Skip to main content

AWS Gateway Load Balancer Module

This module creates a single Gateway Load Balancer (GWLB). Routes from other VPCs can direct traffic towards the GWLB through the use of a separate module gwlb_endpoint_set.

GitHub Logo Terraform Logo

Attaching new targets to the pre-existing GWLB

This module is not intended to be used to attach extra tagets to a pre-exising Gateway Load Balancer and its Target Group. Instead, use this snippet:

resource aws_lb_target_group_attachment this {
target_group_arn = aws_lb_target_group.this.arn
target_id =



terraform>= 1.0.0, < 2.0.0
aws~> 5.17


aws~> 5.17


No modules.


aws_caller_identity.currentdata source
aws_partition.thisdata source


acceptance_requiredWhether or not VPC endpoint connection requests to the service must be accepted by the service owner - true or falseboolfalseno
allowed_principalsList of AWS Principal ARNs who are allowed access to the GWLB Endpoint Service. For example ["arn:aws:iam::123456789000:root"].list(string)[]no
deregistration_delaySee the aws provider documentation.numbernullno
enable_lb_deletion_protectionWhether to enable deletion protection on the gateway loadbalancer.boolfalseno
endpoint_service_tagsMap of AWS tags to apply to the created GWLB Endpoint Service. These tags are applied after the{}no
global_tagsMap of AWS tags to apply to all the created{}no
health_check_enabledSee the aws provider documentation.boolnullno
health_check_intervalApproximate amount of time, in seconds, between health checks of an individual target. Minimum 5 and maximum 300 seconds.number5no
health_check_matcherSee the aws provider documentation.stringnullno
health_check_pathSee the aws provider documentation.stringnullno
health_check_portThe port on a target to which the load balancer sends health checks.number80no
health_check_protocolProtocol to use when communicating with health_check_port. Either HTTP, HTTPS, or TCP.string"TCP"no
health_check_timeoutAfter how many seconds to consider the health check as failed without a response. Minimum 2 and maximum 120. Required to be null when health_check_protocol is TCP.numbernullno
healthy_thresholdThe number of successful health checks required before an unhealthy target becomes healthy. Minimum 2 and maximum 10.number3no
lb_tagsMap of AWS tags to apply to the created Load Balancer object. These tags are applied after the{}no
lb_target_group_tagsMap of AWS tags to apply to the created GWLB Target Group. These tags are applied after the{}no
nameName of the created GWLB. Must be unique per AWS region per AWS account.stringn/ayes
stickiness_typeIf stickiness_type is null, then attribute enabled is set to false in stickiness configuration block,
value provided in type is ignored and by default the Gateway Load Balancer uses 5-tuple to maintain flow stickiness to a specific target appliance.
If stickiness_type is not null, then attribute enabled is set to true in stickiness configuration block
and the stickiness type can be then customized by using value:
- source_ip_dest_ip_proto for 3-tuple (Source IP, Destination IP and Transport Protocol)
- source_ip_dest_ip for 2-tuple (Source IP and Destination IP)
subnetsMap of subnets where to create the GWLB. Each map's key is the availability zone name and each map's object has an attribute
id identifying AWS subnet.
Example for users of module subnet_set:
subnets = module.subnet_set.subnets
subnets = {
"us-east-1a" = { id = "snet-123007" }
"us-east-1b" = { id = "snet-123008" }
id = string
target_instancesMap of instances to attach to the GWLB Target Group.
id = string
tg_nameName of the created Target Group for GWLB. If not set, then value of variable name is used.stringnullno
unhealthy_thresholdThe number of failed health checks required before a healthy target becomes unhealthy. Minimum 2 and maximum 10.number3no
vpc_idAWS identifier of a VPC containing the Endpoint.stringn/ayes