I have an EC2 AMI which works fine (Linux/Website) I have a terraform script which spins up an auto scaling group. target group and EC2s. These all work. The ELB sees the target grop and the target group has 4 healthy instances. However, the ALB DNS will not render the website.
Attached is the Terraform script.
provider "aws" {
region = "eu-west-1"
}
# Create a VPC
resource "aws_vpc" "my_vpc" {
cidr_block = "10.0.0.0/16"
}
# Internet Gateway for the VPC
resource "aws_internet_gateway" "my_igw" {
vpc_id = aws_vpc.my_vpc.id
}
# Public Subnets
resource "aws_subnet" "public_subnet_1" {
vpc_id = aws_vpc.my_vpc.id
cidr_block = "10.0.1.0/24"
availability_zone = "eu-west-1a"
map_public_ip_on_launch = true
}
resource "aws_subnet" "public_subnet_2" {
vpc_id = aws_vpc.my_vpc.id
cidr_block = "10.0.2.0/24"
availability_zone = "eu-west-1b"
map_public_ip_on_launch = true
}
# Route Table for Public Subnets
resource "aws_route_table" "public_route_table" {
vpc_id = aws_vpc.my_vpc.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.my_igw.id
}
}
# Associate Route Table with Public Subnets
resource "aws_route_table_association" "public_1" {
subnet_id = aws_subnet.public_subnet_1.id
route_table_id = aws_route_table.public_route_table.id
}
resource "aws_route_table_association" "public_2" {
subnet_id = aws_subnet.public_subnet_2.id
route_table_id = aws_route_table.public_route_table.id
}
# Private Subnets
resource "aws_subnet" "private_subnet_1" {
vpc_id = aws_vpc.my_vpc.id
cidr_block = "10.0.3.0/24"
availability_zone = "eu-west-1a"
}
resource "aws_subnet" "private_subnet_2" {
vpc_id = aws_vpc.my_vpc.id
cidr_block = "10.0.4.0/24"
availability_zone = "eu-west-1b"
}
# Route Table for Private Subnets (no direct internet access)
resource "aws_route_table" "private_route_table" {
vpc_id = aws_vpc.my_vpc.id
}
# Associate Route Table with Private Subnets
resource "aws_route_table_association" "private_1" {
subnet_id = aws_subnet.private_subnet_1.id
route_table_id = aws_route_table.private_route_table.id
}
resource "aws_route_table_association" "private_2" {
subnet_id = aws_subnet.private_subnet_2.id
route_table_id = aws_route_table.private_route_table.id
}
# Security Group for ALB
resource "aws_security_group" "alb_sg" {
name = "alb-sg"
description = "Allow web traffic to ALB"
vpc_id = aws_vpc.my_vpc.id
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
# Security Group for EC2 Instances
resource "aws_security_group" "ec2_sg" {
name = "ec2-sg"
description = "Allow web traffic from ALB"
vpc_id = aws_vpc.my_vpc.id
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
security_groups = [aws_security_group.alb_sg.id]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
# Rest of your resources (Application Load Balancer, Launch Template, Auto Scaling Group, Target Group, Listener)
# ...
# Make sure to associate the Security Groups with the ALB and EC2 Instances
# Application Load Balancer
resource "aws_lb" "my_alb" {
name = "my-alb"
internal = false
load_balancer_type = "application"
subnets = [aws_subnet.public_subnet_1.id, aws_subnet.public_subnet_2.id]
}
# Launch Template
resource "aws_launch_template" "my_launch_template" {
name_prefix = "my-launch-template-"
image_id = "ami-05d4867ed58f446d9"
instance_type = "t2.micro"
# Additional settings can be specified here as needed
}
# Auto Scaling Group using the Launch Template
resource "aws_autoscaling_group" "my_asg" {
desired_capacity = 4
max_size = 8
min_size = 2
vpc_zone_identifier = [aws_subnet.private_subnet_1.id, aws_subnet.private_subnet_2.id]
launch_template {
id = aws_launch_template.my_launch_template.id
version = "$Latest"
}
target_group_arns = [aws_lb_target_group.tg.arn]
tag {
key = "Name"
value = "my-asg-instance"
propagate_at_launch = true
}
}
# ... [previous resources] ...
resource "aws_lb_target_group" "tg" {
name = "my-tg"
port = 80
protocol = "HTTP"
vpc_id = aws_vpc.my_vpc.id
health_check {
enabled = true
interval = 30
path = "/"
protocol = "HTTP"
matcher = "200"
timeout = 5
healthy_threshold = 3
unhealthy_threshold = 3
}
depends_on = [
aws_vpc.my_vpc,
aws_subnet.private_subnet_1,
aws_subnet.private_subnet_2
]
}
# ... [rest of your resources] ...
resource "aws_lb_listener" "listener" {
load_balancer_arn = aws_lb.my_alb.arn
port = "80"
protocol = "HTTP"
default_action {
type = "forward"
target_group_arn = aws_lb_target_group.tg.arn
}
}
That worked, thanks a million!!