fivexl/terraform-aws-alb-ingress-rules

ALB Ingress Rules/TLS/Target Groups

ALB Ingress Rules/TLS/Target Groups

• TLS with ACM
• Listener Rules and Target Groups for ALB

Example

data "aws_lb" "this" {
  name = "ExampleALB"
}

data "aws_lb_listener" "this_443" {
  load_balancer_arn = data.aws_lb.this.arn
  port              = 443
}

module "ingress" {
  source            = "./alb-ingress-rules"
  domain_names      = ["example.com", "www.example.com"]
  lb_listener_arn   = data.aws_lb_listener.this_443.arn
  health_check_path = "/health"
  ingress_port      = 8080

  target_groups_map = {
    "my-example-app-v1" = 100
  }

  vpc_id = "vpc-id1111111111111"
} 

TODO

• protocol_version: GRPC
• protocol: GENEVE, TCP, TCP_UDP, TLS, UDP
• target_type: instance/lambda

More info

Target groups for your Application Load Balancers

Request protocol	Protocol version	Result
HTTP/1.1	HTTP/1.1	Success
HTTP/2	HTTP/1.1	Success
gRPC	HTTP/1.1	Error
HTTP/1.1	HTTP/2	Error
HTTP/2	HTTP/2	Success
gRPC	HTTP/2	Success if targets support gRPC
HTTP/1.1	gRPC	Error
HTTP/2	gRPC	Success if a POST request
gRPC	gRPC	Success

License

Apache 2 Licensed. See LICENSE for full details.

Requirements

Name	Version
terraform	>= 0.14
aws	>= 3.30.0

Providers

Name	Version
aws	3.63.0

Modules

No modules.

Resources

Name	Type
aws_lb_listener_certificate.this	resource
aws_lb_listener_rule.this_multi_target	resource
aws_lb_listener_rule.this_single_target	resource
aws_lb_target_group.this	resource
aws_acm_certificate.this	data source

Inputs

Name	Description	Type	Default	Required
acm_domain_names	List of domain names used to find TLS certificates	list(string)	[]	no
deregistration_delay	Amount time for Elastic Load Balancing to wait before changing the state of a deregistering target from draining to unused. The range is 0-3600 seconds.	number	60	no
domain_names	List of domain names used to find TLS certificates and condition for rules	list(string)	n/a	yes
enable_acm_for_domain_names	Use the domain_names to find certificates. Disabled by default	bool	false	no
enable_stickiness	Enable stickiness at Target Group level. We do not manage stickiness at the group level of target groups.	bool	false	no
health_check_advanced	Advanced Health Check settings at the target group level	object({ healthy_threshold = number interval = number matcher = string timeout = number unhealthy_threshold = number })	{ "healthy_threshold": 3, "interval": 30, "matcher": "200-299", "timeout": 5, "unhealthy_threshold": 3 }	no
health_check_path	Destination for the health check request.	string	"/"	no
health_check_port	Port to use to connect with the target. Valid values are either ports 1-65535. By default is 0, this is the traffic port.	number	0	no
ingress_port	Port for Target Group. Will be used by default when registering new IP addresses in the target group, if no other port is specified. ECS automatically specifies the port.	number	80	no
lb_listener_arn	ARN of Load Balancer Listener, to which the TLS certificate and rules will be added	string	n/a	yes
load_balancing_algorithm_type	Determines how the load balancer selects targets when routing requests. The value is round_robin or least_outstanding_requests	string	"round_robin"	no
protocol	Protocol to use for routing traffic to the targets	string	"HTTP"	no
protocol_version	The protocol version to use for routing traffic	string	"HTTP1"	no
slow_start	Amount time for targets to warm up before the load balancer sends them a full share of requests. The range is 30-900 seconds or 0 to disable.	number	0	no
source_ips	List of source IP CIDR notations to match. Used to restrict access to the service from outside.	list(string)	[]	no
stickiness_cookie_duration	The time period, in seconds, during which requests from a client should be routed to the same target.	number	3600	no
tags	A map of tags to add to all resources	map(string)	{}	no
target_groups_map	n/a	map(number)	n/a	yes
vpc_id	ID of the VPC in which the Target Group will be created and in which the ALB is located	string	n/a	yes

Outputs

Name	Description
lb_target_group_arns	n/a