fix: multi instance attachement to nlb target group

clouddrove · Aug 29, 2023 · 1c46d99 · 1c46d99
1 parent bcbafab
commit 1c46d99
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 16 deletions.
diff --git a/_example/nlb/exampe.tf b/_example/nlb/exampe.tf
@@ -88,7 +88,7 @@ module "ec2" {
   ssh_allowed_ip              = ["0.0.0.0/0"]
   ssh_allowed_ports           = [22]
   tenancy                     = "default"
-  public_key                  = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCmPuPTJ58AMvweGBuAqKX+tkb0ylYq5k6gPQnl6+ivQ8i/jsUJ+juI7q/7vSoTpd0k9Gv7DkjGWg1527I+LJeropVSaRqwDcrnuM1IfUCu0QdRoU8e0sW7kQGnwObJhnRcxiGPa1inwnneq9zdXK8BGgV2E4POKdwbEBlmjZmW8j4JMnCsLvZ4hxBjZB/3fnvHhn7UCqd2C6FhOz9k+aK2kxXHxdDdO9BzKqtvm5dSAxHhw6nDHSU+cHupjiiY/SvmFH0QpR5Fn1kyZH7DxV4D8R9wvP9jKZe/RRTEkB2HY7FpVNz/EqO/z5bv7japQ5LZY1"
+  public_key                  = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCm63Yf1+E6Fkts7LcAdOalvdUrZE0oA1A6pJUkx9c/V8ZFuclg7uNdnXV98iHWlA6tcvV69HsdBJZU3w66+6rxGgM0dbwSalRz60IGM40HwRT"
   subnet_ids                  = tolist(module.public_subnets.public_subnet_id)
   iam_instance_profile        = module.iam-role.name
   assign_eip_address          = true
@@ -159,13 +159,13 @@ module "nlb" {
     {
       port               = 443
       protocol           = "TLS"
-      target_group_index = 0
+      target_group_index = 1
       certificate_arn    = module.acm.arn
     },
     {
       port               = 84
       protocol           = "TLS"
-      target_group_index = 0
+      target_group_index = 1
       certificate_arn    = module.acm.arn
     },
   ]

diff --git a/main.tf b/main.tf
@@ -286,12 +286,28 @@ resource "aws_lb_target_group_attachment" "attachment" {
   port             = var.target_group_port
 }
 
+locals {
+  arns    = aws_lb_target_group.main.*.arn
+  targets = range(var.instance_count)
+  ports   = [for d in var.target_groups : d.backend_port]
+  # Nested loop over both lists, and flatten the result.
+  arns_targets = distinct(flatten([
+    for arn_key, arn in var.target_groups : [
+      for target in local.targets : {
+        target = target
+        port   = var.target_groups[tonumber(arn_key)].backend_port
+        key    = tonumber(arn_key)
+      }
+    ]
+  ]))
+}
+
 resource "aws_lb_target_group_attachment" "nattachment" {
-  count = var.enable && var.with_target_group && var.load_balancer_type == "network" ? length(var.https_listeners) : 0
+  for_each = var.load_balancer_type == "network" && var.enable && var.with_target_group ? { for k, v in local.arns_targets : k => v } : {}
 
-  target_group_arn = element(aws_lb_target_group.main[*].arn, count.index)
-  target_id        = element(var.target_id, 0)
-  port             = lookup(var.target_groups[count.index], "backend_port", null)
+  target_group_arn = element(aws_lb_target_group.main.*.arn, each.value.key) #local.arns_targets[count.index].arn
+  target_id        = var.target_id[each.value.target]                        #each.value.target
+  port             = each.value.port
 }
 
 ##-----------------------------------------------------------------------------

diff --git a/variables.tf b/variables.tf
@@ -56,7 +56,6 @@ variable "load_balancer_type" {
   type        = string
   default     = ""
   description = "The type of load balancer to create. Possible values are application or network. The default value is application."
-  sensitive   = true
 }
 
 
@@ -81,15 +80,13 @@ variable "http_tcp_listeners" {
 variable "target_groups" {
   description = "A list of maps containing key/value pairs that define the target groups to be created. Order of these maps is important and the index of these are to be referenced in listener definitions. Required key/values: name, backend_protocol, backend_port. Optional key/values are in the target_groups_defaults variable."
   type        = any
-  sensitive   = true
   default     = []
 }
 
 variable "subnets" {
   type        = list(any)
   default     = []
   description = "A list of subnet IDs to attach to the LB. Subnets cannot be updated for Load Balancers of type network. Changing this value will for load balancers of type network will force a recreation of the resource."
-  sensitive   = true
 }
 
 variable "enable_deletion_protection" {
@@ -102,21 +99,18 @@ variable "https_port" {
   type        = number
   default     = 443
   description = "The port on which the load balancer is listening. like 80 or 443."
-  sensitive   = true
 }
 
 variable "listener_protocol" {
   type        = string
   default     = "HTTPS"
   description = "The protocol for connections from clients to the load balancer. Valid values are TCP, HTTP and HTTPS. Defaults to HTTP."
-  sensitive   = true
 }
 
 variable "http_port" {
   type        = number
   default     = 80
   description = "The port on which the load balancer is listening. like 80 or 443."
-  sensitive   = true
 }
 
 variable "https_enabled" {
@@ -153,14 +147,12 @@ variable "target_group_port" {
 
 variable "vpc_id" {
   type        = string
-  sensitive   = true
   default     = ""
   description = "The identifier of the VPC in which to create the target group."
 }
 
 variable "target_id" {
   type        = list(any)
-  sensitive   = true
   description = "The ID of the target. This is the Instance ID for an instance, or the container ID for an ECS container. If the target type is ip, specify an IP address."
 }
 
@@ -184,7 +176,6 @@ variable "enable_http2" {
 
 variable "ip_address_type" {
   type        = string
-  sensitive   = true
   default     = "ipv4"
   description = "The type of IP addresses used by the subnets for your load balancer. The possible values are ipv4 and dualstack."
 }