Yandex Cloud
Search
Contact UsGet started
  • Pricing
  • Customer Stories
  • Documentation
  • Blog
  • All Services
  • System Status
    • Featured
    • Infrastructure & Network
    • Data Platform
    • Containers
    • Developer tools
    • Serverless
    • Security
    • Monitoring & Resources
    • AI Studio
    • Business tools
  • All Solutions
    • By industry
    • By use case
    • Economics and Pricing
    • Security
    • Technical Support
    • Start testing with double trial credits
    • Cloud credits to scale your IT product
    • Gateway to Russia
    • Cloud for Startups
    • Education and Science
    • Yandex Cloud Partner program
  • Pricing
  • Customer Stories
  • Documentation
  • Blog
© 2025 Direct Cursus Technology L.L.C.
Yandex Network Load Balancer
  • Getting started
    • All tutorials
    • Architecture and protection of a basic internet service
    • Implementing fault-tolerant scenarios for NAT VMs
    • Configuring a fault-tolerant architecture in Yandex Cloud
      • Overview
      • Management console
      • Terraform
    • Updating an instance group under load
    • Integrating Cloud DNS and a corporate DNS service
    • Connecting to Object Storage from Virtual Private Cloud
    • Connecting to Container Registry from Virtual Private Cloud
    • Implementing a secure high-availability network infrastructure with a dedicated DMZ based on the Check Point NGFW
    • Deploying Microsoft Exchange
    • Deploying an Always On availability group with an internal network load balancer
  • Access management
  • Pricing policy
  • Terraform reference
  • Monitoring metrics
  • Audit Trails events
  • Release notes
  • FAQ

In this article:

  • Get your cloud ready
  • Required paid resources
  • Create your infrastructure
  • Upload the website files
  • Test the fault tolerance
  • How to delete the resources you created
  1. Tutorials
  2. Fault-tolerant website with load balancing via a Network Load Balancer
  3. Terraform

Fault-tolerant website with load balancing via Yandex Network Load Balancer using Terraform

Written by
Yandex Cloud
Updated at June 9, 2025
  • Get your cloud ready
    • Required paid resources
  • Create your infrastructure
  • Upload the website files
  • Test the fault tolerance
  • How to delete the resources you created

To create a fault-tolerant website with load balancing via Yandex Network Load Balancer using Terraform:

  1. Get your cloud ready.
  2. Create your infrastructure.
  3. Upload the website files.
  4. Test the fault tolerance.

If you no longer need the resources you created, delete them.

Get your cloud readyGet your cloud ready

Sign up in Yandex Cloud and create a billing account:

  1. Navigate to the management console and log in to Yandex Cloud or register a new account.
  2. On the Yandex Cloud Billing page, make sure you have a billing account linked and it has the ACTIVE or TRIAL_ACTIVE status. If you do not have a billing account, create one and link a cloud to it.

If you have an active billing account, you can navigate to the cloud page to create or select a folder for your infrastructure to operate in.

Learn more about clouds and folders.

Required paid resourcesRequired paid resources

The website support cost includes:

  • Fee for disks and continuously running VMs (see Yandex Compute Cloud pricing).
  • Fee for using dynamic or static public IP addresses (see Yandex Virtual Private Cloud pricing).
  • Fee for a network load balancer and traffic balancing (see Network Load Balancer pricing).

Create your infrastructureCreate your infrastructure

With Terraform, you can quickly create a cloud infrastructure in Yandex Cloud and manage it using configuration files. These files store the infrastructure description written in HashiCorp Configuration Language (HCL). If you change the configuration files, Terraform automatically detects which part of your configuration is already deployed, and what should be added or removed.

Terraform is distributed under the Business Source License. The Yandex Cloud provider for Terraform is distributed under the MPL-2.0 license.

For more information about the provider resources, see the documentation on the Terraform website or its mirror.

To create an infrastructure using Terraform:

  1. Install Terraform, get the authentication credentials, and specify the Yandex Cloud provider installation source (see Configure a provider, step 1).

  2. Prepare your infrastructure description files:

    Ready-made configuration
    Manually
    1. Clone the repository with configuration files:

      git clone https://github.com/yandex-cloud-examples/yc-nlb-fault-tolerant-site.git
      
    2. Navigate to the repository directory. Make sure it now contains the load-balancer.tf file with the new infrastructure configuration.

    1. Create a directory.

    2. In this directory, create the load-balancer.tf configuration file:

      load-balancer.tf
      terraform {
        required_providers {
          yandex = {
            source  = "yandex-cloud/yandex"
            version = ">= 0.47.0"
          }
        }
      }
      
      provider "yandex" {
        zone = "ru-central1-a"
      }
      
      variable "folder_id" {
        description = "Yandex Cloud Folder ID where resources will be created"
        default     = "<folder_ID>"
      }
      
      resource "yandex_iam_service_account" "ig-sa" {
        name        = "ig-sa"
      }
      
      resource "yandex_resourcemanager_folder_iam_member" "editor" {
        folder_id = var.folder_id
        role      = "editor"
        member    = "serviceAccount:${yandex_iam_service_account.ig-sa.id}"
      }
      
      resource "yandex_compute_instance_group" "ig-1" {
        name               = "nlb-vm-group"
        folder_id          = var.folder_id
        service_account_id = "${yandex_iam_service_account.ig-sa.id}"
        instance_template {
          platform_id = "standard-v3"
          resources {
            core_fraction = 20
            memory        = 1
            cores         = 2
          }
      
          boot_disk {
            mode = "READ_WRITE"
            initialize_params {
              image_id = "<image_ID>"
              type     = "network-hdd"
              size     = 3
            }
          }
      
