Switch to an Application Load Balancer and remove Classic Load Balancer
This commit is contained in:
parent
f18fb4b5e7
commit
fc5be70405
|
@ -68,9 +68,9 @@ The infra created, at a high level, is as follows:
|
|||
- A VPC containing all of the resources provisioned
|
||||
- A public subnet for the app servers, and a private subnet for the database (and Redis for now)
|
||||
- An internet gateway to provide internet access for the VPC
|
||||
- An ELB which exposes the app server HTTP endpoints to the world
|
||||
- An ALB which exposes the app server HTTP endpoints to the world
|
||||
- A security group to lock down ingress to the app servers to 80/443 + SSH
|
||||
- A security group to allow the ELB to talk to the app servers
|
||||
- A security group to allow the ALB to talk to the app servers
|
||||
- A security group to allow the app servers access to the database
|
||||
- An internal DNS zone
|
||||
- A DNS record for the database
|
||||
|
|
|
@ -24,8 +24,8 @@ resource "aws_codedeploy_deployment_group" "explorer" {
|
|||
}
|
||||
|
||||
load_balancer_info {
|
||||
elb_info {
|
||||
name = "${var.prefix}-explorer-${element(keys(var.chains),count.index)}-elb"
|
||||
target_group_info {
|
||||
name = "${aws_lb_target_group.explorer.*.name[count.index]}"
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -51,7 +51,7 @@ resource "aws_autoscaling_group" "explorer" {
|
|||
launch_configuration = "${aws_launch_configuration.explorer.name}"
|
||||
vpc_zone_identifier = ["${aws_subnet.default.id}"]
|
||||
availability_zones = ["${data.aws_availability_zones.available.names}"]
|
||||
load_balancers = ["${aws_elb.explorer.*.name[count.index]}"]
|
||||
target_group_arns = ["${aws_lb_target_group.explorer.*.arn[count.index]}"]
|
||||
|
||||
# Health checks are performed by CodeDeploy hooks
|
||||
health_check_type = "EC2"
|
||||
|
|
|
@ -20,7 +20,7 @@ output "codedeploy_bucket_path" {
|
|||
|
||||
output "explorer_urls" {
|
||||
description = "A map of each chain to the DNS name of its corresponding Explorer instance"
|
||||
value = "${zipmap(keys(var.chains), aws_elb.explorer.*.dns_name)}"
|
||||
value = "${zipmap(keys(var.chains), aws_lb.explorer.*.dns_name)}"
|
||||
}
|
||||
|
||||
output "db_instance_address" {
|
||||
|
|
|
@ -15,39 +15,16 @@ resource "aws_route" "internet_access" {
|
|||
gateway_id = "${aws_internet_gateway.default.id}"
|
||||
}
|
||||
|
||||
# The ELB for the app server
|
||||
resource "aws_elb" "explorer" {
|
||||
# The ALB for the app server
|
||||
resource "aws_lb" "explorer" {
|
||||
count = "${length(var.chains)}"
|
||||
name = "${var.prefix}-explorer-${element(keys(var.chains),count.index)}-elb"
|
||||
name = "${var.prefix}-explorer-${element(keys(var.chains),count.index)}-alb"
|
||||
internal = false
|
||||
load_balancer_type = "application"
|
||||
security_groups = ["${aws_security_group.alb.id}"]
|
||||
subnets = ["${aws_subnet.default.id}", "${aws_subnet.alb.id}"]
|
||||
|
||||
subnets = ["${aws_subnet.default.id}"]
|
||||
security_groups = ["${aws_security_group.elb.id}"]
|
||||
cross_zone_load_balancing = true
|
||||
connection_draining = true
|
||||
connection_draining_timeout = 400
|
||||
|
||||
health_check {
|
||||
healthy_threshold = 2
|
||||
unhealthy_threshold = 2
|
||||
timeout = 15
|
||||
interval = 30
|
||||
target = "HTTP:4000/en/blocks"
