I am writing a terraform script in which i have separate modules. I want to create two different target groups for my ALB (one for the front-end, one for the back-end), but im having troubles in doing that.
Here is my code:
alb/main.tf
resource "aws_lb" "main" {
name = "${var.name}-alb-${var.environment}"
internal = false
load_balancer_type = "application"
security_groups = var.alb_security_groups
subnets = var.subnets.*.id
enable_deletion_protection = false
tags = {
Name = "${var.name}-alb-${var.environment}"
Environment = var.environment
}
}
resource "aws_alb_target_group" "frontend" {
name = "${var.name}-tg-${var.environment}"
port = 3000
protocol = "HTTP"
vpc_id = var.vpc_id
target_type = "ip"
health_check {
healthy_threshold = "3"
interval = "30"
protocol = "HTTP"
matcher = "200"
timeout = "3"
path = var.health_check_front
unhealthy_threshold = "2"
}
tags = {
Name = "${var.name}-tg-${var.environment}"
Environment = var.environment
}
}
resource "aws_alb_target_group" "backend" {
name = "${var.name}-tg-${var.environment}"
port = 5000
protocol = "HTTP"
vpc_id = var.vpc_id
target_type = "ip"
health_check {
healthy_threshold = "3"
interval = "30"
protocol = "HTTP"
matcher = "200"
timeout = "3"
path = var.health_check_back
unhealthy_threshold = "2"
}
tags = {
Name = "${var.name}-tg-${var.environment}"
Environment = var.environment
}
}
resource "aws_alb_listener" "frontend_listener" {
load_balancer_arn = aws_lb.main.id
port = 443
protocol = "HTTP"
default_action {
type = "forward"
target_group_arn = aws_lb_target_group.frontend.arn
}
}
resource "aws_alb_listener" "backend_listener" {
load_balancer_arn = aws_lb.main.id
port = 444
protocol = "HTTPS"
ssl_policy = "ELBSecurityPolicy-2016-08"
certificate_arn = var.alb_tls_cert_arn
default_action {
type = "forward"
target_group_arn = aws_lb_target_group.backend.arn
}
}
output "aws_alb_target_group_front" {
value = aws_alb_target_group.frontend.arn
}
output "aws_alb_target_group_back" {
value = aws_alb_target_group.backend.arn
}
output "alb_arn" {
value = aws_lb.main.id
}
alb/variables.tf
variable "name" {
description = "g4gov external ALB"
default = "g4gov"
}
variable "environment" {
description = "dev"
}
variable "subnets" {
description = "Public CIDR's list"
default = ["10.0.16.0/24", "10.0.48.0/24"]
}
variable "vpc_id" {
description = "VPC ID"
}
variable "alb_security_groups" {
description = "Comma separated list of security groups"
}
variable "alb_tls_cert_arn" {
description = "The ARN of the certificate that the ALB uses for https"
default = "arn:aws:acm:eu-central-1:932935596778:certificate/ff8059b6-f9f3-4dec-893g-addgbc5ad74"
}
variable "health_check_front" {
description = "Path to check if the service is healthy"
default = "/"
}
variable "health_check_back" {
description = "Path to check if the service is healthy"
default = "/health"
}
Then in the root directory I have a main.tf file where everything is created. In there I call the alb module
main.tf
module "alb" {
source = "./alb"
name = var.name
vpc_id = module.vpc.id
subnets = module.vpc.public_subnets
environment = var.environment
# target_groups = [var.aws_alb_target_group_front, var.aws_alb_target_group_back]
alb_security_groups = [module.security_groups.alb]
alb_tls_cert_arn = var.tsl_certificate_arn
health_check_front = var.health_check_front
health_check_back = var.health_check_back
}
This is the error I have been getting. Personally I don’t make sense of it because the following resources have been declared previously.
│ Error: Reference to undeclared resource
│ on alb\main.tf line 71, in resource "aws_alb_listener" "frontend_listener":
│ 71: target_group_arn = aws_lb_target_group.frontend.arn
│ A managed resource "aws_lb_target_group" "frontend" has not been declared in module.alb.
