How to create 1 ALB internal and 2 EC2 with Terraform

Vasile.Minica · January 21, 2021, 1:34pm

How to create one Application Load Balancer with internal network and 2 instances EC2 with Terraform

First let’s set up our provider:

vmbs/Creating-1-ALB-internal-and-2-EC2-with-Terraform/blob/main/provider.tf

provider "aws" {
  access_key = "${var.AWS_ACCESS_KEY}"
  secret_key = "${var.AWS_SECRET_KEY}"
  region     = "${var.aws_region}"
}

This is the backend states from terraform where is going to S3 Bucket:

github.com

vmbs/Creating-1-ALB-internal-and-2-EC2-with-Terraform/blob/main/backend.tf

terraform {
  backend "s3" {
    bucket = "vasile-sysadmin-architect-dublin"
    key    = "terraform/terraform.tfstate"
    region = "eu-west-1"
  }
}

We creates a new VPC with no GateWay:

github.com

vmbs/Creating-1-ALB-internal-and-2-EC2-with-Terraform/blob/main/vpc.tf

### Network
 
# Internal VPC
 
resource "aws_vpc" "sys-vpc-int" {
  cidr_block           = "172.21.0.0/16"
  instance_tenancy     = "default"
  enable_dns_support   = "true"
  enable_dns_hostnames = "true"
  enable_classiclink   = "false"
 
  tags = {
    Name = "sys-vpc-int"
  }
}
 
# Subnets
 
resource "aws_subnet" "sys-private-1" {
  vpc_id                  = "${aws_vpc.sys-vpc-int.id}"

This file has been truncated. show original

We have the configuration for the Application Load Balancer:

github.com

vmbs/Creating-1-ALB-internal-and-2-EC2-with-Terraform/blob/main/alb.tf

## ALB
resource "aws_alb" "sys-eu-alb" {
  name            = "sys-db-eu-alb"
  internal        = true
  load_balancer_type = "application"
  subnets         = ["${aws_subnet.sys-private-1.id}", "${aws_subnet.sys-private-2.id}", "${aws_subnet.sys-private-3.id}"]
  security_groups = ["${aws_security_group.lb_sg.id}"]
}
 
resource "aws_alb_listener" "front_end" {
  load_balancer_arn = "${aws_alb.sys-eu-alb.id}"
  port              = "80"
  protocol          = "HTTP"
  default_action {
    type             = "forward"
    target_group_arn = "${aws_alb_target_group.db.id}"
  }
 
}

This file has been truncated. show original

We set the AMI that will update and launch configuration of the cluster:

github.com

vmbs/Creating-1-ALB-internal-and-2-EC2-with-Terraform/blob/main/data.tf

resource "aws_instance" "sys-db" {
  ami = "${lookup(var.amis, var.aws_region)}"
  count = 4
  instance_type = "t2.micro"
  key_name      = "sys_vasile_key"
  tags = {
    Name = "Vasile-WEB-0${count.index}"
  }
}

We can see that the load balancer is open to the world on tcp/80 and tcp/443 and the ECS EC2 instances have ports 32768 to 65535 open from the load balancer. This is because when we select the container port to 0 in the task definition AWS will randomly assign a port from this range to the container:

github.com

vmbs/Creating-1-ALB-internal-and-2-EC2-with-Terraform/blob/main/security.tf

esource "aws_security_group" "lb_sg" {
  description = "controls access to the ALB"
 
  vpc_id = "${aws_vpc.sys-vpc-int.id}"
  name   = "sys-db-alb"
 
  ingress {
    protocol    = "tcp"
    from_port   = 80
    to_port     = 80
    cidr_blocks = ["0.0.0.0/0"]
  }
 
  ingress {
    protocol    = "tcp"
    from_port   = 443
    to_port     = 443
    cidr_blocks = ["0.0.0.0/0"]
  }

This file has been truncated. show original

We have our variables file where I am using CentOS 7 AMI :

github.com

vmbs/Creating-1-ALB-internal-and-2-EC2-with-Terraform/blob/main/vars.tf

variable "aws_region" {
  description = "The AWS region to create things in."
  default = "eu-west-1"
}
variable "azs" {
  description = "Run the EC2 Instances in these Availability Zones"
  type = "list"
  default = ["eu-west-1a", "eu-west-1b", "eu-west-1c"]
}
variable "AWS_ACCESS_KEY" {}
variable "AWS_SECRET_KEY" {}
 
variable "amis" {
  type = "map"
  default = {
    eu-west-1 = "ami-005b5c720e7b986d6"
  }
}

We add terraform.tfvars for access and secret key.

github.com

vmbs/Creating-1-ALB-internal-and-2-EC2-with-Terraform/blob/main/terraform.tfvars

AWS_ACCESS_KEY = "VASILEAKIATCVASI2HQAVASIQ"
AWS_SECRET_KEY = "mk1zdB98Amr18hpWDv6gMZMzytgiQt2v$qU3DbVwDr3M"

# This is a example keys, you will need to use your.

Also you can go to my personal GIT on Vasile Minica / Creating-1-ALB-internal-and-2-EC2-with-Terraform · GitLab