aws_elb

Provides an Elastic Load Balancer resource, also known as a "Classic Load Balancer" after the release of Application/Network Load Balancers.

NOTE on ELB Instances and ELB Attachments: Terraform currently provides both a standalone ELB Attachment resource (describing an instance attached to an ELB), and an ELB resource with instances defined in-line. At this time you cannot use an ELB with in-line instances in conjunction with a ELB Attachment resources. Doing so will cause a conflict and will overwrite attachments.

Example Usage

# Create a new load balancer
resource "aws_elb" "bar" {
  name               = "foobar-terraform-elb"
  availability_zones = ["us-west-2a", "us-west-2b", "us-west-2c"]

  access_logs {
    bucket        = "foo"
    bucket_prefix = "bar"
    interval      = 60
  }

  listener {
    instance_port     = 8000
    instance_protocol = "http"
    lb_port           = 80
    lb_protocol       = "http"
  }

  listener {
    instance_port      = 8000
    instance_protocol  = "http"
    lb_port            = 443
    lb_protocol        = "https"
    ssl_certificate_id = "arn:aws:iam::123456789012:server-certificate/certName"
  }

  health_check {
    healthy_threshold   = 2
    unhealthy_threshold = 2
    timeout             = 3
    target              = "HTTP:8000/"
    interval            = 30
  }

  instances                   = ["${aws_instance.foo.id}"]
  cross_zone_load_balancing   = true
  idle_timeout                = 400
  connection_draining         = true
  connection_draining_timeout = 400

  tags {
    Name = "foobar-terraform-elb"
  }
}

Argument Reference

The following arguments are supported:

• name - (Optional) The name of the ELB. By default generated by Terraform.
• name_prefix - (Optional, Forces new resource) Creates a unique name beginning with the specified prefix. Conflicts with name.
• access_logs - (Optional) An Access Logs block. Access Logs documented below.
• availability_zones - (Required for an EC2-classic ELB) The AZ's to serve traffic in.
• security_groups - (Optional) A list of security group IDs to assign to the ELB. Only valid if creating an ELB within a VPC
• subnets - (Required for a VPC ELB) A list of subnet IDs to attach to the ELB.
• instances - (Optional) A list of instance ids to place in the ELB pool.
• internal - (Optional) If true, ELB will be an internal ELB.
• listener - (Required) A list of listener blocks. Listeners documented below.
• health_check - (Optional) A health_check block. Health Check documented below.
• cross_zone_load_balancing - (Optional) Enable cross-zone load balancing. Default: true
• idle_timeout - (Optional) The time in seconds that the connection is allowed to be idle. Default: 60
• connection_draining - (Optional) Boolean to enable connection draining. Default: false
• connection_draining_timeout - (Optional) The time in seconds to allow for connections to drain. Default: 300
• tags - (Optional) A mapping of tags to assign to the resource.

Exactly one of availability_zones or subnets must be specified: this determines if the ELB exists in a VPC or in EC2-classic.

Access Logs (access_logs) support the following:

• bucket - (Required) The S3 bucket name to store the logs in.
• bucket_prefix - (Optional) The S3 bucket prefix. Logs are stored in the root if not configured.
• interval - (Optional) The publishing interval in minutes. Default: 60 minutes.
• enabled - (Optional) Boolean to enable / disable access_logs. Default is true

Listeners (listener) support the following:

• instance_port - (Required) The port on the instance to route to
• instance_protocol - (Required) The protocol to use to the instance. Valid values are HTTP, HTTPS, TCP, or SSL
• lb_port - (Required) The port to listen on for the load balancer
• lb_protocol - (Required) The protocol to listen on. Valid values are HTTP, HTTPS, TCP, or SSL
• ssl_certificate_id - (Optional) The ARN of an SSL certificate you have uploaded to AWS IAM. Note ECDSA-specific restrictions below. Only valid when lb_protocol is either HTTPS or SSL

Health Check (health_check) supports the following:

• healthy_threshold - (Required) The number of checks before the instance is declared healthy.
• unhealthy_threshold - (Required) The number of checks before the instance is declared unhealthy.
• target - (Required) The target of the check. Valid pattern is "${PROTOCOL}:${PORT}${PATH}", where PROTOCOL values are:
  • HTTP, HTTPS - PORT and PATH are required
  • TCP, SSL - PORT is required, PATH is not supported
• interval - (Required) The interval between checks.
• timeout - (Required) The length of time before the check times out.

Note on ECDSA Key Algorithm

If the ARN of the ssl_certificate_id that is pointed to references a certificate that was signed by an ECDSA key, note that ELB only supports the P256 and P384 curves. Using a certificate signed by a key using a different curve could produce the error ERR_SSL_VERSION_OR_CIPHER_MISMATCH in your browser.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

• id - The name of the ELB
• arn - The ARN of the ELB
• name - The name of the ELB
• dns_name - The DNS name of the ELB
• instances - The list of instances in the ELB
• source_security_group - The name of the security group that you can use as part of your inbound rules for your load balancer's back-end application instances. Use this for Classic or Default VPC only.
• source_security_group_id - The ID of the security group that you can use as part of your inbound rules for your load balancer's back-end application instances. Only available on ELBs launched in a VPC.
• zone_id - The canonical hosted zone ID of the ELB (to be used in a Route 53 Alias record)

Import

ELBs can be imported using the name, e.g.

$ terraform import aws_elb.bar elb-production-12345