Modifying NLB for ALB to try HTTP health checks on ECS between target group and the app

Miguel Elhaiek · Miguel Elhaiek · commit 47af1bf7519d · 2024-04-06T01:18:02.000-03:00
diff --git a/terraform/main.tf b/terraform/main.tf
@@ -58,10 +58,23 @@ resource "aws_route_table_association" "vectorstore_rta" {
 
 
 
+# resource "aws_lb" "vectorstore_nlb" {
+#   name               = "vectorstore-nlb"
+#   internal           = true #INTERNAL NLB, ONLY ACCESSIBLE VIA VPC LINK
+#   load_balancer_type = "network"
+#   subnets            = [aws_subnet.vectorstore_subnet.id]
+#   enable_deletion_protection = false
+
+#   tags = {
+#     Name = "vectorstore_nlb"
+#   }
+# }
+
+
 resource "aws_lb" "vectorstore_nlb" {
   name               = "vectorstore-nlb"
   internal           = true #INTERNAL NLB, ONLY ACCESSIBLE VIA VPC LINK
-  load_balancer_type = "network"
+  load_balancer_type = "application"
   subnets            = [aws_subnet.vectorstore_subnet.id]
   enable_deletion_protection = false
 
@@ -70,6 +83,8 @@ resource "aws_lb" "vectorstore_nlb" {
   }
 }
 
+
+
 # resource "aws_lb_target_group" "vectorstore_tg" {
 #   name     = "vectorstore-tg"
 #   port     = 19530
@@ -104,9 +119,10 @@ resource "aws_security_group" "nlb_sg" {
 #   }
 
 # port for ECS fargate container API:
+# 19531
   ingress {
-    from_port   = 19531  
-    to_port     = 19531  
+    from_port   = 80  #http traffic from ALB
+    to_port     = 80  
     protocol    = "tcp"
     cidr_blocks = ["0.0.0.0/0"]
   }
@@ -149,15 +165,15 @@ resource "aws_security_group" "milvus_sg_api" {
 
 
 
-# Modify your EC2 instance security group to only allow traffic from the NLB security group
-resource "aws_security_group_rule" "allow_nlb_to_ec2" {
-  type                     = "ingress"
-  from_port                = 19530
-  to_port                  = 19530
-  protocol                 = "tcp"
-  security_group_id        = aws_security_group.milvus_sg_api.id
-  source_security_group_id = aws_security_group.nlb_sg.id
-}
+# # Modify your EC2 instance security group to only allow traffic from the NLB security group
+# resource "aws_security_group_rule" "allow_nlb_to_ec2" {
+#   type                     = "ingress"
+#   from_port                = 19530
+#   to_port                  = 19530
+#   protocol                 = "tcp"
+#   security_group_id        = aws_security_group.milvus_sg_api.id
+#   source_security_group_id = aws_security_group.nlb_sg.id
+# }
 
 resource "aws_instance" "milvus_instance" {
   ami                         = var.ami
@@ -181,27 +197,6 @@ resource "aws_instance" "milvus_instance" {
 }
 
 
-# resource "aws_instance" "milvus_instance" {
-#   ami                         = var.ami
-#   instance_type               = var.instance_type
-#   key_name                    = var.key_name
-#   subnet_id                   = aws_subnet.vectorstore_subnet.id
-#   vpc_security_group_ids      = [aws_security_group.milvus_sg_api.id]
-#   associate_public_ip_address = true // This line assigns a public IP address to your instance
-
-#   user_data = file("${path.module}/../create-milvus.sh")
-
-#   root_block_device {
-#     volume_size = 30
-#   }
-
-#   tags = {
-#     Name = "Milvus-db-for-api"
-#   }
-# }
-
-
-
 # create SSMRoleForEC2 that the EC2 instance needs to assume to connect via System Manager , instead of via SSH
 
 resource "aws_iam_role" "ssm_role" {
