在地形上我做了:
resource "aws_lb" "test_lb" {
name = "test-lb-tf"
internal = false
load_balancer_type = "application"
security_groups = [aws_security_group.lb_sg.id]
enable_deletion_protection = true
access_logs {
bucket = "logs.example.com"
prefix = "test-lb"
enabled = true
}
}
#Test 1
resource "aws_route53_record" "test_staging_domain" {
zone_id = "Z09006193JFJXM3FAWH9I"
name = "myapp.example.com"
type = "CNAME"
ttl = 300
records = [aws_lb.test_lb.dns_name]
}
resource "aws_instance" "test_staging" {
ami="ami-09d64f47c232fb430"
instance_type="t3a.micro"
key_name = "common_ssh"
count=2
root_block_device {
volume_size = 30
volume_type = "gp3"
}
vpc_security_group_ids=[
"sg-0304ce47e789c538a"
]
}
resource "aws_lb_target_group" "test_staging_tg" {
name = "test_staging_tg"
port = 80
protocol = "HTTP"
target_type="instance"
}
resource "aws_lb_target_group_attachment" "test_staging-target-group-attachment" {
target_group_arn = aws_lb_target_group.test_staging_lb_listener.arn
target_id = aws_instance.test_staging.arn
}
resource "aws_lb_listener" "test_staging_lb_listener" {
load_balancer_arn = aws_lb.test_lb.arn
port = 443
protocol = "HTTPS"
certificate_arn = "arn:aws:acm:eu-west-1:962331388720:certificate/1cdd1f8c-64d5-4984-a985-133fbe0df5b0"
alpn_policy = "HTTP2Preferred"
default_action {
type = "forward"
forward {
target_group {
arn = aws_lb_target_group.test_staging_tg.arn
}
}
}
}
#Test 2
resource "aws_route53_record" "test2_staging_domain" {
zone_id = "Z09006193JFJXM3FAWH9I"
name = "myapp2.example.com"
type = "CNAME"
ttl = 300
records = [aws_lb.test_lb.dns_name]
}
resource "aws_instance" "test2_staging" {
ami="ami-09d64f47c232fb430"
instance_type="t3a.micro"
key_name = "common_ssh"
count=2
root_block_device {
volume_size = 30
volume_type = "gp3"
}
vpc_security_group_ids=[
"sg-0304ce47e789c538a"
]
}
resource "aws_lb_target_group" "test2_staging_tg" {
name = "test_staging_tg"
port = 80
protocol = "HTTP"
target_type="instance"
}
resource "aws_lb_target_group_attachment" "test2_staging-target-group-attachment" {
target_group_arn = aws_lb_target_group.test2_staging_lb_listener.arn
target_id = aws_instance.test2_staging.arn
}
resource "aws_lb_listener" "test2_staging_lb_listener" {
load_balancer_arn = aws_lb.test_lb.arn
port = 443
protocol = "HTTPS"
certificate_arn = "arn:aws:acm:eu-west-1:962331388720:certificate/1cdd1f8c-64d5-4984-a985-133fbe0df5b0"
alpn_policy = "HTTP2Preferred"
default_action {
type = "forward"
forward {
target_group {
arn = aws_lb_target_group.test2_staging_tg.arn
}
}
}
}
我尝试实现以下目标:
使用负载均衡器,我想将适当的流量引导到特定的目标组:
test_staging_tg
将处理myapp.example.com
test2_staging_tg
将处理myapp2.example.com
但是我如何使用 terraform 和 hcl 来确定我的目标群体中的必要域?
事实上,在去年(2023 年)我可以在 AWS 负载均衡器上定义多个域。但最近我注意到应用程序负载均衡器不允许像以前那样定义多个域。
实现这一目标的唯一方法是:
对于第一个,您可以将 terraform 定义拆分为 2 个文件:
test.tf
resource "aws_lb" "test_lb" {
name = "test-lb-tf"
internal = false
load_balancer_type = "application"
security_groups = [aws_security_group.lb_sg.id]
enable_deletion_protection = true
access_logs {
bucket = "logs.example.com"
prefix = "test-lb"
enabled = true
}
}
resource "aws_route53_record" "test_staging_domain" {
zone_id = "Z09006193JFJXM3FAWH9I"
name = "myapp.example.com"
type = "CNAME"
ttl = 300
records = [aws_lb.test_lb.dns_name]
}
resource "aws_instance" "test_staging" {
ami="ami-09d64f47c232fb430"
instance_type="t3a.micro"
key_name = "common_ssh"
count=2
root_block_device {
volume_size = 30
volume_type = "gp3"
}
vpc_security_group_ids=[
"sg-0304ce47e789c538a"
]
}
resource "aws_lb_target_group" "test_staging_tg" {
name = "test_staging_tg"
port = 80
protocol = "HTTP"
target_type="instance"
}
resource "aws_lb_target_group_attachment" "test_staging-target-group-attachment" {
target_group_arn = aws_lb_target_group.test_staging_lb_listener.arn
target_id = aws_instance.test_staging.arn
}
resource "aws_lb_listener" "test_staging_lb_listener" {
load_balancer_arn = aws_lb.test_lb.arn
port = 443
protocol = "HTTPS"
certificate_arn = "arn:aws:acm:eu-west-1:962331388720:certificate/1cdd1f8c-64d5-4984-a985-133fbe0df5b0"
alpn_policy = "HTTP2Preferred"
default_action {
type = "forward"
forward {
target_group {
arn = aws_lb_target_group.test_staging_tg.arn
}
}
}
}
和
test2.tf
:
resource "aws_lb" "test2_lb" {
name = "test2-lb-tf"
internal = false
load_balancer_type = "application"
security_groups = [aws_security_group.lb_sg.id]
enable_deletion_protection = true
access_logs {
bucket = "logs.example.com"
prefix = "test-lb"
enabled = true
}
}
resource "aws_route53_record" "test2_staging_domain" {
zone_id = "Z09006193JFJXM3FAWH9I"
name = "myapp2.example.com"
type = "CNAME"
ttl = 300
records = [aws_lb.test2_lb.dns_name]
}
resource "aws_instance" "test2_staging" {
ami="ami-09d64f47c232fb430"
instance_type="t3a.micro"
key_name = "common_ssh"
count=2
root_block_device {
volume_size = 30
volume_type = "gp3"
}
vpc_security_group_ids=[
"sg-0304ce47e789c538a"
]
}
resource "aws_lb_target_group" "test2_staging_tg" {
name = "test_staging_tg"
port = 80
protocol = "HTTP"
target_type="instance"
}
resource "aws_lb_target_group_attachment" "test2_staging-target-group-attachment" {
target_group_arn = aws_lb_target_group.test2_staging_lb_listener.arn
target_id = aws_instance.test2_staging.arn
}
resource "aws_lb_listener" "test2_staging_lb_listener" {
load_balancer_arn = aws_lb.test2_lb.arn
port = 443
protocol = "HTTPS"
certificate_arn = "arn:aws:acm:eu-west-1:962331388720:certificate/1cdd1f8c-64d5-4984-a985-133fbe0df5b0"
alpn_policy = "HTTP2Preferred"
default_action {
type = "forward"
forward {
target_group {
arn = aws_lb_target_group.test2_staging_tg.arn
}
}
}
}
如您所见,有 2 个负载均衡器资源(因此也是 2 个负载均衡器):
test_lb
test2_lb
分别解析自己的域。