如何在 AWS LB 中为不同的目标组指定域？

事实上，在去年（2023 年）我可以在 AWS 负载均衡器上定义多个域。但最近我注意到应用程序负载均衡器不允许像以前那样定义多个域。

实现这一目标的唯一方法是：

1. 使用多个负载均衡器
2. 使用 Cloudfront 并将流量转发到负载均衡器中的不同端口。

对于第一个，您可以将 terraform 定义拆分为 2 个文件：

test.tf

resource "aws_lb" "test_lb" {
  name               = "test-lb-tf"
  internal           = false
  load_balancer_type = "application"
  security_groups    = [aws_security_group.lb_sg.id]

  enable_deletion_protection = true

  access_logs {
    bucket  = "logs.example.com"
    prefix  = "test-lb"
    enabled = true
  }
}

resource "aws_route53_record" "test_staging_domain" {
  zone_id = "Z09006193JFJXM3FAWH9I"
  name    = "myapp.example.com"
  type    = "CNAME"
  ttl     = 300
  records = [aws_lb.test_lb.dns_name]
}


resource "aws_instance" "test_staging" {
  ami="ami-09d64f47c232fb430"
  instance_type="t3a.micro"
  key_name = "common_ssh"
  count=2
  
  root_block_device {
      volume_size = 30
      volume_type = "gp3"
  }

  vpc_security_group_ids=[
    "sg-0304ce47e789c538a"
  ]
}

resource "aws_lb_target_group" "test_staging_tg" {
  name     = "test_staging_tg"
  port     = 80
  protocol = "HTTP"
  target_type="instance"
}

resource "aws_lb_target_group_attachment" "test_staging-target-group-attachment" {
  target_group_arn = aws_lb_target_group.test_staging_lb_listener.arn
  target_id = aws_instance.test_staging.arn
}

resource "aws_lb_listener" "test_staging_lb_listener" {
  load_balancer_arn = aws_lb.test_lb.arn
  port = 443
  protocol = "HTTPS"
  certificate_arn = "arn:aws:acm:eu-west-1:962331388720:certificate/1cdd1f8c-64d5-4984-a985-133fbe0df5b0"
  alpn_policy = "HTTP2Preferred"

  default_action {
    type = "forward"
    forward {
      target_group {
        arn = aws_lb_target_group.test_staging_tg.arn
      }
    }
  }
  
}

和

test2.tf

resource "aws_lb" "test2_lb" {
  name               = "test2-lb-tf"
  internal           = false
  load_balancer_type = "application"
  security_groups    = [aws_security_group.lb_sg.id]

  enable_deletion_protection = true

  access_logs {
    bucket  = "logs.example.com"
    prefix  = "test-lb"
    enabled = true
  }
}

resource "aws_route53_record" "test2_staging_domain" {
  zone_id = "Z09006193JFJXM3FAWH9I"
  name    = "myapp2.example.com"
  type    = "CNAME"
  ttl     = 300
  records = [aws_lb.test2_lb.dns_name]
}

resource "aws_instance" "test2_staging" {
  ami="ami-09d64f47c232fb430"
  instance_type="t3a.micro"
  key_name = "common_ssh"
  count=2

  root_block_device {
      volume_size = 30
      volume_type = "gp3"
  }

  vpc_security_group_ids=[
    "sg-0304ce47e789c538a"
  ]
}

resource "aws_lb_target_group" "test2_staging_tg" {
  name     = "test_staging_tg"
  port     = 80
  protocol = "HTTP"
  target_type="instance"
}

resource "aws_lb_target_group_attachment" "test2_staging-target-group-attachment" {
  target_group_arn = aws_lb_target_group.test2_staging_lb_listener.arn
  target_id = aws_instance.test2_staging.arn
}

resource "aws_lb_listener" "test2_staging_lb_listener" {
  load_balancer_arn = aws_lb.test2_lb.arn
  port = 443
  protocol = "HTTPS"
  certificate_arn = "arn:aws:acm:eu-west-1:962331388720:certificate/1cdd1f8c-64d5-4984-a985-133fbe0df5b0"
  alpn_policy = "HTTP2Preferred"

  default_action {
    type = "forward"
    forward {
      target_group {
        arn = aws_lb_target_group.test2_staging_tg.arn
      }
    }
  }
}

如您所见，有 2 个负载均衡器资源（因此也是 2 个负载均衡器）：

• test_lb

• test2_lb

分别解析自己的域。