Network Load Balancer (L4)

aws-nlb — Network Load Balancer

Layer-4 Network Load Balancer with TCP/UDP/TLS listeners and target groups — drop-in for ultra-low-latency, high-throughput, or static-IP workloads (databases, game servers, MQTT/gRPC backends, anything that needs the client's real source IP). Define target groups and listeners as simple maps; the module wires each listener's default forward action to its target group. Hand it an ACM certificate on a TLS listener and the NLB terminates TLS with a modern TLS 1.3 (1.2-floor) policy.

Self-contained networking: omit subnet_ids and the module discovers every subnet in the account's default VPC (and derives the VPC for the target groups), so a throwaway NLB applies with nothing but a name. Pin explicit subnets for real deployments.

Works with Terraform and OpenTofu (>= 1.6), AWS provider >= 6.0, < 7.0.

Cost

An NLB bills per hour plus NLCU (new connections, active connections, processed bytes). This module creates exactly one NLB regardless of how many target groups/listeners you define; idle, with no targets, it is the hourly charge only (~$0.0225/hr in most regions).

Requirements

• Terraform or OpenTofu >= 1.6
• hashicorp/aws >= 6.0, < 7.0

Verification

Static-validated (fmt, validate, tflint). Live apply/destroy testing pending cloud sandbox availability — see catalog status.

License

Commercial — IaC Bazaar EULA. © IaC Bazaar. Original work (not derived from a third-party module).