This Terraform module provides a preconfigured solution for setting up an AWS Application Load Balancer in your AWS account. The Application Load Balancer is a highly available and scalable load balancing solution for your applications. With this Terraform module, you can easily and efficiently set up and manage your load balancer, ensuring that your applications are highly available and can handle increasing traffic.
Our team has extensive experience working with AWS load balancers and has optimized this module to provide the best possible experience for users. The module encapsulates all necessary configurations, making it easy to use and integrate into your existing AWS environment. Whether you are just getting started with load balancing or looking for a more efficient way to manage your applications, this Terraform module provides a preconfigured solution for high availability and scalability.
Name | Description | Type | Default | Required |
---|---|---|---|---|
access_logs_bucket_id | The S3 bucket name to store the logs in. | string |
"" |
no |
access_logs_bucket_prefix | The S3 bucket prefix. Logs are stored in the root if not configured. | string |
"" |
no |
customer_owned_ipv4_pool | The ID of the customer owned ipv4 pool to use for this load balancer. | string |
null |
no |
desync_mitigation_mode | Determines how the load balancer handles requests that might pose a security risk to an application due to HTTP desync. | string |
"strictest" |
no |
drop_invalid_header_fields | Indicates whether HTTP headers with header fields that are not valid are removed by the load balancer (true) or routed to targets (false). | bool |
false |
no |
enable_cross_zone_load_balancing | If true, cross-zone load balancing of the load balancer will be enabled. | bool |
false |
no |
enable_deletion_protection | If true, deletion of the load balancer will be disabled via the AWS API. | bool |
true |
no |
enable_http2 | Indicates whether HTTP/2 is enabled in application load balancers. | bool |
true |
no |
enable_http_to_https_redirect | Whether to create a default HTTP to HTTPS redirect rule. | bool |
true |
no |
enable_security_group | Whether to create a security group for the load balancer. | bool |
true |
no |
enable_security_group_default_http_https_rule | Whether to create a default security group rule to allow HTTP and HTTPS traffic from anywhere. | bool |
false |
no |
enable_waf_fail_open | Indicates whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. | bool |
false |
no |
idle_timeout | The time in seconds that the connection is allowed to be idle. | number |
60 |
no |
internal | If true, the LB will be internal. | bool |
false |
no |
ip_address_type | The type of IP addresses used by the subnets for your load balancer. | string |
"ipv4" |
no |
name | Name or prefix of the Role. | string |
n/a | yes |
preserve_host_header | Indicates whether the Application Load Balancer should preserve the Host header in the HTTP request and send it to the target without any change. | bool |
false |
no |
security_group_egress_rules | A list of CIDR blocks to allow ingress traffic from. | any |
[] |
no |
security_group_ingress_rules | A list of CIDR blocks to allow ingress traffic from. | any |
[] |
no |
security_groups | A list of security group IDs to assign to the LB. | list(string) |
[] |
no |
subnets | A list of subnet IDs to attach to the LB. | list(string) |
n/a | yes |
tags | Tags to add to the Role. | map(any) |
{} |
no |
Name | Description |
---|---|
arn | ARN of the Application Load Balancer |
arn_suffix | The ARN suffix for use with CloudWatch Metrics. |
dns_name | The DNS name of the load balancer. |
http_to_https_listener_arn | ARN of the HTTP to HTTPS listener |
security_group | Security group ID of the Application Load Balancer |
zone_id | The canonical hosted zone ID of the load balancer (to be used in a Route 53 Alias record) |
Name | Version |
---|---|
aws | >= 4.4 |
- resource.aws_lb.main (main.tf#19)
- resource.aws_lb_listener.main (main.tf#49)
- data source.aws_subnet.main (data.tf#1)
module "vpc" {
source = "registry.terraform.io/terraform-aws-modules/vpc/aws"
version = "~> 5.0.0"
name = "main"
cidr = "10.100.0.0/16"
azs = ["eu-central-1a", "eu-central-1b"]
public_subnets = ["10.100.10.0/24", "10.100.11.0/24"]
}
module "basic-example" {
source = "../../"
name = "my-lb"
subnets = module.vpc.public_subnets
enable_security_group_default_http_https_rule = true
}