search

terraform-aws-modules / terraform-aws-alb

Terraform module to create AWS Application/Network Load Balancer (ALB/NLB) resources 🇺🇦
https://registry.terraform.io/modules/terraform-aws-modules/alb/aws
Apache License 2.0
439 stars 673 forks source link

Attach existing ALB Target Groups to NLB when ALB Target Type Is Used #266

Closed adamwshero closed 1 year ago

adamwshero commented 2 years ago

Is your request related to a new offering from AWS?

Is this functionality available in the AWS provider for Terraform? See CHANGELOG.md, too.

Is your request related to a problem? Please describe.

Using any module tag version (e.g. v7.0.0), and when creating a network load balancer with the target_type as "alb", you are unable to attach to an existing ALB & Target group. Instead, a target group is created for you using the name attribute and any target group attachments seem to be ignored.

Describe the solution you'd like.

I would expect to be able to either specify the loadBalancerArns list(string) and targetGroupArn string in the target_groups block.

Describe alternatives you've considered.

Could possibly specify the loadBalancerArns list(string) and targetGroupArn string as part of the target_group_attachments block.

Additional context

Possible example of desired solution:

inputs = {

  name               = "contoso-dev" // 32 char limit
  load_balancer_type = "network"
  internal           = true
  idle_timeout       = 350
  vpc_id             = vpc-12345
  subnets            = subnet-78934
  access_logs = {
    enabled = true
    bucket  = contoso-nlb-logs-dev
  }

  http_tcp_listeners = [
    {
      port               = 443
      protocol           = "TCP"
      action_type        = "forward"
      target_group_index = 0
    }
  ]

  target_groups = [
    {
      name             = "contoso-dev"
      backend_port     = 443
      backend_protocol = "TCP"
      target_type      = "alb"
      health_check = {
        enabled             = true
        path                = "/health"
        healthy_threshold   = 5
        unhealthy_threshold = 5
        interval            = 10
      }
    }
  ]

  target_group_attachments = [
    {
      target_id    = ["arn:aws:elasticloadbalancing:us-east-1:1111111111111:loadbalancer/contoso-dev"]
      target_group = "arn:aws:elasticloadbalancing:us-east-1:1111111111111:targetgroup/contoso-dev"
      port         = 443
    }
  ]

  tags = local.tags
}
mavogel commented 1 year ago

I faced the same problem. My workaround is, assuming nlb and alb are both using terraform-aws-modules/alb/aws with version = "~> 8.0"

module "nlb" {
  source  = "terraform-aws-modules/alb/aws"
  version = "~> 8.0"

  load_balancer_type = "network"

  # other properties

  target_groups = [
    {
      name_prefix      = "pref-"
      backend_protocol = "TCP"
      backend_port     = 80
      target_type      = "alb"
      # target_id            = module.alb[0].lb_arn # TODO does not work yet.
    }
  ]

  http_tcp_listeners = [
    {
      port               = 80
      protocol           = "TCP"
      target_group_index = 0
    }
  ]
}

## WORKAROUND
resource "aws_lb_target_group_attachment" "nlb_to_alb" {
  target_group_arn = module.nlb.target_group_arns[0]
  target_id        = module.alb.lb_arn
  port             = 80
}
adamwshero commented 1 year ago

This might be worth submitting as a PR. I'm using Terragrunt so I can't make a workaround like this possible without forking this repository and referencing it as a source instead.

github-actions[bot] commented 1 year ago

This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days

adamwshero commented 1 year ago

Please keep this alive as it is a real issue that needs to be addressed.

github-actions[bot] commented 1 year ago

This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days

mavogel commented 1 year ago

keep alive

github-actions[bot] commented 1 year ago

This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days

adamwshero commented 1 year ago

keep alive

nischal-flywire commented 1 year ago

@mavogel I am attaching an NLB to an existing ALB using:

    targets = {
      alb_target = {
        target_id = module.alb.lb_arn
        port      = 443
      }
    }

In your example it would be:

module "nlb" {
  source  = "terraform-aws-modules/alb/aws"
  version = "~> 8.0"

  load_balancer_type = "network"

  # other properties

  target_groups = [
    {
      name_prefix      = "pref-"
      backend_protocol = "TCP"
      backend_port     = 80
      target_type      = "alb"
      targets = {
        alb_target = {
          target_id = module.alb.lb_arn
          port      = 80
        }
      }
    }
  ]

  http_tcp_listeners = [
    {
      port               = 80
      protocol           = "TCP"
      target_group_index = 0
    }
  ]
}
adamwshero commented 1 year ago

That actually worked for me now and I also upgraded to the v8.6.0 release nischal-flywire. Thank you for posting this. FYI the full Terragrunt input block looks like this. Hopefully the owners of this module can add this in the examples.

inputs = {
  name               = "${local.prefix}-${local.product}-${local.env}"
  load_balancer_type = "network"
  internal           = true
  idle_timeout       = 350
  vpc_id             = dependency.vpc.outputs.vpc_id
  subnets            = dependency.vpc.outputs.private_subnets
  access_logs = {
    enabled = true
    bucket  = dependency.nlb_logs.outputs.s3_bucket_id
    prefix  = "${local.prefix}-${local.product}-${local.env}"
  }

  http_tcp_listeners = [
    {
      port               = 443
      protocol           = "TCP"
      action_type        = "forward"
      target_group_index = 0
    }
  ]

  target_groups = [
    {
      name             = "${local.prefix}-my-service-name-${local.env}"
      backend_port     = 9098
      backend_protocol = "TCP"
      target_type      = "alb"
      health_check = {
        enabled             = true
        protocol            = "HTTPS"
        path                = "/health"
        port                = 9098
        healthy_threshold   = 3
        unhealthy_threshold = 3
        interval            = 30
      }
      targets = {
        alb_target = {
          target_id = dependency.alb.outputs.lb_arn
          port      = 9098
        }
      }
    }
  ]

  tags = local.tags
}
github-actions[bot] commented 1 year ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.