From fe4404985431d64daf4909c2017494791b283d4a Mon Sep 17 00:00:00 2001 From: Roberto Moutinho Date: Thu, 16 Nov 2023 16:31:48 -0300 Subject: [PATCH 1/5] adding nlb --- README.md | 8 +++++++- ecs.tf | 11 +++++++++++ load_balancer_network.tf | 34 ++++++++++++++++++++++++++++++++++ 3 files changed, 52 insertions(+), 1 deletion(-) create mode 100644 load_balancer_network.tf diff --git a/README.md b/README.md index 5affef4..dd86ad5 100644 --- a/README.md +++ b/README.md @@ -41,7 +41,8 @@ This repository contains Terraform infrastructure code which creates AWS resourc | Name | Type | |------|------| -| [aws_appautoscaling_policy.auto_scaling](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/appautoscaling_policy) | resource | +| [aws_appautoscaling_policy.auto_scaling_cpu](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/appautoscaling_policy) | resource | +| [aws_appautoscaling_policy.auto_scaling_mem](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/appautoscaling_policy) | resource | | [aws_appautoscaling_target.target](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/appautoscaling_target) | resource | | [aws_cloudwatch_log_group.app](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource | | [aws_ecs_service.app](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_service) | resource | @@ -52,7 +53,10 @@ This repository contains Terraform infrastructure code which creates AWS resourc | [aws_iam_role_policy_attachment.ecs_task_execution](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | | [aws_kms_alias.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_alias) | resource | | [aws_kms_key.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource | +| [aws_lb.nlb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb) | resource | +| [aws_lb_listener.nlb_listener](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_listener) | resource | | [aws_lb_listener_certificate.extra_certs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_listener_certificate) | resource | +| [aws_lb_target_group.nlb_tg](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_target_group) | resource | | [aws_route53_record.app](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource | | [aws_security_group.app](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | | [aws_security_group_rule.allow_all](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource | @@ -100,6 +104,8 @@ This repository contains Terraform infrastructure code which creates AWS resourc | [asg\_period](#input\_asg\_period) | The period in seconds over which the specified statistic is applied | `number` | `60` | no | | [asg\_threshold\_cpu\_to\_scale\_down](#input\_asg\_threshold\_cpu\_to\_scale\_down) | The value against which the specified statistic is compared. | `number` | `40` | no | | [asg\_threshold\_cpu\_to\_scale\_up](#input\_asg\_threshold\_cpu\_to\_scale\_up) | The value against which the specified statistic is compared. | `number` | `60` | no | +| [asg\_threshold\_mem\_to\_scale\_down](#input\_asg\_threshold\_mem\_to\_scale\_down) | The value against which the specified statistic is compared. | `number` | `40` | no | +| [asg\_threshold\_mem\_to\_scale\_up](#input\_asg\_threshold\_mem\_to\_scale\_up) | The value against which the specified statistic is compared. | `number` | `60` | no | | [certificate\_arn](#input\_certificate\_arn) | ARN of certificate issued by AWS ACM. | `string` | `""` | no | | [cloudwatch\_log\_retention\_in\_days](#input\_cloudwatch\_log\_retention\_in\_days) | Retention period of app CloudWatch logs | `number` | `7` | no | | [container\_memory\_reservation](#input\_container\_memory\_reservation) | The amount of memory (in MiB) to reserve for the container | `number` | `128` | no | diff --git a/ecs.tf b/ecs.tf index 04ac8c6..f5828fb 100644 --- a/ecs.tf +++ b/ecs.tf @@ -58,6 +58,7 @@ resource "aws_ecs_service" "app" { } } + # application load balancer dynamic "load_balancer" { for_each = module.alb content { @@ -76,6 +77,16 @@ resource "aws_ecs_service" "app" { } } + # network load balancer + dynamic "load_balancer" { + for_each = aws_lb_target_group.nlb_tg + content { + container_name = local.container_name + container_port = var.app_port_mapping.0.containerPort + target_group_arn = aws_lb_target_group.nlb_tg.arn + } + } + tags = local.local_tags lifecycle { diff --git a/load_balancer_network.tf b/load_balancer_network.tf new file mode 100644 index 0000000..dc3b971 --- /dev/null +++ b/load_balancer_network.tf @@ -0,0 +1,34 @@ +#################################### +## Internal network load balancer ## +#################################### + +resource "aws_lb" "nlb" { + count = var.enable_nlb ? 