Terraform 和 AWS 多个加权目标组 ALB 侦听器
Terraform and AWS multiple weighted target groups ALB listeners
我是 Terraform 的新手,我很难更改现有配置以匹配我们的 AWS 配置。这有点让我头疼。原始配置是由离开公司的人创建的,我正在尝试用最新的更改更新它。我更新了不同的东西,到了我卡住的地步。似乎我也无法很好地处理 Terraform 文档 /sad_face
我正在使用
terraform --version
Terraform v0.14.8
+ provider registry.terraform.io/hashicorp/aws v3.33.0
目标:在端口 443 上创建一个带有侦听器的 ALB,需要将流量重定向到多个加权目标组,2 或 3 个目标组,后面有网络服务器。在下面的示例中,它将有 2 个目标组,每个 TG 的权重为 1(50% 的流量流向第一个 TG,50% 流向第二个 TG)。 ALB 在端口 80 上还有一个侦听器,可将所有流量重定向到 443,但 terraform 配置工作正常。只有443监听器让我头疼。
我会 post 我的一些配置在这里(不是全部,不要用大块文本发送垃圾邮件),如果您需要更多,请告诉我。我尝试改变了很多东西,下面的配置是最后一次尝试。
这是 ALB TF 文件
# Manage company-alb-int-publish-NEW
## Load balancer and FQDN
module "publish-alb" {
source = "../../../../modules/load_balancer"
# ALB
alb_name = "${var.project_code}-alb-${var.environment}-publish-NEW"
alb_internal = false
lb_type = "application"
idle_timeout = 600
# Route 53
.......
## Target group 1
module "publish-target-group" {
source = "../../../../modules/target_group"
target_group_name = "company-${var.environment}-Publ1-Apache"
target_group_port = 443
target_group_protocol = "HTTPS"
............
}
# ## Target group 2
module "publish-target-group_2" {
source = "../../../../modules/target_group"
target_group_name = "company-${var.environment}-Publ2-Apache"
target_group_port = 443
..........
}
## Listeners
module "listener-http-https" {
source = "../../../../modules/listener_multiple_weighted_target_groups"
alb_arn = module.publish-alb.alb_arn
target_group_arn_1 = module.publish-target-group.target_group_arn_1
target_group_arn_2 = module.publish-target-group.target_group_arn_2
security_policy = var.security_policy
ssl_certificate = var.ssl_certificate
#listener_action = "forward"
stickiness_duration = 7200
stickiness_enabled = true
}
这是我尝试创建的具有多个加权目标组的 ALB 侦听器模块。
# Traffic over HTTP listener
resource "aws_alb_listener" "http" {
load_balancer_arn = var.alb_arn
port = 80
protocol = "HTTP"
default_action {
type = "redirect"
redirect {
port = "443"
protocol = "HTTPS"
status_code = "HTTP_301"
}
}
}
# Traffic over HTTPS listener
resource "aws_alb_listener" "https" {
load_balancer_arn = var.alb_arn
port = 443
protocol = "HTTPS"
ssl_policy = var.security_policy
certificate_arn = var.ssl_certificate
default_action {
forward {
target_group_arn {
target_group_arn = var.target_group_arn_1
weight = 1
}
target_group_arn {
target_group_arn = var.target_group_arn_2
weight = 1
}
}
}
}
这是我在运行“terraform plan”
时得到的输出
terraform plan
Error: Unsupported attribute
on company-alb-int-publish-NEW.tf line 107, in module "listener-http-https-publish":
107: target_group_arn_1 = module.publish-target-group.target_group_arn_1
This object does not have an attribute named "target_group_arn_1".
Error: Unsupported attribute
on company-alb-int-publish-NEW.tf line 108, in module "listener-http-https-publish":
108: target_group_arn_2 = module.publish-target-group.target_group_arn_2
This object does not have an attribute named "target_group_arn_2".
Error: Missing required argument
on ../../../../modules/listener_multiple_weighted_target_groups/main.tf line 28, in resource "aws_alb_listener" "https":
28: default_action {
The argument "type" is required, but no definition was found.
Error: Unsupported block type
on ../../../../modules/listener_multiple_weighted_target_groups/main.tf line 31, in resource "aws_alb_listener" "https":
31: target_group_arn {
Blocks of type "target_group_arn" are not expected here.
Error: Unsupported block type
on ../../../../modules/listener_multiple_weighted_target_groups/main.tf line 35, in resource "aws_alb_listener" "https":
35: target_group_arn {
Blocks of type "target_group_arn" are not expected here.
有人知道我做错了什么吗?
谢谢!
