Mr 123
Reputation: 191
AWS Load Balancer with a https listener created with terraform throws connection refused
I am facing a ridiculous behavior from the AWS Load Balancer created by terraform. After creating the target groups, which they point healthy, I create the load balancer as following:
resource "aws_alb" "jira_elb" {
name = "${data.vault_generic_secret.atlassian_datacenter_aws_jira.data["jira_elb_name"]}"
internal = "${local.elb_internal}"
load_balancer_type = "application"
idle_timeout = 600
security_groups = ["${aws_security_group.jira_elb_sg.id}"]
subnets = "${local.elb_internal == "true" ? local.private_subnet_ids : local.public_subnet_ids}" // Set the subnets based on local variable
enable_deletion_protection = false # CHANGE!!
enable_cross_zone_load_balancing = true
access_logs {
bucket = "${data.vault_generic_secret.atlassian_datacenter_aws_jira.data["jira_elb_s3_logs_bucket"]}"
prefix = "jira-elb"
enabled = true
# interval = 20 //The publishing interval in minutes. Default: 60 minutes.
}
}
And the https listener:
resource "aws_alb_listener" "jira_https_elb_listener" {
load_balancer_arn = "${aws_alb.jira_elb.arn}"
port = "443"
protocol = "HTTPS"
ssl_policy = "ELBSecurityPolicy-2016-08"
certificate_arn = "${data.aws_acm_certificate.jira_ssl_certificate.arn}"
default_action {
target_group_arn = "${aws_lb_target_group.jira_target_group.arn}"
type = "forward"
}
}
After the load balancer is created and try to access it through the browser I retrieve connection refused. The ridiculous part is that if I delete the listener by hand, and create the same listener with same certificate, port, and forwarding the DNS work through the browser. Is there any idea what may be happening?
Upvotes: 1
Views: 6009
Answers (1)
Sunni Kumar Kapil
Reputation: 342
AWS Load Balancer with an https listener created with terraform
resource "aws_lb" "internal_alb" {
name = "INTERNAL-ALB"
internal = true
load_balancer_type = "application"
security_groups = ["${aws_security_group.ecs_sg.id}"]
subnets = ["subxxxx", "subnet-dcxxxx", "subnet-fxxxx"]
enable_deletion_protection = false
access_logs {
bucket = "bucket_name"
enabled = true
}
tags = {
Name = "INTERNAL-ALB"
}
}
resource "aws_lb_target_group" "web_alb_target_group" {
name = "WEB-TG"
port = "80"
protocol = "HTTP"
vpc_id = "${aws_lb.internal_alb.vpc_id}"
health_check {
healthy_threshold = "5"
unhealthy_threshold = "2"
interval = "30"
matcher = "200"
path = "/heartbeat"
port = "traffic-port"
protocol = "HTTP"
timeout = "5"
}
tags = {
Name = "WEB-TG"
}
}
resource "aws_lb_listener" "internal_alb_http" {
load_balancer_arn = "${aws_lb.internal_alb.id}"
port = "80"
protocol = "HTTP"
default_action {
type = "forward"
target_group_arn = "arn:aws:elasticloadbalancing:us-east-1:48xxxxxxx:targetgroup/WEB-TG/4ad42b3dadxxxxxx66"
}
}
resource "aws_lb_listener" "internal_alb_https" {
load_balancer_arn = "${aws_lb.internal_alb.id}"
port = "443"
protocol = "HTTPS"
ssl_policy = "ELBSecurityPolicy-TLS-1-2-2017-01"
certificate_arn = "arn:aws:iam::48xxxxxxx:server-certificate/certifcate"
default_action {
type = "forward"
target_group_arn = "arn:aws:elasticloadbalancing:us-east-1:48xxxxxxx:targetgroup/WEB-TG/4ad42b3dadxxxxxx66"
}
}
resource "aws_route53_record" "node" {
zone_id = "ZSxxxxxxx"
name = "www.example.com"
type = "A"
alias {
name = "${aws_lb.internal_alb.dns_name}"
zone_id = "${aws_lb.internal_alb.zone_id}"
evaluate_target_health = true
}
}
Upvotes: 3
Related Questions
- ElasticBeanstalk Create Default Listener Rule with HTTPS:443 instead of HTTP:80 in Shared ALB with Terraform
- httpserver in EC2 instance via terraform
- CertificateNotfound error when creating LB Listener
- Failing to associate load balancer with target group
- Setting up ssl cert for load balancer terraform
- When using NLB, only specifying HTTPS works and not HTTP
- How to connect aws certificate manager to aws_alb_listener in terraform?
- Terraform - cannot use Load Balancer in AWS ECS
- How do I configure AWS network load balancers to route HTTPS traffic with Terraform?
- AWS set https SSL on Load Balancer Listener