CloudWiki

Amazon Web Service (AWS)

Target Group

Network
Target group is a logical grouping of EC2 instances that sits behind a load balancer where traffic is forward to, based on protocols and ports defined in a listener rule.
aws_lb_target_group
Target Group
attributes:
  • connection_termination - (Optional) Whether to terminate connections at the end of the deregistration timeout on Network Load Balancers. See doc for more information. Default is false.
  • deregistration_delay - (Optional) Amount time for Elastic Load Balancing to wait before changing the state of a deregistering target from draining to unused. The range is 0-3600 seconds. The default value is 300 seconds.
  • health_check - (Optional, Maximum of 1) Health Check configuration block. Detailed below.
  • lambda_multi_value_headers_enabled - (Optional) Whether the request and response headers exchanged between the load balancer and the Lambda function include arrays of values or strings. Only applies when target_type is lambda. Default is false.
  • load_balancing_algorithm_type - (Optional) Determines how the load balancer selects targets when routing requests. Only applicable for Application Load Balancer Target Groups. The value is round_robin or least_outstanding_requests. The default is round_robin.
  • name_prefix - (Optional, Forces new resource) Creates a unique name beginning with the specified prefix. Conflicts with name. Cannot be longer than 6 characters.
  • name - (Optional, Forces new resource) Name of the target group. If omitted, Terraform will assign a random, unique name.
  • port - (May be required, Forces new resource) Port on which targets receive traffic, unless overridden when registering a specific target. Required when target_type is instance, ip or alb. Does not apply when target_type is lambda.
  • preserve_client_ip - (Optional) Whether client IP preservation is enabled. See doc for more information.
  • protocol_version - (Optional, Forces new resource) Only applicable when protocol is HTTP or HTTPS. The protocol version. Specify GRPC to send requests to targets using gRPC. Specify HTTP2 to send requests to targets using HTTP/2. The default is HTTP1, which sends requests to targets using HTTP/1.1
  • protocol - (May be required, Forces new resource) Protocol to use for routing traffic to the targets. Should be one of GENEVE, HTTP, HTTPS, TCP, TCP_UDP, TLS, or UDP. Required when target_type is instance, ip or alb. Does not apply when target_type is lambda.
  • proxy_protocol_v2 - (Optional) Whether to enable support for proxy protocol v2 on Network Load Balancers. See doc for more information. Default is false.
  • slow_start - (Optional) Amount time for targets to warm up before the load balancer sends them a full share of requests. The range is 30-900 seconds or 0 to disable. The default value is 0 seconds.
  • stickiness - (Optional, Maximum of 1) Stickiness configuration block. Detailed below.
  • tags - (Optional) Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
  • target_type - (May be required, Forces new resource) Type of target that you must specify when registering targets with this target group. See doc for supported values. The default is instance.
  • Note that you can't specify targets for a target group using both instance IDs and IP addresses.
  • If the target type is ip, specify IP addresses from the subnets of the virtual private cloud (VPC) for the target group, the RFC 1918 range (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16), and the RFC 6598 range (100.64.0.0/10). You can't specify publicly routable IP addresses.
  • Network Load Balancers do not support the lambda target type.
  • Application Load Balancers do not support the alb target type.
  • ip_address_type (Optional, forces new resource) The type of IP addresses used by the target group, only supported when target type is set to ip. Possible values are ipv4 or ipv6.
  • vpc_id - (Optional, Forces new resource) Identifier of the VPC in which to create the target group. Required when target_type is instance, ip or alb. Does not apply when target_type is lambda.

health_check

Note:

The Health Check parameters you can set vary by the protocol of the Target Group. Many parameters cannot be set to custom values for network load balancers at this time. See http://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/API_CreateTargetGroup.html for a complete reference. Keep in mind, that health checks produce actual requests to the backend. The underlying function is invoked when target_type is set to lambda.

