
Reputation: 13

Unable to specify target_group_arn for ALB

I am writing a terraform script in which i have separate modules. I want to create two different target groups for my ALB (one for the front-end, one for the back-end), but im having troubles in doing that.

Here is my code:


resource "aws_lb" "main" {
  name               = "${}-alb-${var.environment}"
  internal           = false
  load_balancer_type = "application"
  security_groups    = var.alb_security_groups
  subnets            = var.subnets.*.id

  enable_deletion_protection = false

  tags = {
    Name        = "${}-alb-${var.environment}"
    Environment = var.environment

resource "aws_alb_target_group" "frontend" {
  name        = "${}-tg-${var.environment}"
  port        = 3000
  protocol    = "HTTP"
  vpc_id      = var.vpc_id
  target_type = "ip"

  health_check {
    healthy_threshold   = "3"
    interval            = "30"
    protocol            = "HTTP"
    matcher             = "200"
    timeout             = "3"
    path                = var.health_check_front
    unhealthy_threshold = "2"

  tags = {
    Name        = "${}-tg-${var.environment}"
    Environment = var.environment

resource "aws_alb_target_group" "backend" {
  name        = "${}-tg-${var.environment}"
  port        = 5000
  protocol    = "HTTP"
  vpc_id      = var.vpc_id
  target_type = "ip"

  health_check {
    healthy_threshold   = "3"
    interval            = "30"
    protocol            = "HTTP"
    matcher             = "200"
    timeout             = "3"
    path                = var.health_check_back
    unhealthy_threshold = "2"

  tags = {
    Name        = "${}-tg-${var.environment}"
    Environment = var.environment

resource "aws_alb_listener" "frontend_listener" {
  load_balancer_arn =
  port              = 443
  protocol          = "HTTP"

  default_action {
    type = "forward"
    target_group_arn = aws_lb_target_group.frontend.arn

resource "aws_alb_listener" "backend_listener" {
    load_balancer_arn =
    port              = 444
    protocol          = "HTTPS"

    ssl_policy        = "ELBSecurityPolicy-2016-08"
    certificate_arn   = var.alb_tls_cert_arn

    default_action {
     type = "forward"
     target_group_arn = aws_lb_target_group.backend.arn

output "aws_alb_target_group_front" {
  value = aws_alb_target_group.frontend.arn

output "aws_alb_target_group_back" {
  value = aws_alb_target_group.backend.arn

output "alb_arn" {
  value =


variable "name" {
  description = "g4gov external ALB"
  default = "g4gov"

variable "environment" {
  description = "dev"

variable "subnets" {
  description = "Public CIDR's list"
  default     = ["", ""]

variable "vpc_id" {
  description = "VPC ID"

variable "alb_security_groups" {
  description = "Comma separated list of security groups"

variable "alb_tls_cert_arn" {
  description = "The ARN of the certificate that the ALB uses for https"
  default = "arn:aws:acm:eu-central-1:932935596778:certificate/ff8059b6-f9f3-4dec-893g-addgbc5ad74"

variable "health_check_front" {
  description = "Path to check if the service is healthy"
  default = "/"

variable "health_check_back" {
  description = "Path to check if the service is healthy"
  default = "/health"

Then in the root directory I have a file where everything is created. In there I call the alb module

module "alb" {
  source              = "./alb"
  name                =
  vpc_id              =
  subnets             = module.vpc.public_subnets
  environment         = var.environment
  # target_groups       = [var.aws_alb_target_group_front, var.aws_alb_target_group_back]
  alb_security_groups = [module.security_groups.alb]
  alb_tls_cert_arn    = var.tsl_certificate_arn
  health_check_front  = var.health_check_front
  health_check_back   = var.health_check_back

This is the error I have been getting. Personally I don't make sense of it because the following resources have been declared previously.

│ Error: Reference to undeclared resource
│   on alb\ line 71, in resource "aws_alb_listener" "frontend_listener":
│   71:     target_group_arn = aws_lb_target_group.frontend.arn
│ A managed resource "aws_lb_target_group" "frontend" has not been declared in module.alb.
│ Error: Reference to undeclared resource
│   on alb\ line 86, in resource "aws_alb_listener" "backend_listener":
│   86:      target_group_arn = aws_lb_target_group.backend.arn
│ A managed resource "aws_lb_target_group" "backend" has not been declared in module.alb.

