Terraform templates for Amazon Route 53 Application Recovery Controller (ARC)

Overview

These three sample Terraform templates show you how to configure Amazon Route 53 Application Recovery Controller automatically. Please see Terraform's documentation for the AWS provider to learn more. In this guide, we will use the following Terraform/AWS resource categories:

1. Readiness checks: Readiness checks ensure that your recovery environment is scaled and configured to take over when needed.
2. Routing controls: You can use routing controls to rebalance traffic across application replicas during failures, to ensure that your application stays available.
3. DNS failover records: Route 53 DNS failover records that you configure with routing control health checks enable you to reroute traffic by using routing controls.

Demo App

The Terraform templates described here are specific to the TicTacToe demo application deployed with this CDK script. For more information about AWS Cloud Development Kit, go to the AWS CDK documentation.

Terraform templates

Listed below are the three sample Terraform templates:

• The first template configures readiness checks
• The second template configures routing controls and Route 53 routing control health checks
• The third template creates Route 53 DNS failover records for the routing control health checks.

Prerequisites

1. To use these Terraform templates, you must have a hosted zone on Route 53 (either public or private).

2. Before you run the Terraform templates, install the TicTacToe demo application by using the supplied CDK script.

Please make sure to install AWS CDK v2. The CDK scripts do not work with AWS CDK v1.

# Install CDK 2, if you haven't already done so 
npm install -g aws-cdk@next

# Download the CDK script that allows to deploy the app
wget https://r53-application-recovery-controller-terraform-app-iad.s3.amazonaws.com/tictactoe-infra-cdk-arc-terraform-templates.zip

unzip tictactoe-infra-cdk-arc-terraform-templates.zip

cd tictactoe-terraform/app

# first time only (one time operation)
npm install && cdk bootstrap 

# deploy the app 
cdk deploy --all --outputs-file ../out.json

The application deployment takes ~10 minutes to complete. The database stack creation might take up to 10 minutes. You will be prompted 3 times for confirmation (y/n?), always answer y. Three CloudFormation stacks are created :

• TictactoeAppCdkStack-us-east-1 : the application stack deployed in us-east-1region
• TictactoeAppCdkStack-us-west-2 : the application stack deployed in us-west-2region
• TictactoeDatabaseCdkStack : the database stack, it is a DynamoDB global table deployed in us-east-1 and us-west-2and shared by the two application stacks.

Now that the application is deployed, you are ready to deploy the Route 53 Application Recovery Controler (ARC) Terraform templates.

ℹ️ CDK output file

The TicTacToe CDK deployment script generates a file (out.json) that contains information about the resources that the script creates.

Terraform input variables

The Terraform templates expects the following parameters:

• AWS Regions: Regions where the TicTacToe AWS resources are deployed: us-east-1 and us-west-2

• DNS hosted zone: Update line 7 of the "arc_terraform/set-system-variables.sh" script with a value that corresponds to your AWS environment

• DNS domain name: Update line 8 of the "arc_terraform/set-system-variables.sh" script with a value that corresponds to your AWS environment

• Prefix of AWS resources: Terraform will create your new AWS resources with this prefix. Tf-TicTacToe is the default value. If you want to change it, update line 16 of the "arc_terraform/set-system-variables.sh" script

• Application-specific resources: The "arc_terraform/set-system-variables.sh" script parses the out.json file to automatically populate the following information for variables in the Terraform templates:

  • ARNs of the load balancers
  • DNS names of the load balancers
  • Hosted zone IDs of the load balancers
  • ARNs of the Auto Scaling groups
  • ARN of the global DynamoDB table

Readiness checks template

The Terraform Readiness Checks template creates the following resources to model the TicTacToe application in Application Recovery Controller:

• 2 cells, one for each AWS Region
• 1 recovery group, for the whole application
• 3 resource sets, one each for the load balancers, Auto Scaling groups, and DynamoDB table
• 3 readiness checks, one for each resource set

Routing control template

The Terraform Routing Controls template creates a cluster in Application Recovery Controller, along with other routing control infrastructure:

• 1 cluster
• 1 control panel
• 2 routing controls in us-east-1and us-west-1
• 1 safety rule, to ensure that at least one cell is active at all times
• 2 Route 53 routing control health checks

DNS failover records template

The Terraform DNS Records template can be used to configure the required Route 53 DNS failover records for the routing control health checks:

• An A ALIAS PRIMARY failover record: Points to the TicTacToe demo application load balancer deployed in us-east-1
• An A ALIAS SECONDARY failover record: Points to the TicTacToe demo application load balancer deployed in us-west-2

Both DNS records are associated with the corresponding health checks created earlier.

Step 1: Initialize the Terraform directory

The first step is to run the terraform init command only once to initialize the arc_terraform working directory, which contains Terraform configuration files. Open a terminal and type:

# assuming you're in the main directory of this project
cd arc_terraform

terraform init

Step 2: Run the Terraform templates

To help run the Terraform templates, I provide the "arc_terraform/0-create-route53-arc-components.sh" script. Open a terminal and type:

# assuming you're in the main directory of this project
cd arc_terraform

./0-create-route53-arc-components.sh

After a few minutes, Application Recovery Controller is fully configured. You can now use the Amazon Route53 Console to review the components.

Step 3: Turn on/turn off routing controls

Routing controls are simple on/off switches that manage traffic flow to the us-east-1 and us-west-2 cells in your recovery group. When a routing control state is ON, traffic flows to the cell controlled by that routing control.

After you run the Terraform templates, both routing controls are turned off. Follow the steps in the AWS documentation to turn one of the routing controls on by using the Amazon Route53 console or by using the AWS CLI

Step 4: Test the application

You are now ready to visit the application using the new DNS failover record. Check your hosted zone on the Amazon Route 53 console. Feel free to turn on and turn off one routing control at a time to see how the application traffic is rerouted to the healthy Region.

Happy testing!

Clean up

After you're done testing Application Recovery Controller, run the following script to clean up all of the Route 53 resources that you created:

# assuming you're in the main directory of this project
cd arc_terraform

./99-destroy-route53-arc-components.sh

Questions or feedback ?

You can reach Guillermo Tantachuco at tantag@amazon.com. Thank you.