Home > database >  Unable to specify target_group_arn for ALB
Unable to specify target_group_arn for ALB

Time:01-11

I am writing a terraform script in which i have separate modules. I want to create two different target groups for my ALB (one for the front-end, one for the back-end), but im having troubles in doing that.

Here is my code:

alb/main.tf

resource "aws_lb" "main" {
  name               = "${var.name}-alb-${var.environment}"
  internal           = false
  load_balancer_type = "application"
  security_groups    = var.alb_security_groups
  subnets            = var.subnets.*.id

  enable_deletion_protection = false

  tags = {
    Name        = "${var.name}-alb-${var.environment}"
    Environment = var.environment
  }
}

resource "aws_alb_target_group" "frontend" {
  name        = "${var.name}-tg-${var.environment}"
  port        = 3000
  protocol    = "HTTP"
  vpc_id      = var.vpc_id
  target_type = "ip"

  health_check {
    healthy_threshold   = "3"
    interval            = "30"
    protocol            = "HTTP"
    matcher             = "200"
    timeout             = "3"
    path                = var.health_check_front
    unhealthy_threshold = "2"
  }

  tags = {
    Name        = "${var.name}-tg-${var.environment}"
    Environment = var.environment
  }
}

resource "aws_alb_target_group" "backend" {
  name        = "${var.name}-tg-${var.environment}"
  port        = 5000
  protocol    = "HTTP"
  vpc_id      = var.vpc_id
  target_type = "ip"

  health_check {
    healthy_threshold   = "3"
    interval            = "30"
    protocol            = "HTTP"
    matcher             = "200"
    timeout             = "3"
    path                = var.health_check_back
    unhealthy_threshold = "2"
  }

  tags = {
    Name        = "${var.name}-tg-${var.environment}"
    Environment = var.environment
  }
}

resource "aws_alb_listener" "frontend_listener" {
  load_balancer_arn = aws_lb.main.id
  port              = 443
  protocol          = "HTTP"

  default_action {
    type = "forward"
    target_group_arn = aws_lb_target_group.frontend.arn
  }
}

resource "aws_alb_listener" "backend_listener" {
    load_balancer_arn = aws_lb.main.id
    port              = 444
    protocol          = "HTTPS"

    ssl_policy        = "ELBSecurityPolicy-2016-08"
    certificate_arn   = var.alb_tls_cert_arn

    default_action {
     type = "forward"
     target_group_arn = aws_lb_target_group.backend.arn
    }
}

output "aws_alb_target_group_front" {
  value = aws_alb_target_group.frontend.arn
}

output "aws_alb_target_group_back" {
  value = aws_alb_target_group.backend.arn
}

output "alb_arn" {
  value = aws_lb.main.id
}

alb/variables.tf

variable "name" {
  description = "g4gov external ALB"
  default = "g4gov"
}

variable "environment" {
  description = "dev"
}

variable "subnets" {
  description = "Public CIDR's list"
  default     = ["10.0.16.0/24", "10.0.48.0/24"]
}

variable "vpc_id" {
  description = "VPC ID"
}

variable "alb_security_groups" {
  description = "Comma separated list of security groups"
}

variable "alb_tls_cert_arn" {
  description = "The ARN of the certificate that the ALB uses for https"
  default = "arn:aws:acm:eu-central-1:932935596778:certificate/ff8059b6-f9f3-4dec-893g-addgbc5ad74"
}


variable "health_check_front" {
  description = "Path to check if the service is healthy"
  default = "/"
}

variable "health_check_back" {
  description = "Path to check if the service is healthy"
  default = "/health"
}

Then in the root directory I have a main.tf file where everything is created. In there I call the alb module

main.tf

module "alb" {
  source              = "./alb"
  name                = var.name
  vpc_id              = module.vpc.id
  subnets             = module.vpc.public_subnets
  environment         = var.environment
  # target_groups       = [var.aws_alb_target_group_front, var.aws_alb_target_group_back]
  alb_security_groups = [module.security_groups.alb]
  alb_tls_cert_arn    = var.tsl_certificate_arn
  health_check_front  = var.health_check_front
  health_check_back   = var.health_check_back
}

This is the error I have been getting. Personally I don't make sense of it because the following resources have been declared previously.

│ Error: Reference to undeclared resource
│   on alb\main.tf line 71, in resource "aws_alb_listener" "frontend_listener":
│   71:     target_group_arn = aws_lb_target_group.frontend.arn
│ A managed resource "aws_lb_target_group" "frontend" has not been declared in module.alb.
│ Error: Reference to undeclared resource
│   on alb\main.tf line 86, in resource "aws_alb_listener" "backend_listener":
│   86:      target_group_arn = aws_lb_target_group.backend.arn
│ A managed resource "aws_lb_target_group" "backend" has not been declared in module.alb.

