Hi AWS, I was working on writing the Infrastructure code using Terraform for my web application.
This is the code for snippet for security group:
resource "aws_security_group" "client_alb" {
name_prefix = "${var.default_tags.project_name}-alb"
description = "security group for web application load balancer"
vpc_id = aws_vpc.main.id
tags = {
Name = "${var.default_tags.project_name}-sg"
}
}
resource "aws_security_group_rule" "client_alb_allow_80" {
security_group_id = aws_security_group.client_alb.id
type = "ingress"
protocol = "tcp"
from_port = 80
to_port = 80
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
description = "Allow HTTP traffic."
}
resource "aws_security_group_rule" "client_alb_allow_443" {
security_group_id = aws_security_group.client_alb.id
type = "ingress"
protocol = "tcp"
from_port = 443
to_port = 443
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
description = "Allow HTTP traffic."
}
resource "aws_security_group_rule" "client_alb_allow_outbound" {
security_group_id = aws_security_group.client_alb.id
type = "egress"
protocol = "-1"
from_port = 0
to_port = 0
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
description = "Allow any outbound traffic."
}
This is the code for ALB:
# User Facing Client Application Load Balancer
resource "aws_lb" "client_alb" {
name_prefix = "cl-"
load_balancer_type = "application"
security_groups = [aws_security_group.client_alb.id]
subnets = aws_subnet.public_subnet.*.id
idle_timeout = 60
ip_address_type = "dualstack"
tags = { "Name" = "${var.default_tags.project_name}-client-alb" }
}
# User Facing Client Target Group
resource "aws_lb_target_group" "client_alb_targets" {
name_prefix = "cl-"
port = 9090
protocol = "HTTP"
vpc_id = aws_vpc.main.id
deregistration_delay = 30
target_type = "ip"
health_check {
enabled = true
interval = 60
protocol = "HTTP"
}
tags = { "Name" = "${var.default_tags.project_name}-client-tg" }
}
# User Facing Client ALB Listeners
resource "aws_lb_listener" "client_alb_http_80" {
load_balancer_arn = aws_lb.client_alb.arn
port = 80
protocol = "HTTP"
default_action {
type = "forward"
target_group_arn = aws_lb_target_group.client_alb_targets.arn
}
}
When I am hitting the DNS name for ALB, I am getting this error which you can see in the screenshot provided.
As per the AWS docs, this error comes when the target groups for the load balancer have no registered targets. https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-troubleshooting.html#http-503-issues
I have added the code for the target group but I am confused why it is not working. Do I need to create an EC2 instance and add it as a target for ALB. Please help.