您应该使用 default_action.target_group 而不是 default_action.target_group_arn。 default_action.target_group 块然后将 arn 和 weight 作为参数:
resource "aws_alb_listener" "https" {
load_balancer_arn = var.alb_arn
port = 443
protocol = "HTTPS"
ssl_policy = var.security_policy
certificate_arn = var.ssl_certificate
default_action {
type = "forward"
forward {
target_group {
arn = var.target_group_arn_1
weight = 1
}
target_group {
arn = var.target_group_arn_2
weight = 1
}
}
}
}
我是 Terraform 的新手,我很难更改现有配置以匹配我们的 AWS 配置。这有点让我头疼。原始配置是由离开公司的人创建的,我正在尝试用最新的更改更新它。我更新了不同的东西,到了我卡住的地步。似乎我也无法很好地处理 Terraform 文档 /sad_face
我正在使用
terraform --version
Terraform v0.14.8
+ provider registry.terraform.io/hashicorp/aws v3.33.0
目标:在端口 443 上创建一个带有侦听器的 ALB,需要将流量重定向到多个加权目标组,2 或 3 个目标组,后面有网络服务器。在下面的示例中,它将有 2 个目标组,每个 TG 的权重为 1(50% 的流量流向第一个 TG,50% 流向第二个 TG)。 ALB 在端口 80 上还有一个侦听器,可将所有流量重定向到 443,但 terraform 配置工作正常。只有443监听器让我头疼。
我会 post 我的一些配置在这里(不是全部,不要用大块文本发送垃圾邮件),如果您需要更多,请告诉我。我尝试改变了很多东西,下面的配置是最后一次尝试。 这是 ALB TF 文件
# Manage company-alb-int-publish-NEW
## Load balancer and FQDN
module "publish-alb" {
source = "../../../../modules/load_balancer"
# ALB
alb_name = "${var.project_code}-alb-${var.environment}-publish-NEW"
alb_internal = false
lb_type = "application"
idle_timeout = 600
# Route 53
.......
## Target group 1
module "publish-target-group" {
source = "../../../../modules/target_group"
target_group_name = "company-${var.environment}-Publ1-Apache"
target_group_port = 443
target_group_protocol = "HTTPS"
............
}
# ## Target group 2
module "publish-target-group_2" {
source = "../../../../modules/target_group"
target_group_name = "company-${var.environment}-Publ2-Apache"
target_group_port = 443
..........
}
## Listeners
module "listener-http-https" {
source = "../../../../modules/listener_multiple_weighted_target_groups"
alb_arn = module.publish-alb.alb_arn
target_group_arn_1 = module.publish-target-group.target_group_arn_1
target_group_arn_2 = module.publish-target-group.target_group_arn_2
security_policy = var.security_policy
ssl_certificate = var.ssl_certificate
#listener_action = "forward"
stickiness_duration = 7200
stickiness_enabled = true
}
这是我尝试创建的具有多个加权目标组的 ALB 侦听器模块。
# Traffic over HTTP listener
resource "aws_alb_listener" "http" {
load_balancer_arn = var.alb_arn
port = 80
protocol = "HTTP"
default_action {
type = "redirect"
redirect {
port = "443"
protocol = "HTTPS"
status_code = "HTTP_301"
}
}
}
# Traffic over HTTPS listener
resource "aws_alb_listener" "https" {
load_balancer_arn = var.alb_arn
port = 443
protocol = "HTTPS"
ssl_policy = var.security_policy
certificate_arn = var.ssl_certificate
default_action {
forward {
target_group_arn {
target_group_arn = var.target_group_arn_1
weight = 1
}
target_group_arn {
target_group_arn = var.target_group_arn_2
weight = 1
}
}
}
}
这是我在运行“terraform plan”
时得到的输出terraform plan
Error: Unsupported attribute
on company-alb-int-publish-NEW.tf line 107, in module "listener-http-https-publish":
107: target_group_arn_1 = module.publish-target-group.target_group_arn_1
This object does not have an attribute named "target_group_arn_1".
Error: Unsupported attribute
on company-alb-int-publish-NEW.tf line 108, in module "listener-http-https-publish":
108: target_group_arn_2 = module.publish-target-group.target_group_arn_2
This object does not have an attribute named "target_group_arn_2".
Error: Missing required argument
on ../../../../modules/listener_multiple_weighted_target_groups/main.tf line 28, in resource "aws_alb_listener" "https":
28: default_action {
The argument "type" is required, but no definition was found.
Error: Unsupported block type
on ../../../../modules/listener_multiple_weighted_target_groups/main.tf line 31, in resource "aws_alb_listener" "https":
31: target_group_arn {
Blocks of type "target_group_arn" are not expected here.
Error: Unsupported block type
on ../../../../modules/listener_multiple_weighted_target_groups/main.tf line 35, in resource "aws_alb_listener" "https":
35: target_group_arn {
Blocks of type "target_group_arn" are not expected here.
有人知道我做错了什么吗?
谢谢!
您应该使用 default_action.target_group 而不是 default_action.target_group_arn。 default_action.target_group 块然后将 arn 和 weight 作为参数:
resource "aws_alb_listener" "https" {
load_balancer_arn = var.alb_arn
port = 443
protocol = "HTTPS"
ssl_policy = var.security_policy
certificate_arn = var.ssl_certificate
default_action {
type = "forward"
forward {
target_group {
arn = var.target_group_arn_1
weight = 1
}
target_group {
arn = var.target_group_arn_2
weight = 1
}
}
}
}