Site Color

Text Color

Ad Color

Text Color





Sign Up to Save Your Colors


Configuring the new ALB Host based routing with terraform by@kensodev

Configuring the new ALB Host based routing with terraform

Avi Zurel HackerNoon profile picture

Avi Zurel

senior SRE and software engineer

Yesterday, Amazon announced a new feature for the application load balancer that has been a long time coming.

At Globality, we are using ALB to route traffic to our ECS cluster. We are using target groups to target our many micro-services.

This feature removed a lot of complexity in our routing system and I thought it’s worth a quick post on configuring this with terraform

The code

resource "aws_alb" "alb" {
name = "${}-alb-${var.environment}"
internal = true
security_groups = ["${var.security_group_id}"]
subnets = ["${split(",", var.subnet_ids)}"]
tags {
Environment = "${var.environment}"
resource "aws_alb_target_group" "alb_targets" {
count = "${length(keys(var.services_map))}"
name = "${element(values(var.services_map), count.index)}-${var.environment}"
port = "${element(keys(var.services_map), count.index)}"
protocol = "HTTP"
vpc_id = "${var.vpc_id}"
health_check {
healthy_threshold = 2
interval = 15
path = "/api/health"
timeout = 10
unhealthy_threshold = 2
tags {
Color = "${var.color}"
Service = "${element(values(var.services_map), count.index)}"
Tier = "${}"
Environment = "${var.environment}"
resource "aws_alb_listener" "alb_listener" {
count = "1"
load_balancer_arn = "${aws_alb.alb.arn}"
port = "${element(keys(var.services_map), count.index)}"
protocol = "HTTPS"
ssl_policy = "ELBSecurityPolicy-2015-05"
certificate_arn = "${var.ssl_certificate_arn}"
default_action {
target_group_arn = "${element(aws_alb_target_group.alb_targets.*.arn, 0)}"
type = "forward"
resource "aws_alb_listener_rule" "route_path" {
count = "${length(values(var.services_map))}"
listener_arn = "${aws_alb_listener.alb_listener.arn}"
priority = "${1 + count.index}"
action {
type = "forward"
target_group_arn = "${element(aws_alb_target_group.alb_targets.*.arn, count.index)}"
condition {
field = "host-header"
values = ["${element(values(var.services_map), count.index)}.${var.domain}"]
lifecycle {
ignore_changes = ["priority"]

As you can see, we are creating a single load balancer that has a single listener. This listener is the “default action” and can have many routing rules.

In the past, those rules consisted of path only, the new feature is adding host-header.

So, take our example. The default action is a single micro-service out of all our micro-services. Then, we add rules for the HTTP Host of all the other services and route the traffic to their target groups.

More than just a short code post

Really more than anything, this is a culture post. If you know you have pains in your system you need to always be looking for a solution and how you can make it better.

This feature came out yesterday and today we are already using it and converged out entire dev cluster.

This removed about 200 lines of code from our terraform repository and probably about the same amount from the scripts we use to manage and flip environments on deployment.

Hacker Noon is how hackers start their afternoons. We’re a part of the @AMIfamily. We are now accepting submissions and happy to discuss advertising & sponsorship opportunities.
To learn more, read our about page, like/message us on Facebook, or simply, tweet/DM @HackerNoon.
If you enjoyed this story, we recommend reading our latest tech stories and trending tech stories. Until next time, don’t take the realities of the world for granted!