How to Deploy EC2 Instances with an Internal Load Balancer, and ACM SSL Certificate in AWS with Terraform

One of the benefits of using the public cloud is that you can use it as an extension of our data center and deploy internal applications (not exposed to the internet) using automation.

In this story, we will learn how to build several components to create a good foundation base to deploy high available internal web applications in AWS.

We will deploy:

• Amazon Linux EC2 Instances in multiple AZs
• An INTERNAL Application Load Balancer (ALB) to distribute the load between these EC2
• ALB Target Group and Listeners for HTTP and HTTPS protocols
• Register DNS Records in Route 53
• Create an SSL certificate using AWS Certificate Manager

If you are interested in deploying similar workloads for public applications, please look at this story → How to Deploy EC2 Instances in Multiple AZs, with a Load Balancer, and SSL Certificate in AWS with Terraform.

Prerequisite #1: AWS Credentials

Before creating our AWS EC2 Instance, we will need AWS Credentials to execute our Terraform code.

The AWS provider offers a few options for providing credentials for authentication:

• Static credentials
• Environment variables
• Shared credentials/configuration file

For this story, we will use static credentials. Please refer to the “How to create an IAM account and configure Terraform to use AWS static credentials?” story if you need help creating the credentials.

Note: Using static credentials are great for learning and testing; however, hard-coded credentials are not recommended in production environments. Never push hard-coded credentials to code repositories.

Prerequisite #2: AWS Key Pair

We will need an AWS Key Pair, consisting of a public key and a private key. The AWS Key Pair is a set of security credentials that we need to connect to an Amazon EC2 instance.