AWS NLB with SOURCEIP stickiness #72

jaylong255 · 2025-01-24T23:52:44Z

No description provided.

jaylong255 · 2025-01-24T23:53:04Z

# Network Load Balancer
resource "aws_lb" "nlb" {
  name               = "citrix-nlb"
  internal           = false # Change to true if internal
  load_balancer_type = "network"
  subnets            = ["subnet-xxxxx", "subnet-yyyyy"] # Replace with your subnet IDs

  enable_deletion_protection = true

  enable_cross_zone_load_balancing = true
}

# NLB Target Group (pointing to ALB)
resource "aws_lb_target_group" "nlb_tg" {
  name        = "citrix-nlb-tg"
  port        = 80
  protocol    = "TCP"
  target_type = "alb"
  vpc_id      = "vpc-xxxxx" # Replace with your VPC ID

  # Enable source IP stickiness
  stickiness {
    enabled = true
    type    = "source_ip"
  }

  health_check {
    enabled             = true
    healthy_threshold   = 3
    interval           = 30
    port               = "traffic-port"
    protocol           = "TCP"
    unhealthy_threshold = 3
  }
}

# NLB Listener
resource "aws_lb_listener" "nlb_listener" {
  load_balancer_arn = aws_lb.nlb.arn
  port              = 80
  protocol          = "TCP"

  default_action {
    type             = "forward"
    target_group_arn = aws_lb_target_group.nlb_tg.arn
  }
}

# Application Load Balancer
resource "aws_lb" "alb" {
  name               = "citrix-alb"
  internal           = true # Internal since behind NLB
  load_balancer_type = "application"
  subnets            = ["subnet-xxxxx", "subnet-yyyyy"] # Replace with your subnet IDs
  security_groups    = ["sg-xxxxx"] # Replace with your security group ID

  enable_deletion_protection = true
}

# ALB Target Group
resource "aws_lb_target_group" "alb_tg" {
  name        = "citrix-alb-tg"
  port        = 80
  protocol    = "HTTP"
  target_type = "ip" # or "instance" depending on your setup
  vpc_id      = "vpc-xxxxx" # Replace with your VPC ID

  # Enable application-based stickiness
  stickiness {
    type            = "app_cookie"
    cookie_name     = "CitrixStoreFrontAuth" # Adjust cookie name as needed
    cookie_duration = 86400 # 24 hours
  }

  health_check {
    enabled             = true
    healthy_threshold   = 2
    interval           = 30
    path               = "/healthcheck" # Adjust path as needed
    port               = "traffic-port"
    timeout            = 5
    unhealthy_threshold = 2
    matcher            = "200"
  }
}

# ALB Listener
resource "aws_lb_listener" "alb_listener" {
  load_balancer_arn = aws_lb.alb.arn
  port              = 80
  protocol          = "HTTP"

  default_action {
    type = "fixed-response"
    fixed_response {
      content_type = "text/plain"
      message_body = "Not Found"
      status_code  = "404"
    }
  }
}

# ALB Listener Rule for Citrix StoreFront
resource "aws_lb_listener_rule" "storefront" {
  listener_arn = aws_lb_listener.alb_listener.arn
  priority     = 100

  action {
    type             = "forward"
    target_group_arn = aws_lb_target_group.alb_tg.arn
  }

  condition {
    path_pattern {
      values = ["/Citrix/*"] # Adjust path pattern as needed
    }
  }
}

# Register ALB as target in NLB target group
resource "aws_lb_target_group_attachment" "nlb_alb" {
  target_group_arn = aws_lb_target_group.nlb_tg.arn
  target_id        = aws_lb.alb.arn
  port             = 80
}

jaylong255 self-assigned this Jan 24, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

AWS NLB with SOURCEIP stickiness #72

AWS NLB with SOURCEIP stickiness #72

jaylong255 commented Jan 24, 2025

jaylong255 commented Jan 24, 2025

AWS NLB with SOURCEIP stickiness #72

AWS NLB with SOURCEIP stickiness #72

Comments

jaylong255 commented Jan 24, 2025

jaylong255 commented Jan 24, 2025