|
2 | 2 |
|
3 | 3 | Various usage patterns are prescribed below. |
4 | 4 |
|
5 | | -<!-- TODO --> |
| 5 | +## Listeners |
| 6 | + |
| 7 | +### Redirect HTTP to HTTPS |
| 8 | + |
| 9 | +The configuration snippet below creates a listener that automatically redirects HTTP/80 requests to HTTPS/443. |
| 10 | + |
| 11 | +```hcl |
| 12 | +module "alb" { |
| 13 | + source = "terraform-aws-modules/alb/aws" |
| 14 | +
|
| 15 | + # Truncated for brevity ... |
| 16 | +
|
| 17 | + listeners = { |
| 18 | + ex-http-https-redirect = { |
| 19 | + port = 80 |
| 20 | + protocol = "HTTP" |
| 21 | + redirect = { |
| 22 | + port = "443" |
| 23 | + protocol = "HTTPS" |
| 24 | + status_code = "HTTP_301" |
| 25 | + } |
| 26 | + } |
| 27 | + } |
| 28 | +} |
| 29 | +``` |
| 30 | + |
| 31 | +### Fixed Response |
| 32 | + |
| 33 | +The configuration snippet below creates a listener with a fixed response of `200`. |
| 34 | + |
| 35 | +```hcl |
| 36 | +module "alb" { |
| 37 | + source = "terraform-aws-modules/alb/aws" |
| 38 | +
|
| 39 | + # Truncated for brevity ... |
| 40 | +
|
| 41 | + listeners = { |
| 42 | + ex-fixed-response = { |
| 43 | + port = 80 |
| 44 | + protocol = "HTTP" |
| 45 | + fixed_response = { |
| 46 | + content_type = "text/plain" |
| 47 | + message_body = "Fixed message" |
| 48 | + status_code = "200" |
| 49 | + } |
| 50 | + } |
| 51 | + } |
| 52 | +} |
| 53 | +``` |
| 54 | + |
| 55 | +## Target Groups |
| 56 | + |
| 57 | +### Instance Target Group |
| 58 | + |
| 59 | +The configuration snippet below creates a target group that targets instances. An example listener is shown to demonstrate how a listener or listener rule can forward traffic to this target group using the target group key of `ex-instance` (this name can be any name that users wish to use). |
| 60 | + |
| 61 | +```hcl |
| 62 | +module "alb" { |
| 63 | + source = "terraform-aws-modules/alb/aws" |
| 64 | +
|
| 65 | + # Truncated for brevity ... |
| 66 | +
|
| 67 | + listeners = { |
| 68 | + ex-https = { |
| 69 | + port = 443 |
| 70 | + protocol = "HTTPS" |
| 71 | + ssl_policy = "ELBSecurityPolicy-TLS13-1-2-Res-2021-06" |
| 72 | + certificate_arn = module.acm.acm_certificate_arn |
| 73 | + additional_certificate_arns = [module.wildcard_cert.acm_certificate_arn] |
| 74 | +
|
| 75 | + forward = { |
| 76 | + # The value of the `target_group_key` is the key used in the `target_groups` map below |
| 77 | + target_group_key = "ex-instance" |
| 78 | + } |
| 79 | + } |
| 80 | + } |
| 81 | +
|
| 82 | + target_groups = { |
| 83 | + # This key name is used by the listener/listener rules to know which target to forward traffic to |
| 84 | + ex-instance = { |
| 85 | + name_prefix = "h1" |
| 86 | + backend_protocol = "HTTP" |
| 87 | + backend_port = 80 |
| 88 | + target_type = "instance" |
| 89 | + deregistration_delay = 10 |
| 90 | + load_balancing_cross_zone_enabled = true |
| 91 | + } |
| 92 | + } |
| 93 | +} |
| 94 | +``` |
| 95 | + |
| 96 | +### Lambda Target Group |
| 97 | + |
| 98 | +The configuration snippet below creates two Lambda based target groups. It also demonstrates how users attach permissions to the Lambda function to allow ALB to invoke the function, or they can let ALB attach the necessary permissions to invoke the Lambda function. The listeners specified will split traffic between the two functions, with 60% of traffic going to the Lambda function with invocation permissions, and 40% of traffic going to the Lambda function without invocation permissions. |