          network_interface {
            network_id = "${yandex_vpc_network.network-1.id}"
            subnet_ids = ["${yandex_vpc_subnet.subnet-1.id}","${yandex_vpc_subnet.subnet-2.id}" ]
            nat        = true
          }
      
          metadata = {
            user-data = "#cloud-config\nusers:\n  - name: <username>\n    groups: sudo\n    shell: /bin/bash\n    sudo: 'ALL=(ALL) NOPASSWD:ALL'\n    ssh_authorized_keys:\n      - ${file("<path_to_public_SSH_key>")}"
          }
        }
      
        scale_policy {
          fixed_scale {
            size = 2
          }
        }
      
        allocation_policy {
          zones = ["ru-central1-a", "ru-central1-b"]
        }
      
        deploy_policy {
          max_unavailable = 1
          max_expansion   = 0
        }
      
        load_balancer {
          target_group_name = "nlb-tg"
        }
      }
      
      resource "yandex_lb_network_load_balancer" "foo" {
        name = "nlb-1"
        listener {
          name = "nlb-listener"
          port = 80
        }
        attached_target_group {
          target_group_id = "${yandex_compute_instance_group.ig-1.load_balancer.0.target_group_id}"
          healthcheck {
            name                = "health-check-1"
            unhealthy_threshold = 5
            healthy_threshold   = 5
            http_options {
              port = 80
            }
          }
        }
      }
      
      resource "yandex_vpc_network" "network-1" {
        name = "network1"
      }
      
      resource "yandex_vpc_subnet" "subnet-1" {
        name           = "subnet1"
        zone           = "ru-central1-a"
        network_id     = "${yandex_vpc_network.network-1.id}"
        v4_cidr_blocks = ["192.168.1.0/24"]
      }
      
      resource "yandex_vpc_subnet" "subnet-2" {
        name           = "subnet2"
        zone           = "ru-central1-b"
        network_id     = "${yandex_vpc_network.network-1.id}"
        v4_cidr_blocks = ["192.168.2.0/24"]
      }
      

    Learn more about the properties of Terraform resources in the relevant Terraform articles:

    • Service account: yandex_iam_service_account.
    • Role: yandex_resourcemanager_folder_iam_member.
    • Instance group: yandex_compute_instance_group.
    • Network load balancer: yandex_lb_network_load_balancer.
    • Network: yandex_vpc_network.
    • Subnets: yandex_vpc_subnet.
  3. Under variable, specify folder_id, i.e., the ID of the folder for your resources.

  4. Under metadata, specify the metadata for creating a VM and the SSH key contents. Use this format for the key: <any_name>:<SSH_key_contents>. Regardless of the username you enter, the key is always assigned to the user set in the LAMP (LEMP) image configuration. Such users differ depending on the image. To learn more, see Keys processed in public images Yandex Cloud.

    You need to create an SSH key pair on your own.

  5. Under boot_disk, specify the ID of a VM image with relevant components:

    • LAMP (Linux, Apache, MySQL®, PHP).
    • LEMP (Linux, Nginx, MySQL®, PHP).
  6. Create the resources:

    1. In the terminal, go to the directory where you edited the configuration file.

    2. Make sure the configuration file is correct using this command:

      terraform validate
      

      If the configuration is correct, you will get this message:

      Success! The configuration is valid.
      
    3. Run this command:

      terraform plan
      

      You will see a detailed list of resources. No changes will be made at this step. Terraform will show any errors found in your configuration.

    4. Apply the changes:

      terraform apply
      
    5. Type yes and press Enter to confirm the changes.

After creating the infrastructure, upload the website files.

Upload the website filesUpload the website files

To test the web server, upload the website files to each VM. You can use the index.html file from this archive as an example.

For each VM in the created group, do the following:

  1. Get the VM public IP address.

  2. Connect to the VM via SSH.

  3. Grant your user write permissions for the /var/www/html directory:

    sudo chown -R "$USER":www-data /var/www/html
    
  4. Upload the website files to the VM via SCP.

    Linux/macOS
    Windows

    Use the scp command line utility:

    scp -r <path_to_directory_with_files> <VM_user_name>@<VM_IP_address>:/var/www/html
    

    Use WinSCP to copy the local file directory to /var/www/html on the VM.

Once you upload all files, test the fault tolerance.

Test the fault toleranceTest the fault tolerance

  1. Get the public IP address of any VM from the group you created.

  2. Connect to the VM via SSH.

  3. Stop the web service to simulate a failure on the web server:

    LAMP
    LEMP
    sudo service apache2 stop
    
    sudo service nginx stop
    
  4. Get the listener IP address.

  5. Open the website in the browser using the listener address.

    The connection should be successful, even though one of the web servers has failed.

  6. When the check is complete, start the web service again:

    LAMP
    LEMP
    sudo service apache2 start
    
    sudo service nginx start
    

How to delete the resources you createdHow to delete the resources you created

To shut down the website and stop paying for the resources you created:

  1. Open the load-balancer.tf configuration file and delete your infrastructure description from it.

  2. Apply the changes:

    1. In the terminal, go to the directory where you edited the configuration file.

    2. Make sure the configuration file is correct using this command:

      terraform validate
      

      If the configuration is correct, you will get this message:

      Success! The configuration is valid.
      
    3. Run this command:

      terraform plan
      

      You will see a detailed list of resources. No changes will be made at this step. Terraform will show any errors found in your configuration.

    4. Apply the changes:

      terraform apply
      
    5. Type yes and press Enter to confirm the changes.

See alsoSee also

  • Fault-tolerant website with load balancing via Yandex Network Load Balancer using the management console

Was the article helpful?

Previous
Management console
Next
Overview
© 2025 Direct Cursus Technology L.L.C.