How to associate and disassociate a public SLB with an SAE application using Terraform - Serverless App Engine

After you deploy an application on the Serverless App Engine (SAE), you can associate the application with an Internet-facing Server Load Balancer (SLB) instance to implement Internet access. You can also associate the application with an internal-facing SLB instance to communicate with the other applications in the virtual private cloud (VPC) where your application resides. This topic describes how to use Terraform to associate an Internet-facing SLB instance with an SAE application and how to disassociate the SLB instance.

Note

You can run the sample code in this topic with one click. Run with one click

Prerequisites

An Alibaba Cloud account has full permissions on all resources that belong to this account. If the credentials of an Alibaba Cloud account are leaked, security risks may arise. We recommend that you use a Resource Access Management (RAM) user and create an AccessKey pair for the RAM user. For more information, seee Create a RAM user and Create an AccessKey pair.

Attach the following policy to the RAM user that you use to run commands in Terraform. The policy includes the minimum permissions required to run commands in Terraform. For more information, see Grant permissions to a RAM user.

This custom policy allows the RAM user to edit, create, delete, and configure SLB instances, and associate and disassociate them with SAE applications.

{
  "Version": "1",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "slb:DescribeLoadBalancers",
        "slb:DescribeLoadBalancerAttribute",
        "slb:CreateLoadBalancer",
        "slb:DeleteLoadBalancer",
        "slb:ModifyLoadBalancerInternetSpec",
        "slb:CreateLoadBalancerTCPListener",
        "slb:CreateLoadBalancerHTTPListener",
        "slb:CreateLoadBalancerHTTPSListener",
        "slb:DeleteLoadBalancerListener",
        "slb:SetLoadBalancerStatus",
        "sae:BindSlb",
        "sae:UnbindSlb"
      ],
      "Resource": "*"
    }
  ]
}

Prepare the Terraform environment. You can use one of the following methods to use Terraform:
- Terraform is available as a managed service in ROS. You can deploy Terraform templates in the ROS console. For more details, see Create a Terraform stack.
- Use Terraform in Terraform Explorer: Alibaba Cloud provides an online runtime environment for Terraform. You can log on to the Terraform Explorer environment to use Terraform without the need to install Terraform. This method is suitable for scenarios where you need to use and debug Terraform in a zero-cost, efficient, and convenient manner.
- Use Terraform in Cloud Shell: Terraform is preinstalled in Cloud Shell and identity credentials are configured. You can directly run Terraform commands in Cloud Shell. This method is suitable for scenarios in which you want to use and debug Terraform in a fast and convenient manner at low costs.
- Install and configure Terraform locally: This method is suitable for scenarios with limited network connectivity or in which a tailored development environment is necessary.

Resources

alicloud_sae_namespace: Creates and manages SAE namespaces.
alicloud_security_group: Creates and manages security groups.
alicloud_security_group_rule: Creates and manages security group rules.
alicloud_sae_application: Creates and manages SAE applications.
alicloud_slb_load_balancer: Creates and manages SLBs.
alicloud_sae_load_balancer_internet: Configures the Internet SLB for SAE applications.

Create an application and associate the application with an SLB instance

This section describes how to use an image to deploy an application, manually configure the application, and then associate the application with an SLB instance. The China (Shenzhen) region is used in this example.

Create a project folder named terraform to store Terraform resources.
Run the following command to got to the project directory:
```
cd terraform
```

Create a configuration file named main.tf.

Sample code:

# Provider configuration
provider "alicloud" {
  region = var.region_id
}

# Variable definitions
variable "region_id" {
  type    = string
  default = "cn-shenzhen"
}

variable "app_name" {
  description = "Application name"
  type        = string
  default     = "app-slb"
}

variable "image_url" {
  description = "Image URL"
  type        = string
  default     = "registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-slim:0.9"
}

variable "namespace_id" {
  description = "Namespace ID"
  type        = string
  default     = "cn-shenzhen:demo"
}

variable "namespace_name" {
  description = "Namespace name"
  type        = string
  default     = "demo"
}

# Namespace
resource "alicloud_sae_namespace" "default" {
  namespace_description = var.namespace_description
  namespace_id          = var.namespace_id
  namespace_name        = var.namespace_name
}

# VPC
resource "alicloud_vpc" "default" {
  vpc_name   = var.name
  cidr_block = "10.4.0.0/16"
}

# VSwitch
resource "alicloud_vswitch" "default" {
  vswitch_name = var.name
  cidr_block   = "10.4.0.0/24"
  vpc_id       = alicloud_vpc.default.id
  zone_id      = var.zone_id
}

