AWS ALB Host Header-based Routing

As a lead DevOps engineer at AMJ Cloud Technologies, I designed and deployed a secure, scalable web infrastructure for TechPulse Solutions using Terraform. The solution features an Application Load Balancer (ALB) with host header-based routing for clientportal.techpulsesolutions.com, adminpanel.techpulsesolutions.com, and myapps.techpulsesolutions.com, integrated with a custom VPC, Route 53 DNS, and ACM certificates. My hands-on work ensured high availability, secure HTTPS traffic, and automated deployments for their customer-facing platform.

Situation

TechPulse Solutions needed a robust web infrastructure to route traffic to their ClientPortal and AdminPanel applications, along with a static response for myapps.techpulsesolutions.com, using a single ALB endpoint. Manual load balancer setups were inefficient and error-prone, prompting me to develop an Infrastructure-as-Code (IaC) solution to deliver scalability, security, and reproducibility for their platform.

Task

My goal was to create a Terraform-based infrastructure in AWS us-east-2 with:

• A custom VPC with public and private subnets, NAT Gateway, and Internet Gateway.
• Two EC2 instances each for ClientPortal and AdminPanel in private subnets, running Apache with custom user data.
• A bastion host in a public subnet for SSH access.
• Security groups: loadbalancer-sg (HTTP:80, HTTPS:443), private-sg (HTTP:80 from ALB), bastion-sg (SSH:22).
• An ALB with an HTTP listener (redirect to HTTPS) and an HTTPS listener routing clientportal.techpulsesolutions.com to ClientPortal, adminpanel.techpulsesolutions.com to AdminPanel, and myapps.techpulsesolutions.com to a fixed response.
• A wildcard ACM certificate (*.techpulsesolutions.com) with DNS validation via Route 53.
• Route 53 DNS records for myapps.techpulsesolutions.com, clientportal.techpulsesolutions.com, and adminpanel.techpulsesolutions.com.
• Best practices: modular Terraform files, consistent tagging, pinned module versions, dynamic AMI selection, and secure key management.
• Completion within three months.

Action

I implemented the following using Terraform, personally coding and testing the configurations to ensure a reliable solution:

Define Input Variables

• Example from variables.tf:

  variable "aws_region" {
    description = "AWS region"
    type        = string
    default     = "us-east-2"
  }
  variable "domain_name" {
    description = "Domain name for ALB routing"
    type        = string
    default     = "techpulsesolutions.com"
  }
  variable "target_group_names" {
    description = "Names of the target groups"
    type        = list(string)
    default     = ["ClientPortalTargetGroup", "AdminPanelTargetGroup"]
  }

Configure ALB Host Header Routing

• Example from alb.tf:

  module "alb" {
    source  = "terraform-aws-modules/alb/aws"
    version = "9.17.0"
    load_balancer_type = "application"
    vpc_id             = module.vpc.vpc_id
    subnets            = module.vpc.public_subnets
    security_groups    = [module.loadbalancer_sg.security_group_id]
    target_groups = [
      {
        name             = var.target_group_names[0]
        backend_protocol = "HTTP"
        backend_port     = 80
        target_type      = "instance"
        health_check = {
          path = "/clientportal/index.html"
        }
      },
      {
        name             = var.target_group_names[1]
        backend_protocol = "HTTP"
        backend_port     = 80
        target_type      = "instance"
        health_check = {
          path = "/adminpanel/index.html"
        }
      }
    ]
    http_tcp_listeners = [
      {
        port        = 80
        protocol    = "HTTP"
        action_type = "redirect"
        redirect = {
          port        = "443"
          protocol    = "HTTPS"
          status_code = "HTTP_301"
        }
      }
    ]
    https_listeners = [
      {
        port               = 443
        protocol           = "HTTPS"
        certificate_arn    = aws_acm_certificate.wildcard.arn
        action_type        = "forward"
        target_group_index = 0
      }
    ]
    https_listener_rules = [
      {
        https_listener_index = 0
        actions = [{
          type               = "forward"
          target_group_index = 0
        }]
      },
      {
        https_listener_index = 0
        actions = [{
          type               = "forward"
          target_group_index = 1
        }]
        conditions = [{
          host_headers = ["adminpanel.${var.domain_name}"]
        }]
      },
      {
        https_listener_index = 0
        actions = [{
          type        = "fixed-response"
          fixed_response = {
            content_type = "text/plain"
            message_body = "Welcome to TechPulse Solutions"
            status_code  = "200"
          }
        }]
        conditions = [{
          host_headers = ["myapps.${var.domain_name}"]
        }]
      }
    ]
    tags = {
      Owner       = "TechPulse"
      Environment = "prod"
      Project     = "ALBHostRouting"
    }
  }

Configure ClientPortal EC2 Instances

• Example from ec2instance-clientportal.tf:

  module "ec2_clientportal" {
    source  = "terraform-aws-modules/ec2-instance/aws"
    version = "6.0.2"
    name                   = "techpulse-clientportal"
    instance_count         = 2
    ami                    = data.aws_ami.amazon_linux.id
    instance_type          = var.instance_type
    subnet_id              = element(module.vpc.private_subnets, 0)
    vpc_security_group_ids = [module.private_sg.security_group_id]
    user_data              = file("clientportal-install.sh")
    tags = {
      Owner       = "TechPulse"
      Environment = "prod"
      Project     = "ALBHostRouting"
    }
  }

• Example from clientportal-install.sh:

  #!/bin/bash
  yum update -y
  yum install -y httpd
  systemctl start httpd
  systemctl enable httpd
  mkdir -p /var/www/html/clientportal
  echo "<h1>TechPulse Client Portal</h1>" > /var/www/html/clientportal/index.html
  echo "<h1>Client Portal Metadata</h1><p>Instance ID: $(curl -s http://169.254.169.254/latest/meta-data/instance-id)</p>" > /var/www/html/clientportal/metadata.html

Result

As part of AMJ Cloud Technologies’ Our team successfully delivered a secure, scalable web infrastructure for TechPulse Solutions:

• Deployment Automation: I automated ALB and EC2 provisioning using Terraform, streamlining deployment processes.
• Routing Accuracy: I configured and validated 100% accurate host header-based routing for clientportal.techpulsesolutions.com, adminpanel.techpulsesolutions.com, and myapps.techpulsesolutions.com.
• Secure Access: I implemented HTTPS with a wildcard ACM certificate, ensuring secure access across all domains.
• Accessibility: I set up and tested Route 53 DNS records, ensuring seamless resolution for all hostnames.

Technologies Used

• AWS Application Load Balancer
• AWS VPC
• AWS EC2
• AWS ACM
• AWS Route 53
• Terraform
• Amazon Linux 2

Key Takeaways

This project showcases my expertise as a DevOps engineer at AMJ Cloud Technologies in designing and implementing a secure, scalable ALB with host header-based routing using Terraform. By coding modular configurations, configuring precise routing rules, and integrating with Route 53 and ACM, I ensured efficient and reliable delivery for TechPulse Solutions’ platform.

Architectural Diagram

The diagram illustrates the custom VPC with public and private subnets, ALB with host header routing, ClientPortal and AdminPanel EC2 instances, bastion host, ACM wildcard certificate, and Route 53 DNS records.