aws_elb

Provides an Elastic Load Balancer resource.

~> NOTE on ELB Instances and ELB Attachments: Terraform currently provides both a standalone ELB Attachment resource (describing an instance attached to an ELB), and an ELB resource with instances defined in-line. At this time you cannot use an ELB with in-line instaces in conjunction with a ELB Attachment resources. Doing so will cause a conflict and will overwrite attachments.

Example Usage

# Create a new load balancer
resource "aws_elb" "bar" {
  name = "foobar-terraform-elb"
  availability_zones = ["us-west-2a", "us-west-2b", "us-west-2c"]

  access_logs {
    bucket = "foo"
    bucket_prefix = "bar"
    interval = 60
  }

  listener {
    instance_port = 8000
    instance_protocol = "http"
    lb_port = 80
    lb_protocol = "http"
  }

  listener {
    instance_port = 8000
    instance_protocol = "http"
    lb_port = 443
    lb_protocol = "https"
    ssl_certificate_id = "arn:aws:iam::123456789012:server-certificate/certName"
  }

  health_check {
    healthy_threshold = 2
    unhealthy_threshold = 2
    timeout = 3
    target = "HTTP:8000/"
    interval = 30
  }

  instances = ["${aws_instance.foo.id}"]
  cross_zone_load_balancing = true
  idle_timeout = 400
  connection_draining = true
  connection_draining_timeout = 400

  tags {
    Name = "foobar-terraform-elb"
  }
}

Argument Reference

The following arguments are supported:

  • name - (Optional) The name of the ELB. By default generated by terraform.
  • access_logs - (Optional) An Access Logs block. Access Logs documented below.
  • availability_zones - (Required for an EC2-classic ELB) The AZ's to serve traffic in.
  • security_groups - (Optional) A list of security group IDs to assign to the ELB. Only valid if creating an ELB within a VPC
  • subnets - (Required for a VPC ELB) A list of subnet IDs to attach to the ELB.
  • instances - (Optional) A list of instance ids to place in the ELB pool.
  • internal - (Optional) If true, ELB will be an internal ELB.
  • listener - (Required) A list of listener blocks. Listeners documented below.
  • health_check - (Optional) A health_check block. Health Check documented below.
  • cross_zone_load_balancing - (Optional) Enable cross-zone load balancing. Default: true
  • idle_timeout - (Optional) The time in seconds that the connection is allowed to be idle. Default: 60.
  • connection_draining - (Optional) Boolean to enable connection draining.
  • connection_draining_timeout - (Optional) The time in seconds to allow for connections to drain.
  • tags - (Optional) A mapping of tags to assign to the resource.

Exactly one of availability_zones or subnets must be specified: this determines if the ELB exists in a VPC or in EC2-classic.

Access Logs (access_logs) support the following:

  • bucket - (Required) The S3 bucket name to store the logs in.
  • bucket_prefix - (Optional) The S3 bucket prefix. Logs are stored in the root if not configured.
  • interval - (Optional) The publishing interval in minutes. Default: 60 minutes.
  • enabled - (Optional) Boolean to enable / disable access_logs. Default is true

Listeners (listener) support the following:

  • instance_port - (Required) The port on the instance to route to
  • instance_protocol - (Required) The protocol to use to the instance. Valid values are HTTP, HTTPS, TCP, or SSL
  • lb_port - (Required) The port to listen on for the load balancer
  • lb_protocol - (Required) The protocol to listen on. Valid values are HTTP, HTTPS, TCP, or SSL
  • ssl_certificate_id - (Optional) The ARN of an SSL certificate you have uploaded to AWS IAM. Note ECDSA-specific restrictions below. Only valid when lb_protocol is either HTTPS or SSL

Health Check (health_check) supports the following:

  • healthy_threshold - (Required) The number of checks before the instance is declared healthy.
  • unhealthy_threshold - (Required) The number of checks before the instance is declared unhealthy.
  • target - (Required) The target of the check. Valid pattern is "${PROTOCOL}:${PORT}${PATH}", where PROTOCOL values are:
    • HTTP, HTTPS - PORT and PATH are required
    • TCP, SSL - PORT is required, PATH is not supported
  • interval - (Required) The interval between checks.
  • timeout - (Required) The length of time before the check times out.

Note on ECDSA Key Algorithm

If the ARN of the ssl_certificate_id that is pointed to references a certificate that was signed by an ECDSA key, note that ELB only supports the P256 and P384 curves. Using a certificate signed by a key using a different curve could produce the error ERR_SSL_VERSION_OR_CIPHER_MISMATCH in your browser.

Attributes Reference

The following attributes are exported:

  • id - The name of the ELB
  • name - The name of the ELB
  • dns_name - The DNS name of the ELB
  • instances - The list of instances in the ELB
  • source_security_group - The name of the security group that you can use as part of your inbound rules for your load balancer's back-end application instances. Use this for Classic or Default VPC only.
  • source_security_group_id - The ID of the security group that you can use as part of your inbound rules for your load balancer's back-end application instances. Only available on ELBs launched in a VPC.
  • zone_id - The canonical hosted zone ID of the ELB (to be used in a Route 53 Alias record)

Import

ELBs can be imported using the name, e.g.

$ terraform import aws_elb.bar elb-production-12345