terraform-google-lb

A Terraform module for deploying the parts required to load balance traffic into a GCP instance group. Both HTTP(80) and HTTPS(443) proxies are deployed - the later optionally only if the required SSL certificate is provided. For TLS traffic we are defaulting to TLS 1.2.

Usage

At a minimum the load balancer needs 4 bits of information - a unique name, the named port to forward traffic on, the URL of the instance group to bind traffic onto and a self-link to the health check resource which is attached to the instance group.

module "collector_lb" {
  source = "snowplow-devops/lb/google"

  name = "collector-lb"

  instance_group_named_port_http = "http"
  instance_group_url             = var.instance_group_url
  health_check_self_link         = var.health_check_self_link
}

Adding a custom certificate

To add a certificate to the load balancer and therefore enable the TLS endpoint you will need to populate two extra variables:

module "collector_lb" {
  source = "snowplow-devops/lb/google"

  name = "collector-lb"

  instance_group_named_port_http = "http"
  instance_group_url             = var.instance_group_url
  health_check_self_link         = var.health_check_self_link

  ssl_certificate_id      = "your-certificate-id-here"
  ssl_certificate_enabled = true
}

Note: ssl_certificate_enabled is required to allow for the case where you are creating the certificate in-line with the LB module as Terraform will not be able to figure out the "count" attribute correctly at plan time.

Requirements

Name	Version
terraform	>= 1.0.0
google	>= 3.44.0

Providers

Name	Version
google	>= 3.44.0

Modules

No modules.

Resources

Name	Type
google_compute_backend_service.lb_backend	resource
google_compute_global_address.ip	resource
google_compute_global_forwarding_rule.lb_http_forwarding_rule	resource
google_compute_global_forwarding_rule.lb_https_forwarding_rule	resource
google_compute_ssl_policy.lb_target_https_ssl_policy	resource
google_compute_target_http_proxy.lb_target_http_proxy	resource
google_compute_target_https_proxy.lb_target_https_proxy	resource
google_compute_url_map.http_to_https_redirect	resource
google_compute_url_map.lb_url_map	resource

Inputs

Name	Description	Type	Default	Required
health_check_self_link	The URL of the instance group health check	string	n/a	yes
instance_group_named_port_http	The name of the HTTP port exposed by the instance group	string	n/a	yes
instance_group_url	The URL of the instance group to bind to the backend service	string	n/a	yes
name	A name which will be pre-pended to the resources created	string	n/a	yes
redirect_http_to_https	A boolean which makes the HTTP proxy redirect to HTTPS	bool	false	no
ssl_certificate_enabled	A boolean which triggers adding or removing the HTTPS proxy	bool	false	no
ssl_certificate_id	The ID of a Google Managed certificate to attach to the load balancer	string	""	no
ssl_min_tls_version	The minimum TLS version to use (https://cloud.google.com/load-balancing/docs/ssl-policies-concepts#defining_an_ssl_policy)	string	"TLS_1_2"	no
ssl_profile	The SSL Profile to use (https://cloud.google.com/load-balancing/docs/ssl-policies-concepts#defining_an_ssl_policy)	string	"MODERN"	no

Outputs

Name	Description
ip_address	n/a

Copyright and license

The Terraform Google Load Balancer project is Copyright 2021-present Snowplow Analytics Ltd.

Licensed under the Snowplow Community License. (If you are uncertain how it applies to your use case, check our answers to frequently asked questions.)

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.