Terraform-provider-aws: Configuring a network LB to target an ASG

You have to specify the LB in the ASG definition:

resource "aws_lb" "proxy-nlb" {
  count   = "${var.elb_count}"
  name    = "${format("proxy-nlb-%d", count.index)}"
  internal        = false
  load_balancer_type = "network"
  subnets = ["${aws_subnet.subnet.*.id}"]

  security_groups = [
    "${aws_security_group.proxy-lb.id}",
    "${aws_security_group.proxy-lb-outside.id}",
  ]

  enable_deletion_protection = true
}

resource "aws_autoscaling_group" "proxy" {
  name                 = "proxy-asg"
  launch_configuration = "${aws_launch_configuration.proxy-launch_config.id}"
  min_size             = "${var.asg_min}"
  max_size             = "${var.asg_max}"
  desired_capacity     = "${var.asg_des}"
  vpc_zone_identifier  = ["${aws_subnet.subnet.*.id}"]

  load_balancers       = ["${aws_lb.proxy-nlb.*.name}"]

  lifecycle {
    create_before_destroy = true
  }
}

The key thing being load_balancers = ["${aws_lb.proxy-nlb.*.name}"] in the aws_autoscaling_group

thanks - but then how do you configure the listeners? In my case for example, I would use the NLB for SSH access

You would use an aws_lb_listener resource:

resource "aws_lb_listener" "ssh" {
  load_balancer_arn = "${aws_lb.proxy-nlb.arn}"
  port              = "22"
  protocol          = "TCP"

  # Be sure to create an aws_lb_target_group first
  default_action {
    target_group_arn = "${aws_lb_target_group.ssh.arn}"
    type             = "forward"
  }
}

@poblahblahblah However if you try yo use TCP on protocol it will error. You can specify anything other then HTTP or HTTPS.

Error: aws_lb_target_group.testexternal: "protocol" must be either "HTTP" or "HTTPS"

resource "aws_lb" "testexternal" {
  name                        = "testserver"

  load_balancer_type          = "network"
  internal                    = false
  subnets                     = ["${module.subnet.ELB-subnet-ids}"]
  enable_deletion_protection  = true
}

resource "aws_lb_target_group" "testexternal" {
  name     = "testexternal"
  protocol = "TCP"
  port     = 22
  vpc_id      = "${aws_vpc.bla.id}"

  health_check {
      healthy_threshold   = 10
      unhealthy_threshold = 2
      interval            = 10
      timeout             = 3
  }
}

resource "aws_lb" "testexternal" {
  name                        = "testserver"

  load_balancer_type          = "network"
  internal                    = false
  subnets                     = ["${module.subnet.ELB-subnet-ids}"]
  enable_deletion_protection  = true
}

resource "aws_lb_listener" "testexternal" {
  load_balancer_arn = "${aws_lb.testexternal.arn}"
  protocol          = "TCP"
  port              = "22"

  default_action {
    target_group_arn = "${aws_lb_target_group.testexternal.arn}"
    type             = "forward"
  }
}

resource "aws_lb_target_group_attachment" "testexternal" {
  target_group_arn = "${aws_lb_target_group.testexternal.arn}"
  target_id        = "${aws_instance.testserver-001.id}"
  port             = 22
}

Hi all! Thanks for helping out @sybeck2k here.

We use GitHub issues for tracking bugs and enhancements rather than for questions. While indeed it's possible to get answers to some questions here, it's generally better to use one of the community forums where there are far more people ready to help, whereas the GitHub issues here are _usually_ monitored only by the provider maintainers.

So with that said, I'm going to close this but please do feel free to open another issue if there are documentation issues or missing features in the load balancer resources that aren't already covered by other issues.

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!