The directory structure is as follows:

├───.terraform
│   ├───modules
│   │   └───route53_public_zone.public_hosted_zone
│   │       └───examples
│   │           ├───private-zone
│   │           └───public-zone
│   └───providers
│       └───registry.terraform.io
│           └───hashicorp
│               └───aws
│                   └───3.65.0
│                       └───windows_amd64
├───alb
├───ecr
├───ecs
├───grafana
├───graylog
├───rds
├───route53
├───secrects
├───security-groups
└───vpc
└main.tf
└variables.tf
└terraformtfvars.tf

CodePudding user response:

You have a typo in your code. The name of the resource you are trying to reference is not aws_alb_target_group rather aws_lb_target_group, e.g.:

resource "aws_alb_target_group" "frontend" { # <----- you are using alb here
  name        = "${var.name}-tg-${var.environment}"
  port        = 3000
  protocol    = "HTTP"
  vpc_id      = var.vpc_id
  target_type = "ip"

  health_check {
    healthy_threshold   = "3"
    interval            = "30"
    protocol            = "HTTP"
    matcher             = "200"
    timeout             = "3"
    path                = var.health_check_front
    unhealthy_threshold = "2"
  }

  tags = {
    Name        = "${var.name}-tg-${var.environment}"
    Environment = var.environment
  }
}

resource "aws_alb_target_group" "backend" { # <----- you are using alb here
  name        = "${var.name}-tg-${var.environment}"
  port        = 5000
  protocol    = "HTTP"
  vpc_id      = var.vpc_id
  target_type = "ip"

  health_check {
    healthy_threshold   = "3"
    interval            = "30"
    protocol            = "HTTP"
    matcher             = "200"
    timeout             = "3"
    path                = var.health_check_back
    unhealthy_threshold = "2"
  }

  tags = {
    Name        = "${var.name}-tg-${var.environment}"
    Environment = var.environment
  }
}

resource "aws_alb_listener" "frontend_listener" {
  load_balancer_arn = aws_lb.main.id
  port              = 443
  protocol          = "HTTP"

  default_action {
    type = "forward"
    target_group_arn = aws_lb_target_group.frontend.arn # <----- you are using lb here
  }
}

resource "aws_alb_listener" "backend_listener" {
    load_balancer_arn = aws_lb.main.id
    port              = 444
    protocol          = "HTTPS"

    ssl_policy        = "ELBSecurityPolicy-2016-08"
    certificate_arn   = var.alb_tls_cert_arn

    default_action {
     type = "forward"
     target_group_arn = aws_lb_target_group.backend.arn # <--- you are using lb here
    }

Instead, this should be:

resource "aws_alb_target_group" "frontend" {
  name        = "${var.name}-tg-${var.environment}"
  port        = 3000
  protocol    = "HTTP"
  vpc_id      = var.vpc_id
  target_type = "ip"

  health_check {
    healthy_threshold   = "3"
    interval            = "30"
    protocol            = "HTTP"
    matcher             = "200"
    timeout             = "3"
    path                = var.health_check_front
    unhealthy_threshold = "2"
  }

  tags = {
    Name        = "${var.name}-tg-${var.environment}"
    Environment = var.environment
  }
}

resource "aws_alb_target_group" "backend" {
  name        = "${var.name}-tg-${var.environment}"
  port        = 5000
  protocol    = "HTTP"
  vpc_id      = var.vpc_id
  target_type = "ip"

  health_check {
    healthy_threshold   = "3"
    interval            = "30"
    protocol            = "HTTP"
    matcher             = "200"
    timeout             = "3"
    path                = var.health_check_back
    unhealthy_threshold = "2"
  }

  tags = {
    Name        = "${var.name}-tg-${var.environment}"
    Environment = var.environment
  }
}

resource "aws_alb_listener" "frontend_listener" {
  load_balancer_arn = aws_lb.main.id
  port              = 443
  protocol          = "HTTP"

  default_action {
    type = "forward"
    target_group_arn = aws_alb_target_group.frontend.arn
  }
}

resource "aws_alb_listener" "backend_listener" {
    load_balancer_arn = aws_lb.main.id
    port              = 444
    protocol          = "HTTPS"

    ssl_policy        = "ELBSecurityPolicy-2016-08"
    certificate_arn   = var.alb_tls_cert_arn

    default_action {
     type = "forward"
     target_group_arn = aws_alb_target_group.backend.arn
    }
  • Related