The directory structure is as follows:

│   ├───modules
│   │   └───route53_public_zone.public_hosted_zone
│   │       └───examples
│   │           ├───private-zone
│   │           └───public-zone
│   └───providers
│       └───
│           └───hashicorp
│               └───aws
│                   └───3.65.0
│                       └───windows_amd64

Upvotes: 0

Views: 720

Answers (1)

Marko E
Marko E

Reputation: 18103

You have a typo in your code. The name of the resource you are trying to reference is not aws_alb_target_group rather aws_lb_target_group, e.g.:

resource "aws_alb_target_group" "frontend" { # <----- you are using alb here
  name        = "${}-tg-${var.environment}"
  port        = 3000
  protocol    = "HTTP"
  vpc_id      = var.vpc_id
  target_type = "ip"

  health_check {
    healthy_threshold   = "3"
    interval            = "30"
    protocol            = "HTTP"
    matcher             = "200"
    timeout             = "3"
    path                = var.health_check_front
    unhealthy_threshold = "2"

  tags = {
    Name        = "${}-tg-${var.environment}"
    Environment = var.environment

resource "aws_alb_target_group" "backend" { # <----- you are using alb here
  name        = "${}-tg-${var.environment}"
  port        = 5000
  protocol    = "HTTP"
  vpc_id      = var.vpc_id
  target_type = "ip"

  health_check {
    healthy_threshold   = "3"
    interval            = "30"
    protocol            = "HTTP"
    matcher             = "200"
    timeout             = "3"
    path                = var.health_check_back
    unhealthy_threshold = "2"

  tags = {
    Name        = "${}-tg-${var.environment}"
    Environment = var.environment

resource "aws_alb_listener" "frontend_listener" {
  load_balancer_arn =
  port              = 443
  protocol          = "HTTP"

  default_action {
    type = "forward"
    target_group_arn = aws_lb_target_group.frontend.arn # <----- you are using lb here

resource "aws_alb_listener" "backend_listener" {
    load_balancer_arn =
    port              = 444
    protocol          = "HTTPS"

    ssl_policy        = "ELBSecurityPolicy-2016-08"
    certificate_arn   = var.alb_tls_cert_arn

    default_action {
     type = "forward"
     target_group_arn = aws_lb_target_group.backend.arn # <--- you are using lb here

Instead, this should be:

resource "aws_alb_target_group" "frontend" {
  name        = "${}-tg-${var.environment}"
  port        = 3000
  protocol    = "HTTP"
  vpc_id      = var.vpc_id
  target_type = "ip"

  health_check {
    healthy_threshold   = "3"
    interval            = "30"
    protocol            = "HTTP"
    matcher             = "200"
    timeout             = "3"
    path                = var.health_check_front
    unhealthy_threshold = "2"

  tags = {
    Name        = "${}-tg-${var.environment}"
    Environment = var.environment

resource "aws_alb_target_group" "backend" {
  name        = "${}-tg-${var.environment}"
  port        = 5000
  protocol    = "HTTP"
  vpc_id      = var.vpc_id
  target_type = "ip"

  health_check {
    healthy_threshold   = "3"
    interval            = "30"
    protocol            = "HTTP"
    matcher             = "200"
    timeout             = "3"
    path                = var.health_check_back
    unhealthy_threshold = "2"

  tags = {
    Name        = "${}-tg-${var.environment}"
    Environment = var.environment

resource "aws_alb_listener" "frontend_listener" {
  load_balancer_arn =
  port              = 443
  protocol          = "HTTP"

  default_action {
    type = "forward"
    target_group_arn = aws_alb_target_group.frontend.arn

resource "aws_alb_listener" "backend_listener" {
    load_balancer_arn =
    port              = 444
    protocol          = "HTTPS"

    ssl_policy        = "ELBSecurityPolicy-2016-08"
    certificate_arn   = var.alb_tls_cert_arn

    default_action {
     type = "forward"
     target_group_arn = aws_alb_target_group.backend.arn

Upvotes: 1

Related Questions