add private Network LB to aws-alb setup

matihost · Nov 20, 2023 · 11a65d7 · 11a65d7
1 parent 54a9018
commit 11a65d7
Show file tree

Hide file tree

Showing 4 changed files with 95 additions and 12 deletions.
diff --git a/terraform/aws/aws-alb/Makefile b/terraform/aws/aws-alb/Makefile
@@ -29,13 +29,13 @@ test: ## test ALB Nginx instance
 	curl http://$(shell cd stage/$(ENV) && terragrunt output public_alb_dns):80
 
 show-auto-scalling-group-state: ## show AutoScalingGroup state(see DesiredCapacity for current amount of instances)
-	aws autoscaling describe-auto-scaling-groups --auto-scaling-group-name webserver
+	aws autoscaling describe-auto-scaling-groups --auto-scaling-group-name $(ENV)-webserver
 
 scale-up-manually: ## scale Auto Scaling Group up by single instance
-	aws autoscaling set-desired-capacity --auto-scaling-group-name webserver --desired-capacity $$(( `aws autoscaling describe-auto-scaling-groups --auto-scaling-group-name webserver | jq  '..|.DesiredCapacity?'|grep -v null` + 1 ))
+	aws autoscaling set-desired-capacity --auto-scaling-group-name $(ENV)-webserver --desired-capacity $$(( `aws autoscaling describe-auto-scaling-groups --auto-scaling-group-name $(ENV)-webserver | jq  '..|.DesiredCapacity?'|grep -v null` + 1 ))
 
 scale-down-manually: ## scale Auto Scaling Group down by single instance
-	aws autoscaling set-desired-capacity --auto-scaling-group-name webserver --desired-capacity $$(( `aws autoscaling describe-auto-scaling-groups --auto-scaling-group-name webserver | jq  '..|.DesiredCapacity?'|grep -v null` - 1 ))
+	aws autoscaling set-desired-capacity --auto-scaling-group-name $(ENV)-webserver --desired-capacity $$(( `aws autoscaling describe-auto-scaling-groups --auto-scaling-group-name $(ENV)-webserver | jq  '..|.DesiredCapacity?'|grep -v null` - 1 ))
 
 
 show-state: ## show state

diff --git a/terraform/aws/aws-alb/module/private_nlb.tf b/terraform/aws/aws-alb/module/private_nlb.tf
@@ -0,0 +1,71 @@
+resource "aws_lb" "private-web" {
+  enable_deletion_protection       = "false"
+  internal                         = "true"
+  ip_address_type                  = "ipv4"
+  load_balancer_type               = "network"
+  # by default traffic for TLP LB stays in the zone,
+  # if there is not enough instance, traffic may not reach target
+  # switching to
+  enable_cross_zone_load_balancing = "true"
+  name                             = "${local.prefix}-private"
+  security_groups                  = [data.aws_security_group.webserver.id]
+
+  subnets = local.private_subnet_ids
+}
+
+resource "aws_lb_listener" "private-web" {
+  default_action {
+    target_group_arn = aws_lb_target_group.tcp-webserver.arn
+    type             = "forward"
+  }
+
+  load_balancer_arn = aws_lb.private-web.arn
+  port              = "80"
+  protocol          = "TCP"
+}
+
+
+resource "aws_lb_target_group" "tcp-webserver" {
+  connection_termination = "false"
+  deregistration_delay   = "30"
+
+  health_check {
+    enabled             = "true"
+    healthy_threshold   = "2"
+    interval            = "5"
+    matcher             = "200-399"
+    path                = "/"
+    port                = "traffic-port"
+    protocol            = "HTTP"
+    timeout             = "4"
+    unhealthy_threshold = "2"
+  }
+
+  ip_address_type                   = "ipv4"
+  name                              = "${local.prefix}-private"
+  port                              = "80"
+  preserve_client_ip                = "true"
+  protocol                          = "TCP"
+  proxy_protocol_v2                 = "false"
+
+  stickiness {
+    cookie_duration = "0"
+    enabled         = "false"
+    type            = "source_ip"
+  }
+
+  target_type = "instance"
+  vpc_id      = data.aws_vpc.default.id
+}
+
+
+
+
+output "private_lb_dns" {
+  value = aws_lb.private-web.dns_name
+}
+
+# The canonical hosted zone ID of the load balancer (to be used in a Route 53 Alias record)
+output "private_lb_canonical_zone" {
+  value = aws_lb.private-web.zone_id
+}
diff --git a/terraform/aws/aws-alb/module/public_alb.tf b/terraform/aws/aws-alb/module/public_alb.tf
@@ -42,6 +42,25 @@ resource "aws_lb_listener" "webserver" {
   }
 }
 
+resource "aws_lb_target_group" "webserver" {
+  name = local.prefix
+  port     = 80
+  protocol = "HTTP"
+  vpc_id   = data.aws_vpc.default.id
+
+  health_check {
+    enabled             = "true"
+    healthy_threshold   = "2"
+    interval            = "5"
+    matcher             = "200-399"
+    path                = "/"
+    port                = "traffic-port"
+    protocol            = "HTTP"
+    timeout             = "4"
+    unhealthy_threshold = "2"
+  }
+}
+
 
 output "public_alb_dns" {
   value = aws_lb.webserver.dns_name

diff --git a/terraform/aws/aws-alb/module/webserver.tf b/terraform/aws/aws-alb/module/webserver.tf
@@ -88,13 +88,6 @@ resource "aws_launch_template" "webserver" {
   user_data = filebase64("${path.module}/webserver.cloud-init.yaml")
 }
 
-resource "aws_lb_target_group" "webserver" {
-  name = local.prefix
-  port     = 80
-  protocol = "HTTP"
-  vpc_id   = data.aws_vpc.default.id
-}
-
 
 resource "aws_autoscaling_group" "webserver" {
   name = local.prefix
@@ -106,8 +99,8 @@ resource "aws_autoscaling_group" "webserver" {
   vpc_zone_identifier = local.private_subnet_ids
 
   # ALBs Target Groups to place instances
-  target_group_arns     = [aws_lb_target_group.webserver.arn]
-  max_size              = 2
+  target_group_arns     = [aws_lb_target_group.webserver.arn, aws_lb_target_group.tcp-webserver.arn]
+  max_size              = 5
   min_size              = 1
   wait_for_elb_capacity = 1