AWS Elastic Load Balancing ELB
This page shows how to write Terraform and CloudFormation for Elastic Load Balancing ELB and write them securely.
aws_elb (Terraform)
The ELB in Elastic Load Balancing can be configured in Terraform with the resource name aws_elb
. The following sections describe 2 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_elb" "access_logs_set" {
availability_zones = [
"us-east-1a",
"us-east-1b",
"us-east-1c"
]
resource "aws_elb" "access_logs_set" {
availability_zones = [
"us-east-1a",
"us-east-1b",
"us-east-1c"
]
Security Best Practices for aws_elb
There are 2 settings in aws_elb that should be taken care of for security reasons. The following section explain an overview and example code.
Ensure your ALB blocks unwanted access
It is better to limit accessibility to the minimum that is required for the application to work.
Ensure to drop invalid headers at Elastic Load Balancing
It's better to drop them at Elastic Load Balancing. Passing invalid headers to the applications might cause issues like HTTP Request Smuggling.
Parameters
-
arn
optional computed - string -
availability_zones
optional computed - set of string -
connection_draining
optional - bool -
connection_draining_timeout
optional - number -
cross_zone_load_balancing
optional - bool -
dns_name
optional computed - string -
id
optional computed - string -
idle_timeout
optional - number -
instances
optional computed - set of string -
internal
optional computed - bool -
name
optional computed - string -
name_prefix
optional - string -
security_groups
optional computed - set of string -
source_security_group
optional computed - string -
source_security_group_id
optional computed - string -
subnets
optional computed - set of string -
tags
optional - map from string to string -
zone_id
optional computed - string -
access_logs
list block-
bucket
required - string -
bucket_prefix
optional - string -
enabled
optional - bool -
interval
optional - number
-
-
health_check
list block-
healthy_threshold
required - number -
interval
required - number -
target
required - string -
timeout
required - number -
unhealthy_threshold
required - number
-
-
listener
set block-
instance_port
required - number -
instance_protocol
required - string -
lb_port
required - number -
lb_protocol
required - string -
ssl_certificate_id
optional - string
-
Explanation in Terraform Registry
Provides an Elastic Load Balancer resource, also known as a "Classic Load Balancer" after the release of Application/Network Load Balancers.
NOTE on ELB Instances and ELB Attachments: Terraform currently provides both a standalone ELB Attachment resource (describing an instance attached to an ELB), and an ELB resource with
instances
defined in-line. At this time you cannot use an ELB with in-line instances in conjunction with a ELB Attachment resources. Doing so will cause a conflict and will overwrite attachments.
AWS::ElasticLoadBalancing::LoadBalancer (CloudFormation)
The LoadBalancer in ElasticLoadBalancing can be configured in CloudFormation with the resource name AWS::ElasticLoadBalancing::LoadBalancer
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
-
AccessLoggingPolicy
optional - AccessLoggingPolicy -
AppCookieStickinessPolicy
optional - List of AppCookieStickinessPolicy -
AvailabilityZones
optional - List -
ConnectionDrainingPolicy
optional - ConnectionDrainingPolicy -
ConnectionSettings
optional - ConnectionSettings -
CrossZone
optional - Boolean -
HealthCheck
optional - HealthCheck -
Instances
optional - List -
LBCookieStickinessPolicy
optional - List of LBCookieStickinessPolicy -
Listeners
required - List of Listeners -
LoadBalancerName
optional - String -
Policies
optional - List of Policies -
Scheme
optional - String -
SecurityGroups
optional - List -
Subnets
optional - List -
Tags
optional - List of Tag
Explanation in CloudFormation Registry
Specifies a Classic Load Balancer.
You can specify the
AvailabilityZones
orSubnets
property, but not both.If this resource has a public IP address and is also in a VPC that is defined in the same template, you must use the DependsOn attribute to declare a dependency on the VPC-gateway attachment.
Frequently asked questions
What is AWS Elastic Load Balancing ELB?
AWS Elastic Load Balancing ELB is a resource for Elastic Load Balancing of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS Elastic Load Balancing ELB?
For Terraform, the stelligent/config-lint and stelligent/config-lint source code examples are useful. See the Terraform Example section for further details.