Applb is a tool to manage ELB v2(ALB). It defines the state of ELB v2(ALB) using DSL, and updates ELB v2(ALB) according to DSL.
Add this line to your application's Gemfile:
gem 'applb'And then execute:
$ bundle
Or install it yourself as:
$ gem install applb
export AWS_ACCESS_KEY_ID='...'
export AWS_SECRET_ACCESS_KEY='...'
export AWS_REGION='ap-northeast-1'
applb -e -o ALBfile # export ELB v2(ALB)
vi ALBFile
applb -a --dry-run
applb -a # apply `ALBfile` to ELB
Usage: applb [options]
-p, --profile PROIFILE_NAME
--credentials-path PATH
-k, --access-key ACCESS_KEY
-s, --secret-key SECRET_KEY
-r, --region REGION
-h, --help Show help
-v, --debug Show debug log
-a, --apply apply DSL
-e, --export export to DSL
-n, --dry-run dry run
-f, --file FILE use selected DSL file
-s, --split split export DSL file to 1 per VPC
--split-more
split export DSL file to 1 per load balancer
--no-color
no color
--use-bundled-cert
Use the certificates bundled with aws-sdk-ruby
-i, --include-names NAMES include ELB v2(ALB) names
-x, --exclude-names NAMES exclude ELB v2(ALB) names by regex
require 'other/albfile'
ec2 "vpc-XXXXXXXX" do
elb_v2 "my-app-load-balancer" do
subnets(
"subnet-XXXXXXXX",
"subnet-YYYYYYYY",
)
security_groups(
"sg-XXXXXXXX",
"sg-YYYYYYYY",
)
scheme("internet-facing") # internal or internet-facing
ip_address_type("ipv4") # ipv4 or dualstack
attributes do
# currently applb does not create bucket and set bucket policy.
# you must create and set bucket policy by yourself.
access_logs({
s3_enabled: false,
s3_bucket: nil,
s3_prefix: nil,
})
idle_timeout timeout_seconds: 60
deletion_protection enabled: false
end
target_groups do
target_group "my-target-group" do
protocol "HTTP" # HTTP or HTTPS
port 80
vpc_id "vpc-XXXXXXXX"
health_check_interval_seconds 30
health_check_path "/healthcheck"
health_check_port "traffic-port" # specify port number or use traffic-port which indicates the port on which each target receives traffic from the load balancer.
health_check_protocol "HTTP" # HTTP or HTTPS
health_check_timeout_seconds 5
healthy_threshold_count 5
unhealthy_threshold_count 2
matcher http_code: "200"
end
target_group "my-target-group2" do
protocol "HTTP"
port 80
vpc_id "vpc-XXXXXXXX"
health_check_interval_seconds 30
health_check_path "/healthcheck"
health_check_port "traffic-port"
health_check_protocol "HTTP"
health_check_timeout_seconds 5
healthy_threshold_count 5
unhealthy_threshold_count 2
matcher http_code: "200" # if needs multiple values set like 200,302 or 200-299
end
end
listeners do
# https sample
listener do
# if multiple certificates is needed, call certificates method multiple times.
# eg.
# certificates certificate_arn: "[certificate arn1]"
# certificates certificate_arn: "[certificate arn2]"
certificates certificate_arn: "arn:aws:acm:ap-northeast-1:XXXXXXXXXXXX:certificate/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
ssl_policy "ELBSecurityPolicy-2015-05"
port 443
protocol "HTTPS" # HTTP or HTTPS
default_actions(
target_group_name: "my-target-group", # set target_group_name defined above
# [optional]
# needs this to avoid unnecessary call of create_target_group.
target_group_arn: "arn:aws:elasticloadbalancing:ap-northeast-1:XXXXXXXXXXXX:targetgroup/my-target-group/XXXXXXXXXXXXXXXX",
type: "forward",
)
rules do
# no rules
end
end
# http sample
listener do
port 80
protocol "HTTP"
default_actions(
target_group_name: "my-target-group",
# [optional]
# needs this to avoid unnecessary call of create_target_group.
target_group_arn: "arn:aws:elasticloadbalancing:ap-northeast-1:XXXXXXXXXXXX:targetgroup/my-target-group/XXXXXXXXXXXXXXXX",
type: "forward",
)
rules do
rule do
# caution!
# rule_arn is needed to update rule_arn.
# after created rule_arn you are strongly recommended to write rule_arn.
rule_arn "arn:aws:elasticloadbalancing:ap-northeast-1:XXXXXXXXXXXX:listener-rule/app/my-app-load-balancer/XXXXXXXXXXXXXXXX/XXXXXXXXXXXXXXXX/XXXXXXXXXXXXXXXX"
# caution!
# currently priority is used by set_rule_priorities one by one.
# this means if priority is conflicted each other, applb fails to modify rule.
# so it is recommended to modify priority number that is not used yet.
priority "3"
actions(
target_group_name: "my-target-group2",
# [optional]
# needs this to avoid unnecessary call of create_target_group.
target_group_arn: "arn:aws:elasticloadbalancing:ap-northeast-1:XXXXXXXXXXXX:targetgroup/my-target-group2/XXXXXXXXXXXXXXXX",
type: "forward",
)
conditions(
field: "path-pattern",
values: ["/admin/*"], # * for 0 or more characters and ? for exactly 1 character
)
end
rule do
rule_arn "arn:aws:elasticloadbalancing:ap-northeast-1:XXXXXXXXXXXX:listener-rule/app/my-app-load-balancer/XXXXXXXXXXXXXXXX/XXXXXXXXXXXXXXXX/XXXXXXXXXXXXXXXX""
priority "4"
actions(
target_group_name: "my-target-group2",
# [optional]
# needs this to avoid unnecessary call of create_target_group.
target_group_arn: "arn:aws:elasticloadbalancing:ap-northeast-1:XXXXXXXXXXXX:targetgroup/my-target-group2/XXXXXXXXXXXXXXXX",
type: "forward",
)
conditions(
field: "path-pattern",
values: ["/user/*"],
)
end
end
end
end
end
endtemplate "target_groups" do
target_groups do
target_group "my-target-group" do
protocol "HTTP"
port context.port || 80 # use default 80 or override with context value
vpc_id "vpc-XXXXXXXX"
health_check_interval_seconds 30
health_check_path "/healthcheck"
health_check_port "traffic-port"
health_check_protocol "HTTP"
health_check_timeout_seconds 5
healthy_threshold_count 5
unhealthy_threshold_count 2
matcher http_code: "200"
end
end
ec2 "vpc-XXXXXXXXX" do
elb_v2 "my-app-load-balancer" do
subnets(
"subnet-XXXXXXXX",
"subnet-YYYYYYYY",
)
end
include_template "target_groups", port: 80
end
endset your AWS arn for spec/aws_config.yml.sample and rename to spec/aws_config.yml.
Bug reports and pull requests are welcome on GitHub at https://github.com/codenize-tools/applb.
The gem is available as open source under the terms of the MIT License.