| 99 | + |
| 100 | +```hcl |
| 101 | +module "alb" { |
| 102 | + source = "terraform-aws-modules/alb/aws" |
| 103 | +
|
| 104 | + # Truncated for brevity ... |
| 105 | +
|
| 106 | + listeners = { |
| 107 | + ex-http-weighted-target = { |
| 108 | + port = 80 |
| 109 | + protocol = "HTTP" |
| 110 | + weighted_forward = { |
| 111 | + target_groups = [ |
| 112 | + { |
| 113 | + target_group_key = "ex-lambda-with-trigger" |
| 114 | + weight = 60 |
| 115 | + }, |
| 116 | + { |
| 117 | + target_group_key = "ex-lambda-without-trigger" |
| 118 | + weight = 40 |
| 119 | + } |
| 120 | + ] |
| 121 | + } |
| 122 | + } |
| 123 | + } |
| 124 | +
|
| 125 | + target_groups = { |
| 126 | + ex-lambda-with-trigger = { |
| 127 | + name_prefix = "l1-" |
| 128 | + target_type = "lambda" |
| 129 | + lambda_multi_value_headers_enabled = true |
| 130 | + target_id = module.lambda_with_allowed_triggers.lambda_function_arn |
| 131 | + } |
| 132 | +
|
| 133 | + ex-lambda-without-trigger = { |
| 134 | + name_prefix = "l2-" |
| 135 | + target_type = "lambda" |
| 136 | + target_id = module.lambda_without_allowed_triggers.lambda_function_arn |
| 137 | + attach_lambda_permission = true |
| 138 | + } |
| 139 | + } |
| 140 | +} |
| 141 | +
|
| 142 | +module "lambda_with_allowed_triggers" { |
| 143 | + source = "terraform-aws-modules/lambda/aws" |
| 144 | + version = "~> 6.0" |
| 145 | +
|
| 146 | + # Truncated for brevity ... |
| 147 | +
|
| 148 | + allowed_triggers = { |
| 149 | + AllowExecutionFromELB = { |
| 150 | + service = "elasticloadbalancing" |
| 151 | + source_arn = module.alb.target_groups["ex-lambda-with-trigger"].arn |
| 152 | + } |
| 153 | + } |
| 154 | +} |
| 155 | +
|
| 156 | +module "lambda_without_allowed_triggers" { |
| 157 | + source = "terraform-aws-modules/lambda/aws" |
| 158 | + version = "~> 6.0" |
| 159 | +
|
| 160 | + # Truncated for brevity ... |
| 161 | +
|
| 162 | + # Allowed triggers will be managed by ALB module |
| 163 | + allowed_triggers = {} |
| 164 | +} |
| 165 | +``` |
| 166 | + |
| 167 | +### Target Group without Attachment |
| 168 | + |
| 169 | +The configuration snippet below creates a target group but it does not attach it to anything at this time. This is commonly used with Amazon ECS where ECS will attach the IPs of the ECS Tasks to the target group. |
| 170 | + |
| 171 | +```hcl |
| 172 | +module "alb" { |
| 173 | + source = "terraform-aws-modules/alb/aws" |
| 174 | +
|
| 175 | + # Truncated for brevity ... |
| 176 | +
|
| 177 | + target_groups = { |
| 178 | + ex-ip = { |
| 179 | + backend_protocol = "HTTP" |
| 180 | + backend_port = 80 |
| 181 | + target_type = "ip" |
| 182 | + deregistration_delay = 5 |
| 183 | + load_balancing_cross_zone_enabled = true |
| 184 | +
|
| 185 | + health_check = { |
| 186 | + enabled = true |
| 187 | + healthy_threshold = 5 |
| 188 | + interval = 30 |
| 189 | + matcher = "200" |
| 190 | + path = "/" |
| 191 | + port = "traffic-port" |
| 192 | + protocol = "HTTP" |
| 193 | + timeout = 5 |
| 194 | + unhealthy_threshold = 2 |
| 195 | + } |
| 196 | +
|
| 197 | + # Theres nothing to attach here in this definition. Instead, |
| 198 | + # ECS will attach the IPs of the tasks to this target group |
| 199 | + create_attachment = false |
| 200 | + } |
| 201 | + } |
| 202 | +} |
| 203 | +``` |
0 commit comments