1 : 0 + name = "${var.environment}-${var.name}-nlb" + internal = true + load_balancer_type = "network" + subnets = var.private_subnet_ids + enable_deletion_protection = false + tags = local.local_tags +} + +resource "aws_lb_target_group" "nlb_tg" { + count = var.enable_nlb ? 1 : 0 + name = "${var.environment}-${var.name}-nlb-tg" + port = var.app_port_mapping.0.containerPort + protocol = "TCP" + vpc_id = var.vpc_id + target_type = "ip" +} + +# Redirect all traffic from the NLB to the target group +resource "aws_lb_listener" "nlb_listener" { + count = var.enable_nlb ? 1 : 0 + load_balancer_arn = aws_lb.nlb.0.id + port = var.app_port_mapping.0.containerPort + protocol = "TCP" + default_action { + target_group_arn = aws_lb_target_group.nlb_tg.0.id + type = "forward" + } +} \ No newline at end of file From 1600fd3f2ebd24de1076676ea396e9a7c5d69317 Mon Sep 17 00:00:00 2001 From: Roberto Moutinho Date: Thu, 16 Nov 2023 16:38:56 -0300 Subject: [PATCH 2/5] adding nlb var --- variables.tf | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/variables.tf b/variables.tf index e5cfcdc..d5354fb 100644 --- a/variables.tf +++ b/variables.tf @@ -50,6 +50,13 @@ variable "private_subnet_ids" { default = [] } +# NLB +variable "enable_nlb" { + description = "IF an network load balancer should be created" + type = bool + default = true +} + # ALB variable "enable_alb" { description = "IF an application load balancer should be created" From 3e50072c7b01558b47dc80571abc546ea32ea728 Mon Sep 17 00:00:00 2001 From: Roberto Moutinho Date: Thu, 16 Nov 2023 16:39:01 -0300 Subject: [PATCH 3/5] adding nlb var --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index dd86ad5..3f569da 100644 --- a/README.md +++ b/README.md @@ -141,6 +141,7 @@ This repository contains Terraform infrastructure code which creates AWS resourc | [enable\_asg](#input\_enable\_asg) | If autoscaling should be enabled | `bool` | `false` | no | | [enable\_datadog\_log\_forwarder](#input\_enable\_datadog\_log\_forwarder) | Whether we create the lambda to forward logs to datadog | `bool` | `false` | no | | [enable\_datadog\_sidecar](#input\_enable\_datadog\_sidecar) | Whether the datadog sidecar should be added to the task definition | `bool` | `false` | no | +| [enable\_nlb](#input\_enable\_nlb) | IF an network load balancer should be created | `bool` | `true` | no | | [enable\_service\_discovery](#input\_enable\_service\_discovery) | Whether the service should be registered with Service Discovery. In order to use Service Disovery, an existing DNS Namespace must exist and be passed in. | `bool` | `false` | no | | [environment](#input\_environment) | The name of the environment | `string` | n/a | yes | | [external\_iam\_role](#input\_external\_iam\_role) | The ARN of the role to be attached to the ECS container | `string` | `""` | no | From da7699dc38586e55c1eb0b3fae5baab5573f47f7 Mon Sep 17 00:00:00 2001 From: Roberto Moutinho Date: Thu, 16 Nov 2023 16:46:32 -0300 Subject: [PATCH 4/5] adding nlb output --- outputs.tf | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/outputs.tf b/outputs.tf index 690f2ca..b54130d 100644 --- a/outputs.tf +++ b/outputs.tf @@ -8,8 +8,18 @@ output "vpc_id" { value = var.vpc_id } +output "nlb_id" { + description = "The ID and ARN of the network load balancer created" + value = try(aws_lb.nlb.0.id, null) +} + +output "nlb_dns_name" { + description = "Dns name of nlb" + value = try(aws_lb.nlb.0.dns_name, null) +} + output "alb_id" { - description = "The ID and ARN of the load balancer we created" + description = "The ID and ARN of the application load balancer created" value = try(module.alb.0.this_lb_id, null) } From 830e822cadb93699756592d8e0135d32023ee5fe Mon Sep 17 00:00:00 2001 From: Roberto Moutinho Date: Thu, 16 Nov 2023 17:14:33 -0300 Subject: [PATCH 5/5] adding nlb index --- ecs.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ecs.tf b/ecs.tf index f5828fb..4abc446 100644 --- a/ecs.tf +++ b/ecs.tf @@ -83,7 +83,7 @@ resource "aws_ecs_service" "app" { content { container_name = local.container_name container_port = var.app_port_mapping.0.containerPort - target_group_arn = aws_lb_target_group.nlb_tg.arn + target_group_arn = aws_lb_target_group.nlb_tg.0.arn } }