Modifying NLB for ALB to try HTTP health checks on ECS between target…

… group and the app
thisisqubika · Apr 6, 2024 · 47af1bf · 47af1bf
1 parent 803ffd4
commit 47af1bf
Showing 1 changed file with 28 additions and 33 deletions.
diff --git a/terraform/main.tf b/terraform/main.tf
@@ -58,10 +58,23 @@ resource "aws_route_table_association" "vectorstore_rta" {
 
 
 
+# resource "aws_lb" "vectorstore_nlb" {
+# name = "vectorstore-nlb"
+# internal = true #INTERNAL NLB, ONLY ACCESSIBLE VIA VPC LINK
+# load_balancer_type = "network"
+# subnets = [aws_subnet.vectorstore_subnet.id]
+# enable_deletion_protection = false
+
+# tags = {
+# Name = "vectorstore_nlb"
+# }
+# }
+
+
 resource "aws_lb" "vectorstore_nlb" {
  name = "vectorstore-nlb"
  internal = true #INTERNAL NLB, ONLY ACCESSIBLE VIA VPC LINK
- load_balancer_type = "network"
+ load_balancer_type = "application"
  subnets = [aws_subnet.vectorstore_subnet.id]
  enable_deletion_protection = false
 
@@ -70,6 +83,8 @@ resource "aws_lb" "vectorstore_nlb" {
  }
 }
 
+
+
 # resource "aws_lb_target_group" "vectorstore_tg" {
 # name = "vectorstore-tg"
 # port = 19530
@@ -104,9 +119,10 @@ resource "aws_security_group" "nlb_sg" {
 # }
 
 # port for ECS fargate container API:
+# 19531
  ingress {
- from_port = 19531 
- to_port = 19531 
+ from_port = 80 #http traffic from ALB
+ to_port = 80 
  protocol = "tcp"
  cidr_blocks = ["0.0.0.0/0"]
  }
@@ -149,15 +165,15 @@ resource "aws_security_group" "milvus_sg_api" {
 
 
 
-# Modify your EC2 instance security group to only allow traffic from the NLB security group
-resource "aws_security_group_rule" "allow_nlb_to_ec2" {
- type = "ingress"
- from_port = 19530
- to_port = 19530
- protocol = "tcp"
- security_group_id = aws_security_group.milvus_sg_api.id
- source_security_group_id = aws_security_group.nlb_sg.id
-}
+# # Modify your EC2 instance security group to only allow traffic from the NLB security group
+# resource "aws_security_group_rule" "allow_nlb_to_ec2" {
+#  type = "ingress"
+#  from_port = 19530
+#  to_port = 19530
+#  protocol = "tcp"
+#  security_group_id = aws_security_group.milvus_sg_api.id
+#  source_security_group_id = aws_security_group.nlb_sg.id
+# }
 
 resource "aws_instance" "milvus_instance" {
  ami = var.ami
@@ -181,27 +197,6 @@ resource "aws_instance" "milvus_instance" {
 }
 
 
-# resource "aws_instance" "milvus_instance" {
-# ami = var.ami
-# instance_type = var.instance_type
-# key_name = var.key_name
-# subnet_id = aws_subnet.vectorstore_subnet.id
-# vpc_security_group_ids = [aws_security_group.milvus_sg_api.id]
-# associate_public_ip_address = true // This line assigns a public IP address to your instance
-
-# user_data = file("${path.module}/../create-milvus.sh")
-
-# root_block_device {
-# volume_size = 30
-# }
-
-# tags = {
-# Name = "Milvus-db-for-api"
-# }
-# }
-
-
-
 # create SSMRoleForEC2 that the EC2 instance needs to assume to connect via System Manager , instead of via SSH
 
 resource "aws_iam_role" "ssm_role" {