Build AWS ALB Host Header Based Routing 1735454108
Build AWS ALB Host Header Based Routing 1735454108
Pre-requisites
Step-01: Introduction
https://www.linkedin.com/in/azharsayyed1/
• Review the AWS Support Case ID 8245155801 to demonstrate the issue and resolution from
AWS
• Understand about how to submit the case related to Limit Increase for ACM Certificates.
• It will take 2 to 3 days to increase the limit and resolve the issue from AWS Side so if you
want to ensure that before you hit the limit, if you want to increase you can submit the ticket
well in advance.
Error: Error requesting certificate: LimitExceededException: Error: you have reached your limit of 20
certificates in the last year.
• Option-1: Submit the ticket to AWS and wait till they update the ACM certificate limit
• This limit you can hit at any point during your next sections of the course where you
exceeded 20 times of certificate creation and deletion.
• With that said knowing to run these Terraform Manifests in other region is a better option.
• I will show you the steps you can perform to switch the region using the terraform manifests
if you face this issue.
# Before
aws_region = "us-east-1"
# After
aws_region = "us-east-2"
# Before
https://www.linkedin.com/in/azharsayyed1/
# After
• Name: terraform-key-us-east-2
• You can have the keypair name same in us-east-2 region also so that you don't need to
change anything in c9-nullresource-provisioners.tf. Choice is yours.
# KeyPair Permissions
cd terraform-manifests\private-key
# Before
instance_keypair = "terraform-key"
# After
#instance_keypair = "terraform-key"
instance_keypair = "terraform-key-us-east-2"
depends_on = [module.ec2_public]
connection {
type = "ssh"
host = aws_eip.bastion_eip.public_ip
https://www.linkedin.com/in/azharsayyed1/
user = "ec2-user"
password = ""
private_key = file("private-key/terraform-key-us-east-2.pem")
provisioner "file" {
source = "private-key/terraform-key-us-east-2.pem"
destination = "/tmp/terraform-key-us-east-2.pem"
## Remote Exec Provisioner: Using remote-exec provisioner fix the private key permissions on
Bastion Host
provisioner "remote-exec" {
inline = [
provisioner "local-exec" {
command = "echo VPC created on `date` and VPC ID: ${module.vpc.vpc_id} >> creation-time-vpc-
id.txt"
working_dir = "local-exec-output-files/"
#on_failure = continue
Step-05: c10-01-ALB-application-loadbalancer-variables.tf
o c10-02-ALB-application-loadbalancer.tf
o c12-route53-dnsregistration.tf
• If we are using the values in more than one place its good to variablize that value
variable "app1_dns_name" {
https://www.linkedin.com/in/azharsayyed1/
description = "App1 DNS Name"
variable "app2_dns_name" {
Step-06: loadbalancer.auto.tfvars
app1_dns_name = "app16.devopsincloud.com"
app2_dns_name = "app26.devopsincloud.com"
Step-06: c10-02-ALB-application-loadbalancer.tf
conditions = [{
host_header = {
values = [var.app1_dns_name]
}]
conditions = [{
host_header = {
values = [var.app2_dns_name]
}]
Step-07: c12-route53-dnsregistration.tf
## Default DNS
zone_id = data.aws_route53_zone.mydomain.zone_id
name = "myapps.devopsincloud.com"
type = "A"
https://www.linkedin.com/in/azharsayyed1/
alias {
name = module.alb.dns_name
zone_id = module.alb.zone_id
evaluate_target_health = true
# DNS Registration
## App1 DNS
zone_id = data.aws_route53_zone.mydomain.zone_id
name = var.app1_dns_name
type = "A"
alias {
name = module.alb.dns_name
zone_id = module.alb.zone_id
evaluate_target_health = true
## App2 DNS
zone_id = data.aws_route53_zone.mydomain.zone_id
name = var.app2_dns_name
type = "A"
alias {
name = module.alb.dns_name
zone_id = module.alb.zone_id
evaluate_target_health = true
https://www.linkedin.com/in/azharsayyed1/
Step-08: Execute Terraform Commands
# Terraform Initialize
terraform init
# Terraform Validate
terraform validate
# Terraform Plan
terraform plan
# Terraform Apply
# Verify
Observation:
4. Verify ALB Listener - HTTP:80 - Should contain a redirect from HTTP to HTTPS
5.3 Fixed Response: any other errors or any other IP or valid DNS to this LB
6. Verify ALB Target Groups App1 and App2, Targets (should be healthy)
# Test (Domain will be different for you based on your registered domain)
# Note: All the below URLS shoud redirect from HTTP to HTTPS
# App1
https://www.linkedin.com/in/azharsayyed1/
2. App1 /app1/index.html: http://app1.devopsincloud.com/app1/index.html
# App2
Step-09: Clean-Up
# Terraform Destroy
# Delete files
rm -rf .terraform*
rm -rf terraform.tfstate*
https://www.linkedin.com/in/azharsayyed1/