Creates a Network Load Balancer (NLB) for serving an ECS backed service.
Creates the following resources:
- NLB associated with 3 Elastic IP addresses xor 3 IPv4 addresses.
- TCP listener.
- Target group for the TCP listener over the specified container port.
Terraform Versions
Terraform 0.13 and newer. Pin module version to ~> 4.X. Submit pull-requests to master branch.
Terraform 0.12. Pin module version to ~> 2.X. Submit pull-requests to terraform012 branch.
Upgrade from 3.x to 4.0.0
Version 4.0.0 added the ability to specify IPv4 addresses instead of elastic IPs. The
nlb_ipv4_addrs option was added.
As part of this upgrade, the output variable nlb_elastic_ips was renamed to nlb_ips. Therefore,
if you use that output variable in your code, you will need to rename it to nlb_ips.
Usage
This module requires attachment to either 3 EIPs (defined with nlb_eip_ids) xor 3 IPv4 addresses (nlb_ipv4_addrs), but not both EIPs and IPv4 addresses at the same time. If neither option is defined, the module will fail.
With EIPs:
module "app_nlb" {
source = "trussworks/nlb-containers/aws"
name = "app"
environment = "prod"
logs_s3_bucket = "my-aws-logs"
container_port = "8443"
enable_proxy_protocol_v2 = true
nlb_eip_ids = [
"eipalloc-0a2306142e1ef53c7",
"eipalloc-02b30c140722f7659",
"eipalloc-0e51514ffe125ad3c",
]
nlb_subnet_ids = "${module.vpc.public_subnets}"
nlb_vpc_id = "${module.vpc.vpc_id}"
}With IPv4 addresses:
module "app_nlb" {
source = "trussworks/nlb-containers/aws"
name = "app"
environment = "prod"
logs_s3_bucket = "my-aws-logs"
container_port = "8443"
enable_proxy_protocol_v2 = true
nlb_ipv4_addrs = [
"10.1.1.1",
"10.1.2.1",
"10.1.3.1",
]
nlb_subnet_ids = "${module.vpc.public_subnets}"
nlb_vpc_id = "${module.vpc.vpc_id}"
}Requirements
| Name | Version |
|---|---|
| terraform | >= 0.13.0 |
| aws | >= 3.0 |
Providers
| Name | Version |
|---|---|
| aws | >= 3.0 |
Modules
No modules.
Resources
| Name | Type |
|---|---|
| aws_lb.main | resource |
| aws_lb_listener.main | resource |
| aws_lb_target_group.main | resource |
| aws_eip.nlb_eip1 | data source |
| aws_eip.nlb_eip2 | data source |
| aws_eip.nlb_eip3 | data source |
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| container_port | The port on which the container will receive traffic. | string |
443 |
no |
| enable_cross_zone_load_balancing | If true, cross-zone load balancing of the load balancer will be enabled. | string |
true |
no |
| enable_proxy_protocol_v2 | Boolean to enable / disable support for proxy protocol v2. | string |
"true" |
no |
| environment | Environment tag, e.g prod. | string |
n/a | yes |
| health_check_interval | The approximate amount of time, in seconds, between health checks of an individual target. Minimum value 5 seconds, Maximum value 300 seconds. Default 30 seconds. | string |
30 |
no |
| health_check_path | When using a HTTP(S) health check, the destination for the health check requests to the container. | string |
"/" |
no |
| health_check_port | The port on which the container will receive health checks. | string |
443 |
no |
| health_check_protocol | The protocol that will be used for health checks. Options are: TCP, HTTP, HTTPS | string |
"TCP" |
no |
| logs_s3_bucket | S3 bucket for storing Network Load Balancer logs. Access logs are created only if the load balancer has a TLS listener and they contain information only about TLS requests. | string |
n/a | yes |
| name | The service name. | string |
n/a | yes |
| nlb_eip_ids | Use either this or nlb_ipv4_addrs, but not both. List of Elastic IP allocation IDs to associate with the NLB. Requires exactly 3 IPs. Not compatible with the nlb_ipv4_addrs variable. | list(string) |
[] |
no |
| nlb_ipv4_addrs | Use either this or nlb_eip_ids, but not both. List of private IPv4 addresses to associate with the NLB. Requires exactly 3 IPs. Not compatible with the nlb_eip_ids variable. | list(string) |
[] |
no |
| nlb_listener_port | The port on which the NLB will receive traffic. | string |
"443" |
no |
| nlb_subnet_ids | Subnets IDs for the NLB. | list(string) |
n/a | yes |
| nlb_vpc_id | VPC ID to be used by the NLB. | string |
n/a | yes |
| target_group_name | Override the default name of the NLB's target group. Must be less than or equal to 32 characters. Default: ecs-[name]-[environment]-[port]. | string |
"" |
no |
Outputs
| Name | Description |
|---|---|
| nlb_arn | The ARN of the NLB. |
| nlb_dns_name | DNS name of the NLB. |
| nlb_ips | List of IP addresses associated with the NLB. |
| nlb_listener_arn | The ARN associated with the listener on the NLB. |
| nlb_target_group_arn | ARN of the NLB target group. |
| nlb_target_group_id | ID of the NLB target group. |
| nlb_zone_id | The canonical hosted zone ID of the load balancer. |
Developer Setup
Install dependencies (macOS)
brew install pre-commit go terraform terraform-docsTesting
Terratest is being used for
automated testing with this module. Tests in the test folder can be run
locally by running the following command:
make test
Or with aws-vault:
AWS_VAULT_KEYCHAIN_NAME=<NAME> aws-vault exec <PROFILE> -- make test