From f2f5f7004c47628dea99118e00c7c084e1f6e069 Mon Sep 17 00:00:00 2001 From: Joshua Burns Date: Sat, 16 Sep 2023 17:38:45 -0700 Subject: [PATCH 1/4] first stab at adding a lb --- terraform/_outputs.tf | 5 ++++ terraform/ecs.tf | 9 ++++--- terraform/load_balancer.tf | 50 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 61 insertions(+), 3 deletions(-) create mode 100644 terraform/load_balancer.tf diff --git a/terraform/_outputs.tf b/terraform/_outputs.tf index 99a5ac5..9c99f69 100644 --- a/terraform/_outputs.tf +++ b/terraform/_outputs.tf @@ -22,3 +22,8 @@ output "ecs_service_arn" { value = aws_ecs_service.knowledgeshare_ui_service.id description = "ARN of the ECS Service" } + +output "front_end_dns_name" { + description = "The DNS name of the front end load balancer" + value = aws_lb.front_end.dns_name +} diff --git a/terraform/ecs.tf b/terraform/ecs.tf index 66709f3..b84c386 100644 --- a/terraform/ecs.tf +++ b/terraform/ecs.tf @@ -30,7 +30,7 @@ resource "aws_iam_role_policy_attachment" "ecs_execution_role_attachment" { } resource "aws_ecs_task_definition" "knowledgeshare_ui_task" { - family = "keyless-workflow-demo-td" + family = "keyless-workflow-demo" network_mode = "awsvpc" # FARGATE requires awsvpc from what I can tell requires_compatibilities = ["FARGATE"] cpu = "1024" # Choose based on your requirements @@ -62,7 +62,10 @@ resource "aws_ecs_service" "knowledgeshare_ui_service" { security_groups = [aws_security_group.keyless_workflow_demo_sg.id] assign_public_ip = true } - # iam_role = aws_iam_role.foo.arn - # depends_on = [aws_iam_role_policy.foo] + load_balancer { + target_group_arn = aws_lb_target_group.front_end_target_group.arn + container_name = "knowledgeshare-ui" + container_port = 3000 + } } diff --git a/terraform/load_balancer.tf b/terraform/load_balancer.tf new file mode 100644 index 0000000..b305ef9 --- /dev/null +++ b/terraform/load_balancer.tf @@ -0,0 +1,50 @@ +resource "aws_security_group" "allow_80" { + name = "allow_80" + description = "Allows HTTP traffic on 80" + + vpc_id = aws_vpc.keyless_workflow_demo_vpc.id + + ingress { + description = "HTTP from VPC" + from_port = 80 + to_port = 80 + protocol = "tcp" + cidr_blocks = [ aws_vpc.keyless_workflow_demo_vpc.cidr_block ] + } + + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + ipv6_cidr_blocks = ["::/0"] + } +} + +resource "aws_lb" "front_end" { + name = "fornt-end" + internal = false + load_balancer_type = "application" + security_groups = [aws_security_group.allow_80.id] + subnets = [ aws_subnet.keyless_workflow_demo_subnet.id ] +} + +resource "aws_lb_target_group" "front_end_target_group" { + name = "keyless-workflow-tg" + port = 3000 + protocol = "HTTP" + target_type = "ip" + vpc_id = aws_vpc.keyless_workflow_demo_vpc.id +} + +resource "aws_lb_listener" "front_end_listener" { + load_balancer_arn = aws_lb.front_end.arn + port = 80 + protocol = "HTTP" + + default_action { + type = "forward" + target_group_arn = aws_lb_target_group.front_end_target_group.arn + } +} From b060c6dd4e34b1d19fd7f4d5089e24d1aeac19bc Mon Sep 17 00:00:00 2001 From: Joshua Burns Date: Mon, 18 Sep 2023 16:25:17 -0700 Subject: [PATCH 2/4] registers both subnets to load balancer and sets the health check to the about page --- terraform/load_balancer.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/terraform/load_balancer.tf b/terraform/load_balancer.tf index b305ef9..4318b4f 100644 --- a/terraform/load_balancer.tf +++ b/terraform/load_balancer.tf @@ -27,12 +27,13 @@ resource "aws_lb" "front_end" { internal = false load_balancer_type = "application" security_groups = [aws_security_group.allow_80.id] - subnets = [ aws_subnet.keyless_workflow_demo_subnet.id ] + subnets = [ aws_subnet.public_subnet_a.id, aws_subnet.public_subnet_b.id ] } resource "aws_lb_target_group" "front_end_target_group" { name = "keyless-workflow-tg" port = 3000 + path = "about" protocol = "HTTP" target_type = "ip" vpc_id = aws_vpc.keyless_workflow_demo_vpc.id From 337db079ee260bb1e23c3840056a241cc092db75 Mon Sep 17 00:00:00 2001 From: Joshua Burns Date: Mon, 18 Sep 2023 16:37:53 -0700 Subject: [PATCH 3/4] fixes typo in health check --- terraform/load_balancer.tf | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/terraform/load_balancer.tf b/terraform/load_balancer.tf index 4318b4f..b812cf3 100644 --- a/terraform/load_balancer.tf +++ b/terraform/load_balancer.tf @@ -33,10 +33,12 @@ resource "aws_lb" "front_end" { resource "aws_lb_target_group" "front_end_target_group" { name = "keyless-workflow-tg" port = 3000 - path = "about" protocol = "HTTP" target_type = "ip" vpc_id = aws_vpc.keyless_workflow_demo_vpc.id + health_check { + path = "/about" + } } resource "aws_lb_listener" "front_end_listener" { From edad22b54ca6db03a44f26df6caf03771a156c68 Mon Sep 17 00:00:00 2001 From: Joshua Burns Date: Tue, 19 Sep 2023 11:25:07 -0700 Subject: [PATCH 4/4] Addresses a few bugs in the load_balancer terraform: - typo in the load_balancer name - incorrect ingress cider blocks on the security group attached to the lb --- terraform/load_balancer.tf | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/terraform/load_balancer.tf b/terraform/load_balancer.tf index b812cf3..b66b490 100644 --- a/terraform/load_balancer.tf +++ b/terraform/load_balancer.tf @@ -9,7 +9,8 @@ resource "aws_security_group" "allow_80" { from_port = 80 to_port = 80 protocol = "tcp" - cidr_blocks = [ aws_vpc.keyless_workflow_demo_vpc.cidr_block ] + cidr_blocks = ["0.0.0.0/0"] # Allow inbound traffic on 80 from any ip + ipv6_cidr_blocks = ["::/0"] } @@ -23,7 +24,7 @@ resource "aws_security_group" "allow_80" { } resource "aws_lb" "front_end" { - name = "fornt-end" + name = "front-end" internal = false load_balancer_type = "application" security_groups = [aws_security_group.allow_80.id]