│ Error: Reference to undeclared resource
│ on alb\main.tf line 86, in resource "aws_alb_listener" "backend_listener":
│ 86: target_group_arn = aws_lb_target_group.backend.arn
│ A managed resource "aws_lb_target_group" "backend" has not been declared in module.alb.
The directory structure is as follows:
├───.terraform
│ ├───modules
│ │ └───route53_public_zone.public_hosted_zone
│ │ └───examples
│ │ ├───private-zone
│ │ └───public-zone
│ └───providers
│ └───registry.terraform.io
│ └───hashicorp
│ └───aws
│ └───3.65.0
│ └───windows_amd64
├───alb
├───ecr
├───ecs
├───grafana
├───graylog
├───rds
├───route53
├───secrects
├───security-groups
└───vpc
â””main.tf
â””variables.tf
â””terraformtfvars.tf
>Solution :
You have a typo in your code. The name of the resource you are trying to reference is not aws_alb_target_group rather aws_lb_target_group, e.g.:
resource "aws_alb_target_group" "frontend" { # <----- you are using alb here
name = "${var.name}-tg-${var.environment}"
port = 3000
protocol = "HTTP"
vpc_id = var.vpc_id
target_type = "ip"
health_check {
healthy_threshold = "3"
interval = "30"
protocol = "HTTP"
matcher = "200"
timeout = "3"
path = var.health_check_front
unhealthy_threshold = "2"
}
tags = {
Name = "${var.name}-tg-${var.environment}"
Environment = var.environment
}
}
resource "aws_alb_target_group" "backend" { # <----- you are using alb here
name = "${var.name}-tg-${var.environment}"
port = 5000
protocol = "HTTP"
vpc_id = var.vpc_id
target_type = "ip"
health_check {
healthy_threshold = "3"
interval = "30"
protocol = "HTTP"
matcher = "200"
timeout = "3"
path = var.health_check_back
unhealthy_threshold = "2"
}
tags = {
Name = "${var.name}-tg-${var.environment}"
Environment = var.environment
}
}
resource "aws_alb_listener" "frontend_listener" {
load_balancer_arn = aws_lb.main.id
port = 443
protocol = "HTTP"
default_action {
type = "forward"
target_group_arn = aws_lb_target_group.frontend.arn # <----- you are using lb here
}
}
resource "aws_alb_listener" "backend_listener" {
load_balancer_arn = aws_lb.main.id
port = 444
protocol = "HTTPS"
ssl_policy = "ELBSecurityPolicy-2016-08"
certificate_arn = var.alb_tls_cert_arn
default_action {
type = "forward"
target_group_arn = aws_lb_target_group.backend.arn # <--- you are using lb here
}
Instead, this should be:
resource "aws_alb_target_group" "frontend" {
name = "${var.name}-tg-${var.environment}"
port = 3000
protocol = "HTTP"
vpc_id = var.vpc_id
target_type = "ip"
health_check {
healthy_threshold = "3"
interval = "30"
protocol = "HTTP"
matcher = "200"
timeout = "3"
path = var.health_check_front
unhealthy_threshold = "2"
}
tags = {
Name = "${var.name}-tg-${var.environment}"
Environment = var.environment
}
}
resource "aws_alb_target_group" "backend" {
name = "${var.name}-tg-${var.environment}"
port = 5000
protocol = "HTTP"
vpc_id = var.vpc_id
target_type = "ip"
health_check {
healthy_threshold = "3"
interval = "30"
protocol = "HTTP"
matcher = "200"
timeout = "3"
path = var.health_check_back
unhealthy_threshold = "2"
}
tags = {
Name = "${var.name}-tg-${var.environment}"
Environment = var.environment
}
}
resource "aws_alb_listener" "frontend_listener" {
load_balancer_arn = aws_lb.main.id
port = 443
protocol = "HTTP"
default_action {
type = "forward"
target_group_arn = aws_alb_target_group.frontend.arn
}
}
resource "aws_alb_listener" "backend_listener" {
load_balancer_arn = aws_lb.main.id
port = 444
protocol = "HTTPS"
ssl_policy = "ELBSecurityPolicy-2016-08"
certificate_arn = var.alb_tls_cert_arn
default_action {
type = "forward"
target_group_arn = aws_alb_target_group.backend.arn
}