terraform-aws-alb icon indicating copy to clipboard operation
terraform-aws-alb copied to clipboard

Published 20 hours ago β€’ verified publisher icon terraform-aws-modules

Error creating NLB using v9.9.0 for TLS Listener & Target group

Open shriyo101 opened this issue 1 year ago β€’ 0 comments

Hi, I'm facing issue with the NLB creation using v9.9.0, but the same works with v8.7.0.

My requirement: Need to create NLB with listener with a client certificate and an empty target group since my target needs to be created in a different account and I need to pass it later on.

Terraform v1.9.0 on linux_amd64

I'm either seeing Health check incorrect and if health check part is commented, target_id or target_type is thrown as error.

How do I fix it? is this a bug? Am I missing any required fields? Checked multiple times documentation provided below, it seems correct.

https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#target-group-routing-configuration

https://docs.aws.amazon.com/elasticloadbalancing/latest/network/target-group-health-checks.html "If you add a TLS listener to your Network Load Balancer, we perform a listener connectivity test. As TLS termination also terminates a TCP connection, a new TCP connection is established between your load balancer and your targets. Therefore, you might see the TCP connections for this test sent from your load balancer to the targets that are registered with your TLS listener. You can identify these TCP connections because they have the source IP address of your Network Load Balancer and the connections do not contain data packets."

code of v9.9.0:

module "nlb" { source = "git::https://github.com/terraform-aws-modules/terraform-aws-alb.git?ref=454d2cbf78d48b9eaeb499bfe6dd05fe30b4ae0c" //source = "terraform-aws-modules/alb/aws" //version = "9.9.0"

create = var.create_nlb name = "${local.prefix}-nlb-ext" load_balancer_type = "network" vpc_id = local.vpc_id subnets = local.pub_snet_ids count = 1 enable_deletion_protection = var.deletion_protection enable_cross_zone_load_balancing = var.cross_zone_load_balancing internal = false access_logs = { "bucket" = "s3-extlb-bucket" "prefix" = "extlb-${var.environment}" }

listeners = { l1 = { port = 443 protocol = "TLS" certificate_arn = "${aws_acm_certificate.ocm-cert-api[count.index].certificate_authority_arn}" //enable this for new environment forward = { target_group_key = "t1" } } } target_groups = { t1= { name = "${local.prefix}-tgp-tls" protocol = "TLS" port = 443 target_type = "ip" deregistration_delay = 10 health_check = { enabled = true protocol = "TCP" interval = 30 healthy_threshold = 5 unhealthy_threshold = 2 timeout = 10 } } }

tags = { Name = "${local.prefix}-nlb" } }

Error: β”‚ Error: Unsupported attribute β”‚ β”‚ on .terraform/modules/nlb/main.tf line 568, in resource "aws_lb_target_group_attachment" "this": β”‚ 568: target_id = each.value.target_id β”‚ β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€ β”‚ β”‚ each.value is object with 6 attributes β”‚ β”‚ This object does not have an attribute named "target_id". β•΅ Operation failed: failed running terraform plan (exit 1)

or

Error 2: β•· β”‚ Error: Attribute "health_check[0].protocol" cannot have value "TCP" when "protocol" is "HTTP". β”‚ β”‚ with module.nlb_pvt_api[0].aws_lb_target_group.this["0"], β”‚ on .terraform/modules/nlb_pvt_api/main.tf line 487, in resource "aws_lb_target_group" "this": β”‚ 487: resource "aws_lb_target_group" "this" { β”‚ β•΅ β•· β”‚ Error: Attribute "health_check[0].protocol" cannot have value "TCP" when "protocol" is "HTTP". β”‚ β”‚ with module.nlb[0].aws_lb_target_group.this["0"], β”‚ on .terraform/modules/nlb/main.tf line 487, in resource "aws_lb_target_group" "this": β”‚ 487: resource "aws_lb_target_group" "this" { β”‚ β•΅ Operation failed: failed running terraform plan (exit 1)

Working Code

code of v8.7.0

module "nlb" { source = "git::https://github.com/terraform-aws-modules/terraform-aws-alb.git?ref=cb8e43d456a863e954f6b97a4a821f41d4280ab8" //source = "terraform-aws-modules/alb/aws" //version = "~> 8.0" #8.7.0

create_lb = var.create_nlb name = "${local.prefix}-nlb-ext" load_balancer_type = var.lb_type vpc_id = local.vpc_id subnets = local.pub_snet_ids count = 1 enable_deletion_protection = var.deletion_protection enable_cross_zone_load_balancing = var.cross_zone_load_balancing access_logs = { "bucket" = "s3-extlb-logs" "prefix" = "extlb-${var.environment}" }

target_groups = [ { name = "${local.prefix}-tgp-tls" backend_protocol = "TLS" backend_port = 443 target_type = "ip" deregistration_delay = 10 health_check = { enabled = true protocol = "TCP" interval = 30 healthy_threshold = 5 unhealthy_threshold = 2 timeout = 10 } } ]

https_listeners = [ { port = 443 protocol = "TLS" certificate_arn = "${aws_acm_certificate.ocm-cert-api[count.index].certificate_authority_arn}" target_group_index = 0 } ]

tags = {} }

shriyo101 avatar Jun 28 '24 06:06 shriyo101