Flexible Engine Dedicated ELB terraform module
This Terraform module Elastic Load Balancer for Flexible Engine cover :
- Listeners configuration TCP/HTTP/HTTPS (With SSL certificate, and whitelist)
- Backends/Pools configuration with members
- Monitoring of backend members
module "dedicated-elb" { source = "../dedicated-elb" loadbalancer_name = "elb" vpc_id = module.network_vpc.vpc_id subnet_id = module.network_vpc.subnet_ids[0] security_group_ids = [module.sg.id] cross_vpc_backend = true availability_zones = [ "eu-west-0a", "eu-west-0b" ] tags = { Environment = "dedicated-elb module" } cert = true // making cert=true must either create a new certificate by putting certificate and private key. // Or if you have already a certificate put its certificate ID in certID variable. domain = "my-domain-name.com" cert_name = "my-cert-name" private_key = <<EOT -----BEGIN RSA PRIVATE KEY----- RSA PRIVATE KEY HERE -----END RSA PRIVATE KEY----- EOT certificate = <<EOT -----BEGIN CERTIFICATE----- CERTIFICATE HERE -----END CERTIFICATE----- EOT //Uncomment if you have already certificate existing. put its certificate ID. //certId = "a67adc649b8a44d6ae7b5fb0041ed7d8" //if you have already put certificate and privateID to create a new certificate, this variabla will be not necessary. ipgroups = [ { name = "ipgroup1" description = "descriisfd " listener_index = 0 ips = [ { ip = "192.168.33.2" description = "description 1 here" }, { ip = "192.168.33.1" description = "description 2 here" } ] }, { name = "ipgroup2" listener_index = 1 ips = [ { ip = "192.168.33.3" description = "description 3 here" } ] } ] listeners = [ { name = "testlistener" port = 8080 protocol = "HTTPS" hasCert = true // must be true for HTTPS listener description = "test desc" http2_enable = true idle_timeout = 40 request_timeout = 50 response_timeout = 60 tls_ciphers_policy = "tls-1-1" forward_eip = true // either "white" or "black" for whitelisting and blacklisting ip address group // Setting access_policy must be followed with ip_group config access_policy = "black" advanced_forwarding_enabled = true tags = { Environment = "landing-zoneee" } }, { name = "httpslistener" port = 443 protocol = "HTTPS" hasCert = true // must be true for HTTPS listener description = "test desc" // either "white" or "black" for whitelisting and blacklisting ip address group // Setting access_policy must be followed with ip_group config access_policy = "white" }, { name = "httplistener" port = 80 protocol = "HTTP" hasCert = false description = "fsdffdsfd" tags = { Environment = "landing-zoneee" } } ] pools = [{ name = "pool_test" protocol = "HTTPS" lb_method = "ROUND_ROBIN" listener_index = 0 }, { name = "pool_test2" protocol = "HTTPS" lb_method = "ROUND_ROBIN" listener_index = 1 }, { name = "pool_test3" protocol = "HTTP" lb_method = "ROUND_ROBIN" listener_index = 2 } ] backends = [ { name = "backend1" port = 5044 address_index = 0 pool_index = 0 subnet_id = module.network_vpc.subnet_ids[0] weight = 4 }, { name = "backend2" port = 5044 address_index = 1 pool_index = 1 subnet_id = module.network_vpc.subnet_ids[0] } ] backends_addresses = ["192.169.1.102", "192.169.1.247"] monitors = [ { pool_index = 0 protocol = "HTTPS" interval = 20 timeout = 10 max_retries = 3 url_path = "/check" }, { pool_index = 1 protocol = "HTTP" interval = 20 timeout = 10 max_retries = 3 port = 5044 url_path = "/check" } ] }| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| loadbalancer_name | Name of the Load Balancer | string | n/a | yes |
| description | The description for the load balancer | string | "" | no |
| vpc_id | VPC ID on which to create the load balancer | string | n/a | yes |
| subnet_id | Subnet ID | string | n/a | yes |
| cross_vpc_backend | Associate backend server IPs with load balancer | bool | n/a | yes |
| loadbalancer_provider | The name of the provider (currently supports "vlb") | string | "" | no |
| security_group_ids | A list of security group IDs to apply | list(string) | [] | no |
| availability_zones | A list of availability zones | list(string) | ["eu-west-0a", "eu-west-0b"] | no |
| tags | Key/value pairs to associate with the load balancer | map(string) | {"Environment": ""} | no |
| cert | Boolean to determine if certificate is added | bool | false | no |
| cert_name | Certificate name | string | "" | no |
| certId | Certificate ID | string | null | no |
| private_key | Private key in string format | string | "" | no |
| certificate | Certificate in string format | string | "" | no |
| domain | Domain name | string | "" | no |
| ipgroups | List of IP Address Groups | list(object({name = string, description = string, listener_index = number, ips = list(object({ip = string, description = string}))})) | n/a | yes |
| listeners | List of listeners | list(object({name = string, port = number, protocol = string, hasCert = bool, description = string, http2_enable = bool, idle_timeout = number, request_timeout = number, response_timeout = number, tls_ciphers_policy = string, forward_eip = bool, access_policy = string, ipgroup_index = number, server_certificate = string, ca_certificate = string, sni_certificate = list(string), advanced_forwarding_enabled = bool, tags = map(string)})) | n/a | yes |
| pools | List of pools | list(object({name = string, protocol = string, lb_method = string, listener_index = number, description = string})) | n/a | yes |
| backends | List of backends | list(object({name = string, port = number, address_index = string, pool_index = number, subnet_id = string, weight = number})) | n/a | yes |
| backends_addresses | List of backend addresses | list(any) | n/a | yes |
| monitors | List of monitors | list(object({pool_index = number, protocol = string, interval = |
| Name | Description |
|---|---|
| id | The Load Balancer ID |
| listeners | The LB listeners |
| pools | The LB pools |
| members | The LB members |
| monitors | The LB monitors |