|
||||
}
|
||||
|
||||
listener {
|
||||
instance_port = 4000
|
||||
instance_protocol = "http"
|
||||
lb_port = 80
|
||||
lb_protocol = "http"
|
||||
}
|
||||
|
||||
#listener {
|
||||
# instance_port = 443
|
||||
# instance_protocol = "http"
|
||||
# lb_port = 443
|
||||
# lb_protocol = "https"
|
||||
# ssl_certificate_id = "arn:aws:iam::ID:server-certificate/NAME"
|
||||
#}
|
||||
enable_deletion_protection = false
|
||||
|
||||
tags {
|
||||
prefix = "${var.prefix}"
|
||||
|
@ -55,10 +32,40 @@ resource "aws_elb" "explorer" {
|
|||
}
|
||||
}
|
||||
|
||||
resource "aws_lb_cookie_stickiness_policy" "explorer" {
|
||||
# The Target Group for the ALB
|
||||
resource "aws_lb_target_group" "explorer" {
|
||||
count = "${length(var.chains)}"
|
||||
name = "${var.prefix}-explorer-${element(keys(var.chains),count.index)}-stickiness-policy"
|
||||
load_balancer = "${aws_elb.explorer.*.id[count.index]}"
|
||||
lb_port = 80
|
||||
cookie_expiration_period = 600
|
||||
name = "${var.prefix}-explorer-${element(keys(var.chains),count.index)}-alb-target"
|
||||
port = 4000
|
||||
protocol = "HTTP"
|
||||
vpc_id = "${aws_vpc.vpc.id}"
|
||||
tags {
|
||||
prefix = "${var.prefix}"
|
||||
origin = "terraform"
|
||||
}
|
||||
stickiness {
|
||||
type = "lb_cookie"
|
||||
cookie_duration = 600
|
||||
enabled = true
|
||||
}
|
||||
health_check {
|
||||
healthy_threshold = 2
|
||||
unhealthy_threshold = 2
|
||||
timeout = 15
|
||||
interval = 30
|
||||
path = "/en/blocks"
|
||||
port = 4000
|
||||
}
|
||||
}
|
||||
|
||||
# The Listener for the ALB
|
||||
resource "aws_alb_listener" "alb_listener" {
|
||||
load_balancer_arn = "${aws_lb.explorer.arn}"
|
||||
port = 80
|
||||
protocol = "HTTP"
|
||||
|
||||
default_action {
|
||||
target_group_arn = "${aws_lb_target_group.explorer.arn}"
|
||||
type = "forward"
|
||||
}
|
||||
}
|
||||
|
|
|
@ -139,10 +139,10 @@ resource "aws_iam_role" "deployer" {
|
|||
assume_role_policy = "${data.aws_iam_policy_document.deployer-assume-role-policy.json}"
|
||||
}
|
||||
|
||||
# A security group for the ELB so it is accessible via the web
|
||||
resource "aws_security_group" "elb" {
|
||||
name = "${var.prefix}-poa-elb"
|
||||
description = "A security group for the app server ELB, so it is accessible via the web"
|
||||
# A security group for the ALB so it is accessible via the web
|
||||
resource "aws_security_group" "alb" {
|
||||
name = "${var.prefix}-poa-alb"
|
||||
description = "A security group for the app server ALB, so it is accessible via the web"
|
||||
vpc_id = "${aws_vpc.vpc.id}"
|
||||
|
||||
# HTTP from anywhere
|
||||
|
|
|
@ -13,6 +13,21 @@ resource "aws_subnet" "default" {
|
|||
}
|
||||
}
|
||||
|
||||
## ALB subnet
|
||||
resource "aws_subnet" "alb" {
|
||||
vpc_id = "${aws_vpc.vpc.id}"
|
||||
cidr_block = "${var.public_subnet_cidr}"
|
||||
cidr_block = "${cidrsubnet(var.db_subnet_cidr, 5, 1)}"
|
||||
availability_zone = "${data.aws_availability_zones.available.names[1]}"
|
||||
map_public_ip_on_launch = true
|
||||
|
||||
tags {
|
||||
name = "${var.prefix}-default-subnet"
|
||||
prefix = "${var.prefix}"
|
||||
origin = "terraform"
|
||||
}
|
||||
}
|
||||
|
||||
## Database subnet
|
||||
resource "aws_subnet" "database" {
|
||||
count = "${length(data.aws_availability_zones.available.names)}"
|
||||
|
|
Loading…
Reference in New Issue