  • enabled - (Optional) Whether health checks are enabled. Defaults to true.
  • healthy_threshold - (Optional) Number of consecutive health checks successes required before considering an unhealthy target healthy. Defaults to 3.
  • interval - (Optional) Approximate amount of time, in seconds, between health checks of an individual target. Minimum value 5 seconds, Maximum value 300 seconds. For lambda target groups, it needs to be greater as the timeout of the underlying lambda. Default 30 seconds.
  • matcher (May be required) Response codes to use when checking for a healthy responses from a target. You can specify multiple values (for example, "200,202" for HTTP(s) or "0,12" for GRPC) or a range of values (for example, "200-299" or "0-99"). Required for HTTP/HTTPS/GRPC ALB. Only applies to Application Load Balancers (i.e., HTTP/HTTPS/GRPC) not Network Load Balancers (i.e., TCP).
  • path - (May be required) Destination for the health check request. Required for HTTP/HTTPS ALB and HTTP NLB. Only applies to HTTP/HTTPS.
  • port - (Optional) Port to use to connect with the target. Valid values are either ports 1-65535, or traffic-port. Defaults to traffic-port.
  • protocol - (Optional) Protocol to use to connect with the target. Defaults to HTTP. Not applicable when target_type is lambda.
  • timeout - (Optional) Amount of time, in seconds, during which no response means a failed health check. For Application Load Balancers, the range is 2 to 120 seconds, and the default is 5 seconds for the instance target type and 30 seconds for the lambda target type. For Network Load Balancers, you cannot set a custom value, and the default is 10 seconds for TCP and HTTPS health checks and 5 seconds for HTTP health checks.
  • unhealthy_threshold - (Optional) Number of consecutive health check failures required before considering the target unhealthy. For Network Load Balancers, this value must be the same as the healthy_threshold. Defaults to 3.

stickiness

NOTE:

Currently, an NLB (i.e., protocol of HTTP or HTTPS) can have an invalid stickiness block with type set to lb_cookie as long as enabled is set to false. However, please update your configurations to avoid errors in a future version of the provider: either remove the invalid stickiness block or set the type to source_ip.

  • cookie_duration - (Optional) Only used when the type is lb_cookie. The time period, in seconds, during which requests from a client should be routed to the same target. After this time period expires, the load balancer-generated cookie is considered stale. The range is 1 second to 1 week (604800 seconds). The default value is 1 day (86400 seconds).
  • cookie_name - (Optional) Name of the application based cookie. AWSALB, AWSALBAPP, and AWSALBTG prefixes are reserved and cannot be used. Only needed when type is app_cookie.
  • enabled - (Optional) Boolean to enable / disable stickiness. Default is true.
  • type - (Required) The type of sticky sessions. The only current possible values are lb_cookie, app_cookie for ALBs, and source_ip for NLBs.

Associating resources with a
Target Group
Resources do not "belong" to a
Target Group
Rather, one or more Security Groups are associated to a resource.
Create
Target Group
via Terraform:
The following HCL example creates a target group for an Application Load Balancer where it registers targets by instance ID (the target type is instance). This target group uses the HTTP protocol, port 80, and the default health check settings for an HTTP target group.
Syntax:

resource "aws_lb_target_group" "test" {
 name     = "tf-example-lb-tg"
 port     = 80
 protocol = "HTTP"
 vpc_id   = aws_vpc.main.id
}

resource "aws_vpc" "main" {
 cidr_block = "10.0.0.0/16"
}

Create
Target Group
via CLI:
Parametres:

create-target-group
--name <value>
[--protocol <value>]
[--protocol-version <value>]
[--port <value>]
[--vpc-id <value>]
[--health-check-protocol <value>]
[--health-check-port <value>]
[--health-check-enabled | --no-health-check-enabled]
[--health-check-path <value>]
[--health-check-interval-seconds <value>]
[--health-check-timeout-seconds <value>]
[--healthy-threshold-count <value>]
[--unhealthy-threshold-count <value>]
[--matcher <value>]
[--target-type <value>]
[--tags <value>]
[--ip-address-type <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
[--debug]
[--endpoint-url <value>]
[--no-verify-ssl]
[--no-paginate]
[--output <value>]
[--query <value>]
[--profile <value>]
[--region <value>]
[--version <value>]
[--color <value>]
[--no-sign-request]
[--ca-bundle <value>]
[--cli-read-timeout <value>]
[--cli-connect-timeout <value>]
[--cli-binary-format <value>]
[--no-cli-pager]
[--cli-auto-prompt]
[--no-cli-auto-prompt]

Example:

aws elbv2 create-target-group \
   --name my-targets \
   --protocol HTTP \
   --port 80 \
   --target-type instance \
   --vpc-id vpc-3ac0fb5f

Best Practices for
Target Group

Categorized by Availability, Security & Compliance and Cost

Warning
Ensure all hosts in the target group are in healthy state
No items found.
Warning
Ensure all hosts in the target group are in use
No items found.
Warning
Ensure targets groups use health checks
No items found.
Warning
Target group is in use by LB without any active targets
No items found.
Explore all the rules our platform covers
All Resources