Merge pull request #50 from poanetwork/45-alb

Switch to an Application Load Balancer and remove Classic Load Balancer

README.md

@@ -68,9 +68,9 @@ The infra created, at a high level, is as follows:
 - A VPC containing all of the resources provisioned
 - A public subnet for the app servers, and a private subnet for the database (and Redis for now)
 - An internet gateway to provide internet access for the VPC
-- An ELB which exposes the app server HTTP endpoints to the world
+- An ALB which exposes the app server HTTP endpoints to the world
 - A security group to lock down ingress to the app servers to 80/443 + SSH
-- A security group to allow the ELB to talk to the app servers
+- A security group to allow the ALB to talk to the app servers
 - A security group to allow the app servers access to the database
 - An internal DNS zone
 - A DNS record for the database

modules/stack/deploy.tf

@@ -24,8 +24,8 @@ resource "aws_codedeploy_deployment_group" "explorer" {
   }
 
   load_balancer_info {
-    elb_info {
-      name = "${var.prefix}-explorer-${element(keys(var.chains),count.index)}-elb"
+    target_group_info {
+      name = "${aws_lb_target_group.explorer.*.name[count.index]}"
     }
   }
 

modules/stack/hosts.tf

@@ -51,7 +51,7 @@ resource "aws_autoscaling_group" "explorer" {
   launch_configuration = "${aws_launch_configuration.explorer.name}"
   vpc_zone_identifier  = ["${aws_subnet.default.id}"]
   availability_zones   = ["${data.aws_availability_zones.available.names}"]
-  load_balancers       = ["${aws_elb.explorer.*.name[count.index]}"]
+  target_group_arns    = ["${aws_lb_target_group.explorer.*.arn[count.index]}"]
 
   # Health checks are performed by CodeDeploy hooks
   health_check_type = "EC2"

modules/stack/outputs.tf

@@ -20,7 +20,7 @@ output "codedeploy_bucket_path" {
 
 output "explorer_urls" {
   description = "A map of each chain to the DNS name of its corresponding Explorer instance"
-  value       = "${zipmap(keys(var.chains), aws_elb.explorer.*.dns_name)}"
+  value       = "${zipmap(keys(var.chains), aws_lb.explorer.*.dns_name)}"
 }
 
 output "db_instance_address" {

modules/stack/routing.tf

@@ -15,39 +15,16 @@ resource "aws_route" "internet_access" {
   gateway_id             = "${aws_internet_gateway.default.id}"
 }
 
-# The ELB for the app server
-resource "aws_elb" "explorer" {
-  count = "${length(var.chains)}"
-  name  = "${var.prefix}-explorer-${element(keys(var.chains),count.index)}-elb"
+# The ALB for the app server
+resource "aws_lb" "explorer" {
+  count              = "${length(var.chains)}"
+  name               = "${var.prefix}-explorer-${element(keys(var.chains),count.index)}-alb"
+  internal           = false
+  load_balancer_type = "application"
+  security_groups    = ["${aws_security_group.alb.id}"]
+  subnets            = ["${aws_subnet.default.id}", "${aws_subnet.alb.id}"]
 
-  subnets                     = ["${aws_subnet.default.id}"]
-  security_groups             = ["${aws_security_group.elb.id}"]
-  cross_zone_load_balancing   = true
-  connection_draining         = true
-  connection_draining_timeout = 400
-
-  health_check {
-    healthy_threshold   = 2
-    unhealthy_threshold = 2
-    timeout             = 15
-    interval            = 30
-    target              = "HTTP:4000/en/blocks"
-  }
-
-  listener {
-    instance_port     = 4000
-    instance_protocol = "http"
-    lb_port           = 80
-    lb_protocol       = "http"
-  }
-
-  #listener {
-  #  instance_port      = 443
-  #  instance_protocol  = "http"
-  #  lb_port            = 443
-  #  lb_protocol        = "https"
-  #  ssl_certificate_id = "arn:aws:iam::ID:server-certificate/NAME"
-  #}
+  enable_deletion_protection = false
 
   tags {
     prefix = "${var.prefix}"
@@ -55,10 +32,40 @@ resource "aws_elb" "explorer" {
   }
 }
 
-resource "aws_lb_cookie_stickiness_policy" "explorer" {
-  count                    = "${length(var.chains)}"
-  name                     = "${var.prefix}-explorer-${element(keys(var.chains),count.index)}-stickiness-policy"
-  load_balancer            = "${aws_elb.explorer.*.id[count.index]}"
-  lb_port                  = 80
-  cookie_expiration_period = 600
+# The Target Group for the ALB
+resource "aws_lb_target_group" "explorer" {
+  count    = "${length(var.chains)}"
+  name     = "${var.prefix}-explorer-${element(keys(var.chains),count.index)}-alb-target"
+  port     = 4000  
+  protocol = "HTTP"  
+  vpc_id   = "${aws_vpc.vpc.id}"   
+  tags {
+    prefix = "${var.prefix}"
+    origin = "terraform"
+  }   
+  stickiness {    
+    type            = "lb_cookie"
+    cookie_duration = 600    
+    enabled         = true  
+  }   
+  health_check {    
+    healthy_threshold   = 2    
+    unhealthy_threshold = 2    
+    timeout             = 15    
+    interval            = 30    
+    path                = "/en/blocks"    
+    port                = 4000  
+  }
+}
+
+# The Listener for the ALB
+resource "aws_alb_listener" "alb_listener" {  
+  load_balancer_arn = "${aws_lb.explorer.arn}"  
+  port              = 80  
+  protocol          = "HTTP"
+  
+  default_action {    
+    target_group_arn = "${aws_lb_target_group.explorer.arn}"
+    type             = "forward"  
+  }
 }

modules/stack/security.tf

@@ -139,10 +139,10 @@ resource "aws_iam_role" "deployer" {
   assume_role_policy = "${data.aws_iam_policy_document.deployer-assume-role-policy.json}"
 }
 
-# A security group for the ELB so it is accessible via the web
-resource "aws_security_group" "elb" {
-  name        = "${var.prefix}-poa-elb"
-  description = "A security group for the app server ELB, so it is accessible via the web"
+# A security group for the ALB so it is accessible via the web
+resource "aws_security_group" "alb" {
+  name        = "${var.prefix}-poa-alb"
+  description = "A security group for the app server ALB, so it is accessible via the web"
   vpc_id      = "${aws_vpc.vpc.id}"
 
   # HTTP from anywhere

modules/stack/subnets.tf

@@ -13,6 +13,21 @@ resource "aws_subnet" "default" {
   }
 }
 
+## ALB subnet
+resource "aws_subnet" "alb" {
+  vpc_id                  = "${aws_vpc.vpc.id}"
+  cidr_block              = "${var.public_subnet_cidr}"
+  cidr_block              = "${cidrsubnet(var.db_subnet_cidr, 5, 1)}"
+  availability_zone       = "${data.aws_availability_zones.available.names[1]}"
+  map_public_ip_on_launch = true
+
+  tags {
+    name   = "${var.prefix}-default-subnet"
+    prefix = "${var.prefix}"
+    origin = "terraform"
+  }
+}
+
 ## Database subnet
 resource "aws_subnet" "database" {
   count                   = "${length(data.aws_availability_zones.available.names)}"