AWS Network Load Balancer with TCP and TLS Listeners Using Terraform

At StratoSync Solutions, we deployed a scalable web infrastructure for TechNova Enterprises’ Portal application using an AWS Network Load Balancer (NLB) with TCP (port 80) and TLS (port 443) listeners, integrated with Route 53 DNS (nlb.technovaenterprises.com). This Terraform-based solution includes a custom VPC, autoscaling with CPU-based policies and scheduled actions, and SNS notifications, ensuring high availability, performance, and secure traffic routing for their customer-facing platform.

Situation

TechNova Enterprises required a scalable infrastructure for their Portal application to handle dynamic customer traffic. Manual load balancer configurations were complex, unscalable, and lacked consistent security. They needed a solution with both TCP and TLS support, autoscaling for traffic spikes, SNS notifications for instance events, and DNS integration, all managed through Infrastructure as Code (IaC) for automation and reliability.

Task

The objective was to create a Terraform-based infrastructure in AWS us-east-2 with:

• A custom VPC with public and private subnets, NAT Gateway, and Internet Gateway.
• An NLB with TCP (port 80) and TLS (port 443) listeners, routing to Portal at /portal/*.
• An ACM certificate for nlb.technovaenterprises.com registered in Route 53.
• Two launch templates: a base template (10 GB EBS) and a Portal-specific template (15 GB EBS, HTTPD user data).
• An Auto Scaling Group (ASG) with 2/2/10 desired/min/max capacity, SNS notifications to ops@technovaenterprises.com, CPU-based Target Tracking Scaling Policy (TTSP) at 50%, and scheduled actions (8 instances at 7 AM, 2 at 5 PM EST).
• Support for launch template updates (e.g., EBS to 20 GB) with instance refresh.
• Modular files, consistent tagging, pinned module versions, dynamic AMI selection, and secure key management.
• Completion within three months.

Action

We implemented the following using Terraform:

Define Input Variables

• Example from variables.tf:

  variable "aws_region" {
    description = "AWS region"
    type        = string
    default     = "us-east-2"
  }
  variable "nlb_name" {
    description = "Name of the NLB"
    type        = string
    default     = "technova-nlb"
  }
  variable "target_group_names" {
    description = "Names of the target groups"
    type        = list(string)
    default     = ["PortalTargetGroup"]
  }

Configure NLB

• Example from nlb.tf:

  resource "aws_lb" "nlb" {
    name               = var.nlb_name
    load_balancer_type = "network"
    subnets            = module.vpc.public_subnets
    enable_cross_zone_load_balancing = true
    tags = {
      Owner       = "TechNova"
      Environment = "prod"
      Project     = "Portal"
    }
  }
  resource "aws_lb_target_group" "portal_tg" {
    name        = var.target_group_names[0]
    port        = 80
    protocol    = "TCP"
    vpc_id      = module.vpc.vpc_id
    health_check {
      path = "/portal/index.html"
    }
  }
  resource "aws_lb_listener" "tcp" {
    load_balancer_arn = aws_lb.nlb.arn
    port              = 80
    protocol          = "TCP"
    default_action {
      type             = "forward"
      target_group_arn = aws_lb_target_group.portal_tg.arn
    }
  }
  resource "aws_lb_listener" "tls" {
    load_balancer_arn = aws_lb.nlb.arn
    port              = 443
    protocol          = "TLS"
    certificate_arn   = aws_acm_certificate.nlb_cert.arn
    default_action {
      type             = "forward"
      target_group_arn = aws_lb_target_group.portal_tg.arn
    }
  }

Create Launch Template

• Example from launch-template.tf:

  resource "aws_launch_template" "portal_launch_template" {
    name          = "technova-portal"
    image_id      = data.aws_ami.amazon_linux.id
    instance_type = var.instance_type
    user_data     = base64encode(file("portal-install.sh"))
    tags = {
      Owner       = "TechNova"
      Environment = "prod"
      Project     = "Portal"
    }
  }

• Example from portal-install.sh:

  #!/bin/bash
  yum update -y
  yum install -y httpd
  systemctl start httpd
  systemctl enable httpd
  mkdir -p /var/www/html/portal
  echo "<h1>Welcome to TechNova Portal</h1>" > /var/www/html/portal/index.html

Result

The project delivered a scalable and secure infrastructure for TechNova Enterprises’ Portal application:

• Deployment Automation: Fully automated NLB and ASG provisioning via Terraform.
• Availability Improvement: 99.9% uptime with autoscaling and NLB.
• Scaling Efficiency: CPU-based TTSP (50%) and scheduled actions (8 instances at 7 AM, 2 at 5 PM EST).
• Secure Access: TLS-enabled access via nlb.technovaenterprises.com.
• Notifications: SNS emails to ops@technovaenterprises.com.
• Extensibility: Launch template updates with instance refresh.

Technologies Used

• AWS Network Load Balancer
• AWS VPC
• AWS EC2
• AWS Auto Scaling
• AWS ACM
• AWS Route 53
• AWS SNS
• Terraform
• Amazon Linux 2

Key Takeaways

This project showcases StratoSync Solutions’ expertise in using Terraform to deliver a scalable, secure NLB-based infrastructure with TCP and TLS listeners for TechNova Enterprises, ensuring reliable and secure traffic routing for their Portal application.

Architectural Diagram