` | no |
| <a name="input_enable_deletion_protection"></a> [enable\_deletion\_protection](#input\_enable\_deletion\_protection) | Set to true to enable deletion protection for the NLB. | `bool` | `false` | no |
| <a name="input_enable_http2"></a> [enable\_http2](#input\_enable\_http2) | Set to true to enable HTTP/2 for the NLB. | `bool` | `false` | no |
| <a name="input_enable_internal"></a> [enable\_internal](#input\_enable\_internal) | Set to true to create an internal load balancer, otherwise set to false for a public load balancer. | `bool` | `true` | no |
| <a name="input_enable_nlb_access_logs"></a> [enable\_nlb\_access\_logs](#input\_enable\_nlb\_access\_logs) | Set to a list containing bucket\_name and bucket\_prefix to enable NLB access logs. Leave empty to disable NLB access logs to S3. | `list(any)` | `[]` | no |
| <a name="input_listener_port"></a> [listener\_port](#input\_listener\_port) | The port on which the listener listens. | `string` | `"80"` | no |
| <a name="input_listener_protocol"></a> [listener\_protocol](#input\_listener\_protocol) | The protocol used by the listener. | `string` | `"HTTP"` | no |
| <a name="input_nlb_name"></a> [nlb\_name](#input\_nlb\_name) | The name of the Network Load Balancer (NLB). It should be 32 characters or less. | `string` | n/a | yes |
| <a name="input_nlb_security_groups"></a> [nlb\_security\_groups](#input\_nlb\_security\_groups) | Security Group to filter traffict to load balancer | `list(string)` | n/a | yes |
| <a name="input_nlb_subnets"></a> [nlb\_subnets](#input\_nlb\_subnets) | List of subnets where the NLB will be deployed. | `list(any)` | n/a | yes |
| <a name="input_nlb_tags"></a> [nlb\_tags](#input\_nlb\_tags) | A map of tags to apply to the NLB resource. | `map(any)` | <pre>{<br> "appname": "nlb"<br>}</pre> | no |
| <a name="input_target_attachments"></a> [target\_attachments](#input\_target\_attachments) | List of target attachments | <pre>list(object({<br> target_id = string<br> port = number<br> }))</pre> | n/a | yes |
| <a name="input_target_group_name"></a> [target\_group\_name](#input\_target\_group\_name) | The name of the Target Group. | `any` | n/a | yes |
| <a name="input_target_group_port"></a> [target\_group\_port](#input\_target\_group\_port) | The port on which the Target Group listens. | `number` | `80` | no |
| <a name="input_target_group_protocol"></a> [target\_group\_protocol](#input\_target\_group\_protocol) | The protocol used by the Target Group. | `string` | `"HTTP"` | no |
| <a name="input_target_vpc_id"></a> [target\_vpc\_id](#input\_target\_vpc\_id) | The VPC where the targets' endpoints are deployed. | `string` | n/a | yes |

## Outputs

No outputs.
| Name | Description |
|------|-------------|
| <a name="output_load_balancer_external_dns"></a> [load\_balancer\_external\_dns](#output\_load\_balancer\_external\_dns) | DNS name for the Network Load Balancer |
13 changes: 0 additions & 13 deletions terraform-modules/aws/nlb/locals.tf
View file

This file was deleted.

56 changes: 52 additions & 4 deletions terraform-modules/aws/nlb/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ resource "aws_lb" "nlb" {
internal = var.enable_internal
load_balancer_type = "network"
subnets = var.nlb_subnets

security_groups = var.nlb_security_groups
enable_deletion_protection = var.enable_deletion_protection

dynamic "access_logs" {
Expand All @@ -15,11 +15,59 @@ resource "aws_lb" "nlb" {
enabled = true
}
}
enable_cross_zone_load_balancing = var.enable_cross_zone_load_balancing
enable_http2 = var.enable_http2
tags = var.nlb_tags
}

# Define an AWS target group resource for the ALB
resource "aws_lb_target_group" "tg" {
name = var.target_group_name
port = var.target_group_port
protocol = var.target_group_protocol
vpc_id = var.target_vpc_id
target_type = "ip"
}

enable_cross_zone_load_balancing = var.enable_cross_zone_load_balancing
# Attach instance 1 to the target group
#resource "aws_lb_target_group_attachment" "tg-attachment-1" {
# target_group_arn = aws_lb_target_group.tg.arn
# target_id = var.tg_attachment_ip_1
# port = var.tg_attachment_port_1
#}

enable_http2 = var.enable_http2
# Attach instance 2 to the target group
#resource "aws_lb_target_group_attachment" "tg-attachment-2" {
# target_group_arn = aws_lb_target_group.tg.arn
# target_id = var.tg_attachment_ip_2
# port = var.tg_attachment_port_2
#}

tags = var.nlb_tags
# Attach instance 3 to the target group
#resource "aws_lb_target_group_attachment" "tg-attachment-3" {
# target_group_arn = aws_lb_target_group.tg.arn
# target_id = var.tg_attachment_ip_3
# port = var.tg_attachment_port_3
#}

# Attach instances to the target group dynamically based on the variable
resource "aws_lb_target_group_attachment" "tg_attachment" {
count = length(var.target_attachments)

target_group_arn = aws_lb_target_group.tg.arn
target_id = var.target_attachments[count.index].target_id
port = var.target_attachments[count.index].port
}

# Define a listener for the ALB
resource "aws_lb_listener" "listener" {
load_balancer_arn = aws_lb.nlb.arn
port = var.listener_port
protocol = var.listener_protocol

