Release CI License Registry

terraform-google-lb

A Terraform module for deploying the parts required to load balance traffic into a GCP instance group. Both HTTP(80) and HTTPS(443) proxies are deployed - the later optionally only if the required SSL certificate is provided. For TLS traffic we are defaulting to TLS 1.2.

Usage

At a minimum the load balancer needs 4 bits of information - a unique name, the named port to forward traffic on, the URL of the instance group to bind traffic onto and a self-link to the health check resource which is attached to the instance group.

module "collector_lb" {
  source = "snowplow-devops/lb/google"

  name = "collector-lb"

  instance_group_named_port_http = "http"
  instance_group_url             = var.instance_group_url
  health_check_self_link         = var.health_check_self_link
}

Adding a custom certificate

To add a certificate to the load balancer and therefore enable the TLS endpoint you will need to populate two extra variables:

module "collector_lb" {
  source = "snowplow-devops/lb/google"

  name = "collector-lb"

  instance_group_named_port_http = "http"
  instance_group_url             = var.instance_group_url
  health_check_self_link         = var.health_check_self_link

  ssl_certificate_id      = "your-certificate-id-here"
  ssl_certificate_enabled = true
}

Note: ssl_certificate_enabled is required to allow for the case where you are creating the certificate in-line with the LB module as Terraform will not be able to figure out the "count" attribute correctly at plan time.

Requirements

Name Version
terraform >= 1.0.0
google >= 3.44.0

Providers

Name Version
google >= 3.44.0

Modules

No modules.

Resources

Name Type
google_compute_backend_service.lb_backend resource
google_compute_global_address.ip resource
google_compute_global_forwarding_rule.lb_http_forwarding_rule resource
google_compute_global_forwarding_rule.lb_https_forwarding_rule resource
google_compute_ssl_policy.lb_target_https_ssl_policy resource
google_compute_target_http_proxy.lb_target_http_proxy resource
google_compute_target_https_proxy.lb_target_https_proxy resource
google_compute_url_map.http_to_https_redirect resource
google_compute_url_map.lb_url_map resource

Inputs

Name Description Type Default Required
health_check_self_link The URL of the instance group health check string n/a yes
instance_group_named_port_http The name of the HTTP port exposed by the instance group string n/a yes
instance_group_url The URL of the instance group to bind to the backend service string n/a yes
name A name which will be pre-pended to the resources created string n/a yes
redirect_http_to_https A boolean which makes the HTTP proxy redirect to HTTPS bool false no
ssl_certificate_enabled A boolean which triggers adding or removing the HTTPS proxy bool false no
ssl_certificate_id The ID of a Google Managed certificate to attach to the load balancer string "" no
ssl_min_tls_version The minimum TLS version to use (https://cloud.google.com/load-balancing/docs/ssl-policies-concepts#defining_an_ssl_policy) string "TLS_1_2" no
ssl_profile The SSL Profile to use (https://cloud.google.com/load-balancing/docs/ssl-policies-concepts#defining_an_ssl_policy) string "MODERN" no

Outputs

Name Description
ip_address n/a

Copyright and license

The Terraform Google Load Balancer project is Copyright 2021-present Snowplow Analytics Ltd.

Licensed under the Snowplow Community License. (If you are uncertain how it applies to your use case, check our answers to frequently asked questions.)

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.