You just configured your infrastructure to auto scale when the traffic increases. How would you manage the traffic and ensure some servers are not overwhelmed while others are not underserved? This is the essence of load balancing - to ensure traffic is distributed to your servers in a manner not
AWS offers elastic load balancing resources for layers 3, 4, and 7 of the OSI model. These are the Gateway load balancer, Network load balancer, and the Application load balancer types. The application load balancer (ALB) would be used for this webapp.
Creating the ALB
resource "aws_lb" "webserver" {
name = "tf-example"
load_balancer_type = "application"
subnets = data.aws_subnets.default.ids
security_groups = [aws_security_group.alb.id]
}
Notice that the code block references the available subnet data, and the security group created for the ALB. The ALB security group would be covered soon. Next, create the ALB listener.
Creating the ALB listener
resource "aws_lb_listener" "webserver" {
load_balancer_arn = aws_lb.webserver.arn
port = 80
protocol ="HTTP"
default_action {
type = "fixed-response"
fixed_response {
content_type = "text/plain"
message_body ="404: page not found"
status_code = 404
}
}
}
This resource used the port 80
and the http
protocol. A fixed response was also set in case there is an error on the page and a status code of 404
was used.
Create security group for load balancer
resource "aws_security_group" "alb" {
name = "tf-example"
# Allow inbound HTTP request
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
#Allow outbound requests
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
The security group rule for the ALB is different from the one set for the webapp. Here the ALB accepts traffic from port 80
from any traffic on the internet while it sends out request to all ports. Let's set the target group that would be used of the autoscaling.
Create target group for auto scaling group
resource "aws_lb_target_group" "webserver" {
name = "tf-example"
port = var.server_port
protocol = "HTTP"
vpc_id = data.aws_vpc.default.id
health_check {
path = "/"
protocol = "HTTP"
matcher = "200"
interval = 15
timeout = 3
healthy_threshold = 2
unhealthy_threshold = 2
}
}
There is a health check set up to confirm if the webservers are healthy or unhealthy. The target group will health check the webservers by periodically sending an HTTP
request to each webserver. If the response matches the matcher
then it determines it is healthy. Otherwise, it would be marked as unhealthy. The webserver will be using the port already defined in the variable and it will be placed in the default VPC. Finally, the ALB listener rules need to be created.
Create the ALB listener rules
resource "aws_lb_listener_rule" "asg" {
listener_arn = aws_lb_listener.webserver.arn
priority = 100
condition {
path_pattern {
values = ["*"]
}
}
action {
type = "forward"
target_group_arn = aws_lb_target_group.webserver.arn
}
}
This listener rule sends request that matches any path to the terget group that contains the autoscaling group. The output block will filter out the application load balancer DNS name. This would be used to check the webapp.
output "alb_dns_name" {
value = aws_lb.webserver.dns_name
description = "The domain name of the load balancer"
}
You are now good to go. Run terraform validate
to check if the configuration file syntax is valid. The run terraform plan
to check the changes that will take place. After seeing the new resources that would be created, run terraform apply
. Here is the output.
On the terminal, you can verify the webapp is running by using the curl
comand. Run curl http://<alb-dns-name>
The webserver is now highly available and receiving its traffic from a load balancer which is more secure.
We can check the AWS console to see some of the resources created by Terraform. Here are the instances running
and the security groups created
as well as the load balancer
along with the autoscaling group.
To clean up all resources, simply run terraform destroy
.
In the future, other components would be added to the architecture. Feel free to ask your questions.
Top comments (0)