# Define the default action for the listener (forward traffic to the target group)
default_action {
type = "forward"
target_group_arn = aws_lb_target_group.tg.arn
}
}
5 changes: 5 additions & 0 deletions terraform-modules/aws/nlb/output.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
# Output the DNS name of the external Application Load Balancer (in the `aws_lb` resource).
output "load_balancer_external_dns" {
value = aws_lb.nlb.dns_name
description = "DNS name for the Network Load Balancer"
}
112 changes: 49 additions & 63 deletions terraform-modules/aws/nlb/variables.tf
View file
Original file line number Diff line number Diff line change
@@ -1,112 +1,98 @@
variable "enable_deletion_protection" {
type = bool
description = "Enable deletion protection"
description = "Set to true to enable deletion protection for the NLB."
default = false
}

variable "enable_internal" {
type = bool
description = "Enable internal load balancer"
description = "Set to true to create an internal load balancer, otherwise set to false for a public load balancer."
default = true
}

variable "nlb_name" {
description = "The name of the NLB. Do not include the environment name since this module will automatically append it to the value of this variable."
description = "The name of the Network Load Balancer (NLB). It should be 32 characters or less."
type = string
# AWS imposes a 32 character limit on the names of NLBs, so here we catch any overages client-side
validation {
condition = length(var.nlb_name) <= 32
error_message = "Your nlb_name must be 32 characters or less in length."
}
}

variable "nlb_security_groups" {
description = "Security Group to filter traffict to load balancer"
type = list(string)
}

variable "enable_nlb_access_logs" {
description = "This is Optional, Only used to output the NLB logs to S3. we need to input bucket_name and bucket_prefix to the list. if left empty it will not output the logs to S3"
description = "Set to a list containing bucket_name and bucket_prefix to enable NLB access logs. Leave empty to disable NLB access logs to S3."
type = list(any)
default = []
}

variable "nlb_access_logs_s3_bucket_name" {
description = "The S3 Bucket name where NLB logs should be stored. If left empty, no NLB logs will be captured. Tip: It's easiest to create the S3 Bucket using the Gruntwork Module https://github.com/gruntwork-io/terraform-aws-monitoring/tree/master/modules/logs/load-balancer-access-logs."
type = string
default = null
}

variable "custom_nlb_access_logs_s3_prefix" {
description = "Prefix to use for access logs to create a sub-folder in S3 Bucket name where NLB logs should be stored. Only used if var.enable_custom_nlb_access_logs_s3_prefix is true."
type = string
default = null
variable "nlb_subnets" {
type = list(any)
description = "List of subnets where the NLB will be deployed."
}

variable "enable_custom_nlb_access_logs_s3_prefix" {
description = "Set to true to use the value of nlb_access_logs_s3_prefix for access logs prefix. If false, the nlb_name will be used. This is useful if you wish to disable the S3 prefix. Only used if var.enable_nlb_access_logs is true."
variable "enable_cross_zone_load_balancing" {
description = "Set to true to enable cross-zone load balancing for the NLB."
type = bool
default = false
}

variable "access_logs_s3_bucket_name" {
description = "The name to use for the S3 bucket where the NLB access logs will be stored. If you set this to null, a name will be generated automatically based on var.nlb_name."
type = string
default = null
}

variable "should_create_access_logs_bucket" {
description = "If true, create a new S3 bucket for access logs with the name in var.access_logs_s3_bucket_name. If false, assume the S3 bucket for access logs with the name in var.access_logs_s3_bucket_name already exists, and don't create a new one. Note that if you set this to false, it's up to you to ensure that the S3 bucket has a bucket policy that grants Elastic Load Balancing permission to write the access logs to your bucket."
variable "enable_http2" {
description = "Set to true to enable HTTP/2 for the NLB."
type = bool
default = true
}

variable "num_days_after_which_archive_log_data" {
description = "After this number of days, log files should be transitioned from S3 to Glacier. Enter 0 to never archive log data."
type = number
default = false
}

variable "num_days_after_which_delete_log_data" {
description = "After this number of days, log files should be deleted from S3. Enter 0 to never delete log data."
type = number
variable "nlb_tags" {
description = "A map of tags to apply to the NLB resource."
type = map(any)
default = {
appname = "nlb"
}
}

variable "force_destroy" {
description = "A boolean that indicates whether the access logs bucket should be destroyed, even if there are files in it, when you run Terraform destroy. Unless you are using this bucket only for test purposes, you'll want to leave this variable set to false."
type = bool
default = false
# Target Groups Variables
variable "target_group_name" {
description = "The name of the Target Group."
}

variable "nlb_subnets" {
type = list(string)
description = "NLB Subnets"
variable "target_group_port" {
description = "The port on which the Target Group listens."
type = number
default = 80
}


variable "enable_cross_zone_load_balancing" {
description = "Set enable_cross_zone_load_balancing"
type = bool
default = false
variable "target_group_protocol" {
description = "The protocol used by the Target Group."
type = string
default = "HTTP"
}

variable "enable_http2" {
description = "enable_http2"
type = bool
default = false
variable "target_vpc_id" {
description = "The VPC where the targets' endpoints are deployed."
type = string
}


variable "nlb_access_logs_s3_prefix" {
description = "nlb_access_logs_s3_prefix"
variable "listener_port" {
description = "The port on which the listener listens."
type = string
default = null
default = "80"
}

variable "nlb_s3_bucket_name" {
description = "nlb_s3_bucket_name"
variable "listener_protocol" {
description = "The protocol used by the listener."
type = string
default = null
default = "HTTP"
}

variable "nlb_tags" {
description = "Tags"
type = map(any)
default = {
appname = "nlb"
}
variable "target_attachments" {
type = list(object({
target_id = string
port = number
}))
description = "List of target attachments"
}

0 comments on commit 16820d2

Please sign in to comment.