Managing High Traffic Applications with AWS Elastic Load Balancer and Terraform

#terraform #aws #devops #infrastructureascode

You just configured your infrastructure to auto scale when the traffic increases. How would you manage the traffic and ensure some servers are not overwhelmed while others are not underserved? This is the essence of load balancing - to ensure traffic is distributed to your servers in a manner not

AWS offers elastic load balancing resources for layers 3, 4, and 7 of the OSI model. These are the Gateway load balancer, Network load balancer, and the Application load balancer types. The application load balancer (ALB) would be used for this webapp.

Creating the ALB

resource "aws_lb" "webserver" {
  name = "tf-example"
  load_balancer_type = "application"
  subnets = data.aws_subnets.default.ids
  security_groups = [aws_security_group.alb.id]
}

Notice that the code block references the available subnet data, and the security group created for the ALB. The ALB security group would be covered soon. Next, create the ALB listener.

Creating the ALB listener

resource "aws_lb_listener" "webserver" {
  load_balancer_arn = aws_lb.webserver.arn
  port = 80
  protocol ="HTTP"

  default_action {
    type = "fixed-response"

    fixed_response {
      content_type = "text/plain"
      message_body ="404: page not found"
      status_code = 404
    }
  }
}

This resource used the port 80 and the http protocol. A fixed response was also set in case there is an error on the page and a status code of 404 was used.

Create security group for load balancer

resource "aws_security_group" "alb" {
  name = "tf-example"

  # Allow inbound HTTP request
  ingress {
    from_port = 80
    to_port = 80
    protocol = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

   #Allow outbound requests
  egress {
    from_port = 0
    to_port = 0
    protocol = "-1"
    cidr_blocks = ["0.0.0.0/0"]   
  }
}

The security group rule for the ALB is different from the one set for the webapp. Here the ALB accepts traffic from port 80 from any traffic on the internet while it sends out request to all ports. Let's set the target group that would be used of the autoscaling.

Create target group for auto scaling group

resource "aws_lb_target_group" "webserver" {
  name = "tf-example"
  port =  var.server_port
  protocol = "HTTP"
  vpc_id = data.aws_vpc.default.id

  health_check {
    path = "/"
    protocol = "HTTP"
    matcher = "200"
    interval = 15
    timeout = 3
    healthy_threshold = 2
    unhealthy_threshold = 2
  }
}

There is a health check set up to confirm if the webservers are healthy or unhealthy. The target group will health check the webservers by periodically sending an HTTP request to each webserver. If the response matches the matcher then it determines it is healthy. Otherwise, it would be marked as unhealthy. The webserver will be using the port already defined in the variable and it will be placed in the default VPC. Finally, the ALB listener rules need to be created.

Create the ALB listener rules

resource "aws_lb_listener_rule" "asg" {
  listener_arn = aws_lb_listener.webserver.arn
  priority = 100

  condition {
    path_pattern {
      values = ["*"]
    }
  }
  action {
    type = "forward"
    target_group_arn = aws_lb_target_group.webserver.arn
  }
}

This listener rule sends request that matches any path to the terget group that contains the autoscaling group. The output block will filter out the application load balancer DNS name. This would be used to check the webapp.

output "alb_dns_name" {
    value = aws_lb.webserver.dns_name
    description = "The domain name of the load balancer"
}

You are now good to go. Run terraform validate to check if the configuration file syntax is valid. The run terraform plan to check the changes that will take place. After seeing the new resources that would be created, run terraform apply. Here is the output.