Application Load Balancer and Target group attachment using Terraform

The terraform code will help you to create an Application Load Balancer, target group and then attaching the EC2 Instances within the TG.

Once you apply the given code, you can access your application installed on EC2 Instances using the application load Balancer.

Here, all the code in use is provided in various files to avoid the complexity. We will go step by step and look for the same.

1. Create a providers.tf file inside a directory

provider "aws" {
  region     = "us-east-2"     # Mention the required region
  access_key = "my-access-key" # Mention the access key in place
  secret_key = "my-secret-key" # Mention the secret key in place
}

2. Initialise the terraform by installing the relevant plugins using the “terraform init” command.

NOTE : All the files created below should be present in the same directory.

3. Create a variables.tf file to declare all the variables required.

## cat variables.tf
# Declare the ALB names required for creation
# Here, we are creating two ALBs "test" and "test1"
variable "alb_names" {
   type = map
   default = { for alb_names in ["test”, “test1” ] : alb_names =>     alb_names }
}
# Map used for providing details for health-check
# You can use the values based on your requirements
variable "health_check" {
   type = map(string)
   default = {
      "timeout"  = "10"
      "interval" = "20"
      "path"     = "/"
      "port"     = "80"
      "unhealthy_threshold" = "2"
      "healthy_threshold" = "3"
    }
}
# Mention the security names to be used
# Make sure the SG provided is having access to HTTP and HTTPs
variable "security_grp" {
    type = list
    default = ["sg-053d8XXXXX01a"]
}
# Mention the subnets
variable "subnets" {
    type = list
    default = ["subnet-02XXX69","subnet-66XXXXa","subnet-57XXXd"]
}
##

4. Creation of the Application Load Balancer using main.tf

## cat main.tf
resource "aws_lb" "sample_lb" {
    for_each           = var.alb_names
    name               = each.value
    internal           = false
    load_balancer_type = "application" 
    security_groups    = var.security_grp
    subnets            = var.subnets
    enable_cross_zone_load_balancing = "true"
    tags = {
         Environment = "Production"
         Role        = "Sample-Application"
    }
}

5. Target group creation for the EC2 Instances using target_group.tf

## cat target_group.tf
# It will create the target group for each mentioned ALB
resource "aws_lb_target_group" "sample_tg" {
   for_each           = var.alb_names
   name               = each.value
   target_type        = "instance"
   port               = 80
   protocol           = "HTTP"
   vpc_id             = "vpc-70XXXXb"
   health_check {
      healthy_threshold   = var.health_check["healthy_threshold"]
      interval            = var.health_check["interval"]
      unhealthy_threshold = var.health_check["unhealthy_threshold"]
      timeout             = var.health_check["timeout"]
      path                = var.health_check["path"]
      port                = var.health_check["port"]
  }
}

6. Attaching the required EC2 Instances with the target group using target_group_attachment.tf

## cat target_group_attachment.tf
# Attach the target group for "test" ALB
resource "aws_lb_target_group_attachment"
"tg_attachment_test" {
    target_group_arn = aws_lb_target_group.sample_tg["test"].arn
    target_id        = "i-0cbbbbbbbb12f"
    port             = 80
}
# Attach the target group for "test1" ALB
resource "aws_lb_target_group_attachment" "tg_attachment_test1" {
    target_group_arn = aws_lb_target_group.sample_tg["test1"].arn
    target_id        = "i-0ebaaaaa855b" 
    port             = 80
}

7. Attach the listener rule for each of the ALBs created and attaching the certificates from the ACM using lb_listener.tf

## cat lb_listener.tf 
# Listener rule for HTTP traffic on each of the ALBs
resource "aws_lb_listener" "lb_listener_http" {
   for_each             = var.alb_names
   load_balancer_arn    = aws_lb.sample_lb[each.value].id
   port                 = "80"
   protocol             = "HTTP"
   default_action {
    target_group_arn = aws_lb_target_group.sample_tg[each.value].id
    type             = "forward"
  }
}
# Listener rule for HTTPs traffic on "test" ALB
resource "aws_lb_listener" "lb_listner_https_test" {
  load_balancer_arn = aws_lb.sample_lb["test"].id
  port              = "443"
  protocol          = "HTTPS"
  ssl_policy        = "ELBSecurityPolicy-2016-08"
  certificate_arn   = "arn:aws:acm:us-west-2:989898989898:certificate/8a2a7d38-XXXX-4998-aaaa-XXXXX3d7ba"
  default_action {
     type             = "forward"
     target_group_arn = aws_lb_target_group.sample_tg["test"].id
  }
}
# Listener rule for HTTPs traffic on "test1" ALB
resource "aws_lb_listener" "lb_listner_https_test1" {
  load_balancer_arn = aws_lb.sample_lb["test1"].id
  port              = "443"
  protocol          = "HTTPS"
  ssl_policy        = "ELBSecurityPolicy-2016-08"
  certificate_arn   = "arn:aws:acm:us-west-2:989898989898:certificate/8a6767a-XXXX-89777-aaaa-XXXXX3dccc"
  default_action {
     type             = "forward"
     target_group_arn = aws_lb_target_group.sample_tg["test1"].id
  }
}

8. Execute “Terraform plan” to validate for any syntax errors and to check for the resources which will be provisioned.

9. “Terraform apply” when the output is validated. It will create the actual Infrastructure.

Thanks,

Sampark Mehrotra