Examples
These examples demonstrate practical, real-world usage patterns for the alb module. Each example is self-contained and ready to run—simply copy the configuration, customize the values for your environment, and apply.
Getting Started
To run any example, follow these steps:
- Authenticate with the registry:
terraform login registry.patterneddesigns.ca - Initialize the working directory:
terraform init - Review the execution plan:
terraform plan - Apply the configuration:
terraform apply
Usage Examples
Minimal ALB configuration
module "web_alb" {
source = "registry.patterneddesigns.ca/patterneddesigns/alb/aws"
version = "3.0.0"
name = "web-alb"
vpc_id = module.vpc.vpc_id
subnets = module.vpc.public_subnets
}
Redirect HTTP traffic to HTTPS
Automatically redirect all HTTP requests to HTTPS for secure connections.
module "secure_alb" {
source = "registry.patterneddesigns.ca/patterneddesigns/alb/aws"
version = "3.0.0"
name = "secure-alb"
vpc_id = module.vpc.vpc_id
subnets = module.vpc.public_subnets
http_listeners = [{
port = 80
redirect = {
port = "443"
protocol = "HTTPS"
status_code = "HTTP_301"
}
}]
https_listeners = [{
port = 443
certificate_arn = aws_acm_certificate.main.arn
default_action = {
type = "forward"
target_group_arn = aws_lb_target_group.main.arn
}
}]
}
Key Points
- HTTP listener on port 80 redirects to HTTPS
- Uses HTTP 301 (permanent redirect) for SEO benefits
- HTTPS listener handles all traffic with SSL termination
Route to multiple backend target groups
Configure an ALB to distribute traffic across multiple target groups.
module "multi_tg_alb" {
source = "registry.patterneddesigns.ca/patterneddesigns/alb/aws"
version = "3.0.0"
name = "multi-tg-alb"
vpc_id = module.vpc.vpc_id
subnets = module.vpc.public_subnets
target_groups = [
{
name = "api-targets"
port = 8080
protocol = "HTTP"
target_type = "instance"
health_check = {
path = "/health"
interval = 30
}
},
{
name = "web-targets"
port = 80
protocol = "HTTP"
target_type = "instance"
health_check = {
path = "/"
interval = 30
}
}
]
}
Key Points
- Define multiple target groups with different configurations
- Each target group can have its own health check settings
- Use listener rules to route traffic to appropriate target groups
Route traffic based on URL path patterns
Route requests to different target groups based on URL path patterns.
module "path_routing_alb" {
source = "registry.patterneddesigns.ca/patterneddesigns/alb/aws"
version = "3.0.0"
name = "path-routing-alb"
vpc_id = module.vpc.vpc_id
subnets = module.vpc.public_subnets
https_listeners = [{
port = 443
certificate_arn = aws_acm_certificate.main.arn
}]
listener_rules = [
{
priority = 100
conditions = [{
path_pattern = ["/api/*"]
}]
actions = [{
type = "forward"
target_group_arn = aws_lb_target_group.api.arn
}]
},
{
priority = 200
conditions = [{
path_pattern = ["/admin/*"]
}]
actions = [{
type = "forward"
target_group_arn = aws_lb_target_group.admin.arn
}]
},
{
priority = 300
conditions = [{
path_pattern = ["/static/*"]
}]
actions = [{
type = "forward"
target_group_arn = aws_lb_target_group.static.arn
}]
}
]
}
Key Points
- Lower priority numbers are evaluated first
- Path patterns support wildcards (
*) - Default action handles unmatched requests
Route traffic based on host headers
Route requests to different target groups based on the Host header.
module "host_routing_alb" {
source = "registry.patterneddesigns.ca/patterneddesigns/alb/aws"
version = "3.0.0"
name = "host-routing-alb"
vpc_id = module.vpc.vpc_id
subnets = module.vpc.public_subnets
https_listeners = [{
port = 443
certificate_arn = aws_acm_certificate.main.arn
}]
listener_rules = [
{
priority = 100
conditions = [{
host_header = ["api.example.com"]
}]
actions = [{
type = "forward"
target_group_arn = aws_lb_target_group.api.arn
}]
},
{
priority = 200
conditions = [{
host_header = ["app.example.com"]
}]
actions = [{
type = "forward"
target_group_arn = aws_lb_target_group.app.arn
}]
},
{
priority = 300
conditions = [{
host_header = ["*.staging.example.com"]
}]
actions = [{
type = "forward"
target_group_arn = aws_lb_target_group.staging.arn
}]
}
]
}
Key Points
- Host header matching supports wildcards
- Use with multi-domain SSL certificates or SNI
- Combine with path-based routing for complex scenarios
Deploy ALB with AWS WAF protection
Integrate AWS WAF with your Application Load Balancer for security.
module "protected_alb" {
source = "registry.patterneddesigns.ca/patterneddesigns/alb/aws"
version = "3.0.0"
name = "protected-alb"
vpc_id = module.vpc.vpc_id
subnets = module.vpc.public_subnets
https_listeners = [{
port = 443
certificate_arn = aws_acm_certificate.main.arn
}]
}
resource "aws_wafv2_web_acl" "main" {
name = "alb-protection"
description = "WAF rules for ALB"
scope = "REGIONAL"
default_action {
allow {}
}
rule {
name = "AWSManagedRulesCommonRuleSet"
priority = 1
override_action {
none {}
}
statement {
managed_rule_group_statement {
name = "AWSManagedRulesCommonRuleSet"
vendor_name = "AWS"
}
}
visibility_config {
cloudwatch_metrics_enabled = true
metric_name = "AWSManagedRulesCommonRuleSet"
sampled_requests_enabled = true
}
}
visibility_config {
cloudwatch_metrics_enabled = true
metric_name = "alb-waf"
sampled_requests_enabled = true
}
}
resource "aws_wafv2_web_acl_association" "main" {
resource_arn = module.protected_alb.alb_arn
web_acl_arn = aws_wafv2_web_acl.main.arn
}
Key Points
- WAF v2 (WAFv2) is used for ALB protection
- Use AWS Managed Rules for common threats
- Associate WAF ACL with ALB ARN after creation