This Terraform application sets up an ELB with appropriate security group configurations for secure web access.
The load balancer with name provided in web_elb_name
will be created. It will use VPC and it's subnets specified in the inputs compute_vpc_id
and compute_subnets
respectively.
The ELB will listen on port 443
and will have unrestricted access (0.0.0.0/0
) to it. It will forward the request to instance on port 8080
The ELB access log will be enabled and shipped to the s3 location given in the elb_access_log_config
variable and under the given elb name prefix.
Note
- The specified s3 bucket should have appropriate permissions to allow elb to put logs into it.
- The start of log delivery is delayed up to 5 minutes if the interval is set to 5 minutes, and up to 15 minutes if the interval is set to 60 minutes.
Reference - Access Logs for Your Classic Load Balancer
The script outputs ELB's Hosted Zone ID
and Name
which can be used to configure in Route53.
It creates and configures two security groups.
The ELB security group will have the following rules:
Inbound
Type | Protocol | Port Range | Source |
---|---|---|---|
HTTPS | TCP | 443 | 0.0.0.0/0 |
Outbound
Type | Protocol | Port Range | Destination |
---|---|---|---|
All Traffic | All | All | 0.0.0.0/0 |
The Instance security group will have the following rules:
Inbound
Type | Protocol | Port Range | Source |
---|---|---|---|
HTTP | TCP | 8080 | <ELB SG ID> |
Outbound
Type | Protocol | Port Range | Destination |
---|---|---|---|
All Traffic | All | All | 0.0.0.0/0 |
terraform workspace create dev
terraform workspace select dev
terraform init
terraform apply
terraform destroy
The input variables aws_region
, compute_vpc_id
and compute_subnets
are to be configured in terraform.tfvars
which is not uploaded to Git. Alternatively, in future iterations the aforementioned variables can be moved to environment variables as well.
The following are all the required input variables:
Description: The AWS region in which this infrastructure is to be deployed
Type: string
Description: The VPC ID in which all compute resources will be deployed
Type: string
Description: Subnets over which the ELB will be deployed
Type: list
Description: Default tags that needs to be applied on all the resources
Type: map
Description: Name used for the web ELB
Type: string
Description: ELB ports on which access will be allowed
Type: list
Description: Configurations required to ship ELB access logs to s3
Type: map
Description: ELB health check configuration
Type: map
Description: ELB listener configuration
Type: map
Description: Name used for the web instance
Type: string
Description: Web instance ports on which access will be allowed
Type: list