- Open up your text editor and create a new CloudFormation template. We're going to require a VPC ID and some subnet IDs as Parameters. Add them to your template like this:
AWSTemplateFormatVersion: '2010-09-09'
Parameters:
VPCID:
Type: AWS::EC2::VPC::Id
Description: VPC where load balancer and instance will launch
SubnetIDs:
Type: List<AWS::EC2::Subnet::Id>
Description: Subnets where load balancer and instance will launch
(pick at least 2)
- Next we need to add some Mappings of ELB account IDs. These will make it easier for us to give the load balancer permission to write logs to an S3 bucket. Your mappings should look like this:
You can find the complete list of ELB account IDs here http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-access-logs.html#attach-bucket-policy.
Mappings:
ELBAccountMap:
us-east-1:
ELBAccountID: 127311923021
ap-southeast-2:
ELBAccountID: 783225319266
- We can now start adding Resources to our template. First we're going to create an S3 bucket and bucket policy for storing our load balancer logs. In order to make this template portable, we'll omit a bucket name, but for convenience we'll include the bucket name in our outputs so that CloudFormation will echo the name back to us.
Resources:
ExampleLogBucket:
Type: AWS::S3::Bucket
ExampleBucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket:
Ref: ExampleLogBucket
PolicyDocument:
Statement:
-
Action:
- "s3:PutObject"
Effect: "Allow"
Resource:
Fn::Join:
- ""
-
- "arn:aws:s3:::"
- Ref: ExampleLogBucket
- "/*"
Principal:
AWS:
Fn::FindInMap: [ ELBAccountMap, Ref: "AWS::Region",
ELBAccountID ]
- Next, we need to create a security group for our load balancer to reside in. This security group will allow inbound connections to port 80 (HTTP). To simplify this recipe, we'll leave out port 443 (HTTPS), but we'll briefly cover how to add this functionality later in this section. Since we're adding a public load balancer, we want to allow connections to it from everywhere (0.0.0.0/0). This is what our security group looks like:
ExampleELBSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Security Group for example ELB
SecurityGroupIngress:
-
IpProtocol: tcp
CidrIp: 0.0.0.0/0
FromPort: 80
ToPort: 80
- We now need to define a target group. Upon completion of this recipe, you can go ahead and register your instances in this group so that HTTP requests will be forwarded to it. Alternatively, you can attach the target group to an auto scaling group and AWS will take care of the instance registration and de-registration for you.
- The target group is where we specify the health checks our load balancer should perform against the target instances. This health check is necessary to determine if a registered instance should receive traffic. The example provided with this recipe includes these health-check parameters with the values all set to their defaults. Go ahead and tweak these to suit your needs, or, optionally, remove them if the defaults work for you.
ExampleTargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
Port: 80
Protocol: HTTP
HealthCheckIntervalSeconds: 30
HealthCheckProtocol: HTTP
HealthCheckPort: 80
HealthCheckPath: /
HealthCheckTimeoutSeconds: 5
HealthyThresholdCount: 5
UnhealthyThresholdCount: 2
Matcher:
HttpCode: '200'
VpcId:
Ref: VPCID
- We need to define at least one listener to be added to our load balancer. A listener will listen for incoming requests to the load balancer on the port and protocol we configure for it. Requests matching the port and protocol will be forwarded through to our target group.
The configuration of our listener is going to be reasonably simple. We're listening for HTTP requests on port 80. We're also setting up a default action for this listener, which will forward our requests to the target group we've defined before. There is a limit of 10 listeners per load balancer.
Currently, AWS only supports one action: forward.
ExampleListener:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
LoadBalancerArn:
Ref: ExampleLoadBalancer
DefaultActions:
- Type: forward
TargetGroupArn:
Ref: ExampleTargetGroup
Port: 80
Protocol: HTTP
- Finally, now that we have all Resources we need, we can go ahead and set up our load balancer. We'll need to define at least two subnets for it to live in—these are included as Parameters in our example template:
ExampleLoadBalancer:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
LoadBalancerAttributes:
- Key: access_logs.s3.enabled
Value: true
- Key: access_logs.s3.bucket
Value:
Ref: ExampleLogBucket
- Key: idle_timeout.timeout_seconds
Value: 60
Scheme: internet-facing
Subnets:
- Fn::Select: [ 0, Ref: SubnetIDs ]
- Fn::Select: [ 1, Ref: SubnetIDs ]
SecurityGroups:
- Fn::GetAtt: ExampleELBSecurityGroup.GroupId
- Lastly, we're going to add some Outputs to our template for convenience. We're particularly interested in the name of the S3 bucket we created and the URL of the load balancer.
Outputs:
ExampleELBURL:
Value:
Fn::Join:
- ''
- [ 'http://', { 'Fn::GetAtt': [ ExampleLoadBalancer,
DNSName ] }, '/' ]
ExampleLogBucket:
Value:
Ref: ExampleLogBucket