# Security group
resource "alicloud_security_group" "sg" {
  name        = var.name
  description = var.description
  vpc_id      = alicloud_vpc.default.id
}

resource "alicloud_security_group_rule" "sg_rule" {
  type              = "ingress"
  ip_protocol       = "tcp"
  nic_type          = "intranet"
  policy            = "accept"
  port_range        = var.port_range
  priority          = 1
  security_group_id = alicloud_security_group.sg.id
  cidr_ip           = var.cidr_ip
}

# Application configuration
resource "alicloud_sae_application" "manual" {
  app_name          = var.app_name
  app_description   = var.app_description
  deploy            = true
  image_url         = var.image_url
  namespace_id      = alicloud_sae_namespace.default.id
  vswitch_id        = alicloud_vswitch.default.id
  vpc_id            = alicloud_vpc.default.id
  security_group_id = alicloud_security_group.sg.id
  package_type      = var.package_type
  timezone          = "Asia/Beijing"
  replicas          = var.replicas
  cpu               = var.cpu
  memory            = var.memory
}

# SLB configuration
resource "alicloud_slb_load_balancer" "slb" {
  load_balancer_name = "prod"
  address_type       = "internet"
  load_balancer_spec = "slb.s2.small"
  vswitch_id         = alicloud_vswitch.default.id
}

resource "alicloud_sae_load_balancer_internet" "example" {
  app_id          = alicloud_sae_application.manual.id
  internet_slb_id = alicloud_slb_load_balancer.slb.id
  internet {
    protocol    = "HTTP"
    port        = var.port
    target_port = 80
  }
}

# Other variable definitions
variable "namespace_description" {
  description = "Namespace Description"
  default     = "a namespace"
}

variable "name" {
  default     = "tf"
  description = "The name of the security group rule"
  type        = string
}

variable "description" {
  default     = "The description of the security group rule"
  description = "The description of the security group rule"
  type        = string
}

variable "port_range" {
  default     = "1/65535"
  description = "The port range of the security group rule"
  type        = string
}

variable "cidr_ip" {
  description = "CIDR blocks used to create a new security group rule"
  type        = string
  default     = "0.0.0.0/0"
}

variable "zone_id" {
  description = "Availability Zone ID"
  type        = string
  default     = "cn-shenzhen-a"
}

variable "app_description" {
  default     = "Description created by Terraform"
  description = "The description of the application"
  type        = string
}

variable "package_type" {
  default     = "Image"
  description = "The package type of the application"
  type        = string
}

variable "cpu" {
  default     = "500"
  description = "The CPU of the application, in unit of millicore"
  type        = string
}

variable "memory" {
  default     = "1024"
  description = "The memory of the application, in unit of MB"
  type        = string
}

variable "replicas" {
  default     = "1"
  description = "The replicas of the application"
  type        = string
}

variable "port" {
  description = "The port of SLB"
  type        = string
  default     = "8000"
}

# Outputs
output "namespace_id" {
  value       = var.namespace_id
  description = "Namespace ID"
}

output "app_id" {
  description = "The ID of the application"
  value       = alicloud_sae_application.manual.id
}

output "app_name" {
  description = "The name of the application"
  value       = var.app_name
}

output "endpoint" {
  value = format("http://%s:%s", alicloud_slb_load_balancer.slb.address, var.port)
}

Run the following command to initialize the configurations:
```
terraform init
```
Expected output:
Perform the following steps to create an application:
1. Run the following command to deploy the application.During execution, enter yes as prompted and press Enter. Wait until the command execution is completed. If the following information is returned, the authorization is complete:
```
terraform apply
```
  Expected output:
The application app-slb is created and associated with the SLB instance. The IP address and port of the SLB instance are displayed in the output.
Verify the result:
Run the terraform show command
Run the following command to query the details of the resources created by using Terraform:
```
terraform show
```
Browser access screenshot
Enter the IP address and port of the SLB instance in the browser, such as http://121.43.XXX.XX:8000. Press Enter to go to the homepage of the application.

Disassociate the SLB instance and delete the application

This section describes how to disassociate the SLB instance from an application and delete the application. The app-slb application in the China (Shenzhen) region is used in this example.

Run the following command in the project directory to execute the configuration file:
```
terraform destroy
```
Expected output:
The SLB instance is disassociated and the app-slb application is deleted.

Complete sample code