Terraform Application Load Balancer(ALB)생성

 

ALB 생성

 

1. Provider 작성

provider "aws" {
  region = "ap-northeast-2"
}

 

2. ALB 전용 Security_Group 적용

resource "aws_security_group" "allow_alb" {
  name        = "allow_alb"
  description = "Allow alb inbound traffic"
  vpc_id      = var.vpc_id

  ingress {
    description      = "alb from VPC"
    from_port        = 0
    to_port          = 0
    protocol         = "tcp"
    cidr_blocks      = ["0.0.0.0/0"]
    
  }
  egress {
    from_port        = 0
    to_port          = 0
    protocol         = "-1"
    cidr_blocks      = ["0.0.0.0/0"]
  }
  tags = {
    Name = "allow_alb"
  }
}

3. ALB 적용(Security_Group , Subnet 추가)

resource "aws_lb" "alb" {
  name               = "test-lb-tf"
  internal           = false
  load_balancer_type = "application"
  security_groups    = [aws_security_group.allow_alb.id]
  subnets            = ["subnet-79d65a12","subnet-5392621c"]

  #ALB 삭제 방지
  enable_deletion_protection = false 

  tags = {
    Name = "alb"
  }
}

4. Subnet 적용(Data Source Block)

data "aws_vpc" "foo" {}

data "aws_subnet_ids" "example" {
#  vpc_id = var.vpc_id
   vpc_id = data.aws_vpc.foo.id
}

data "aws_subnet" "example" {
  for_each = data.aws_subnet_ids.example.ids
  id       = each.value
}

output "vpc_id"{
    value = data.aws_vpc.foo.id
}
#Subnet 정보 반복 출력
output "subnet_cidr_blocks" {
  value = [for s in data.aws_subnet.example : s.cidr_block]
}

5. ALB Target_Group 적용

  Instance Target-Group , IP Target-Group 2가지 방법 적용 

   5.1 Instance Target-Group

# Instance Target_group
resource "aws_lb_target_group" "test" {
  name     = "tf-example-lb-tg"
  port     = 80
  protocol = "HTTP"
  vpc_id   = data.aws_vpc.foo.id
  
  health_check {
        enabled             = true
        healthy_threshold   = 3
        interval            = 5
        matcher             = "200" ##반환시 정상
        path                = "/"
        port                = "traffic-port"
        protocol            = "HTTP"  ##프로토콜
        timeout             = 2
        unhealthy_threshold = 2
    }
}

   5.1 IP Target-Group

# Instance Target_group
resource "aws_lb_target_group" "test" {
  name     = "tf-example-lb-tg"
  port     = 80
  protocol = "HTTP"
  vpc_id   = data.aws_vpc.foo.id
  
  ## IP Instance Target_Group 적용시 추가
  target_type = "ip"

  

  health_check {
        enabled             = true
        healthy_threshold   = 3
        interval            = 5
        matcher             = "200" ##반환시 정상
        path                = "/"
        port                = "traffic-port"
        protocol            = "HTTP"  ##프로토콜
        timeout             = 2
        unhealthy_threshold = 2
    }
}

 

 

6. Listener 적용

  target_Group 적용시 트래픽 분산 

  Port : 80(HTTP) 

# Target_Group Listner
resource "aws_lb_listener" "front_end" {
  load_balancer_arn = aws_lb.alb.arn
  port              = "80"
  protocol          = "HTTP"

  default_action {
    type             = "forward"
    target_group_arn = aws_lb_target_group.test.arn
  }
}

7. Target_Group Attachement

  - 각각 Attachment 

# Target_Group Attachment
resource "aws_lb_target_group_attachment" "test-2a" {
  target_group_arn = aws_lb_target_group.test.arn
  target_id        = data.aws_instances.test.private_ips[0]
  port             = 80
}
resource "aws_lb_target_group_attachment" "test-2c" {
  target_group_arn = aws_lb_target_group.test.arn
  target_id        = data.aws_instances.test.private_ips[1]
  port             = 80
}
data "aws_instances" "test" {
  instance_tags = {
    Name = "web-*"
  }
}

  - for each 구문 Attachment 

   toset : 문자열로 강제 치환

resource "aws_lb_target_group_attachment" "test-2a" {
  for_each = toset(data.aws_instances.test.private_ips)
  target_id = each.value
  target_group_arn = aws_lb_target_group.test.arn
  port = 80
}
data "aws_instances" "test" {
  instance_tags = {
    Name = "web-*"
  }
}