- TLS with ACM
- Listener Rules and Target Groups for ALB
data "aws_lb" "this" {
name = "ExampleALB"
}
data "aws_lb_listener" "this_443" {
load_balancer_arn = data.aws_lb.this.arn
port = 443
}
module "ingress" {
source = "./alb-ingress-rules"
domain_names = ["example.com", "www.example.com"]
lb_listener_arn = data.aws_lb_listener.this_443.arn
health_check_path = "/health"
ingress_port = 8080
target_groups_map = {
"my-example-app-v1" = 100
}
vpc_id = "vpc-id1111111111111"
}
- protocol_version: GRPC
- protocol: GENEVE, TCP, TCP_UDP, TLS, UDP
- target_type: instance/lambda
Target groups for your Application Load Balancers
| Request protocol | Protocol version | Result |
|---|---|---|
| HTTP/1.1 | HTTP/1.1 | Success |
| HTTP/2 | HTTP/1.1 | Success |
| gRPC | HTTP/1.1 | Error |
| HTTP/1.1 | HTTP/2 | Error |
| HTTP/2 | HTTP/2 | Success |
| gRPC | HTTP/2 | Success if targets support gRPC |
| HTTP/1.1 | gRPC | Error |
| HTTP/2 | gRPC | Success if a POST request |
| gRPC | gRPC | Success |
Apache 2 Licensed. See LICENSE for full details.
| Name | Version |
|---|---|
| terraform | >= 0.14 |
| aws | >= 3.30.0 |
| Name | Version |
|---|---|
| aws | 3.63.0 |
No modules.
| Name | Type |
|---|---|
| aws_lb_listener_certificate.this | resource |
| aws_lb_listener_rule.this_multi_target | resource |
| aws_lb_listener_rule.this_single_target | resource |
| aws_lb_target_group.this | resource |
| aws_acm_certificate.this | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| acm_domain_names | List of domain names used to find TLS certificates | list(string) |
[] |
no |
| deregistration_delay | Amount time for Elastic Load Balancing to wait before changing the state of a deregistering target from draining to unused. The range is 0-3600 seconds. | number |
60 |
no |
| domain_names | List of domain names used to find TLS certificates and condition for rules | list(string) |
n/a | yes |
| enable_acm_for_domain_names | Use the domain_names to find certificates. Disabled by default |
bool |
false |
no |
| enable_stickiness | Enable stickiness at Target Group level. We do not manage stickiness at the group level of target groups. | bool |
false |
no |
| health_check_advanced | Advanced Health Check settings at the target group level | object({ |
{ |
no |
| health_check_path | Destination for the health check request. | string |
"/" |
no |
| health_check_port | Port to use to connect with the target. Valid values are either ports 1-65535. By default is 0, this is the traffic port. |
number |
0 |
no |
| ingress_port | Port for Target Group. Will be used by default when registering new IP addresses in the target group, if no other port is specified. ECS automatically specifies the port. | number |
80 |
no |
| lb_listener_arn | ARN of Load Balancer Listener, to which the TLS certificate and rules will be added | string |
n/a | yes |
| load_balancing_algorithm_type | Determines how the load balancer selects targets when routing requests. The value is round_robin or least_outstanding_requests |
string |
"round_robin" |
no |
| protocol | Protocol to use for routing traffic to the targets | string |
"HTTP" |
no |
| protocol_version | The protocol version to use for routing traffic | string |
"HTTP1" |
no |
| slow_start | Amount time for targets to warm up before the load balancer sends them a full share of requests. The range is 30-900 seconds or 0 to disable. | number |
0 |
no |
| source_ips | List of source IP CIDR notations to match. Used to restrict access to the service from outside. | list(string) |
[] |
no |
| stickiness_cookie_duration | The time period, in seconds, during which requests from a client should be routed to the same target. | number |
3600 |
no |
| tags | A map of tags to add to all resources | map(string) |
{} |
no |
| target_groups_map | n/a | map(number) |
n/a | yes |
| vpc_id | ID of the VPC in which the Target Group will be created and in which the ALB is located | string |
n/a | yes |
| Name | Description |
|---|---|
| lb_target_group_arns | n/a |