-
Notifications
You must be signed in to change notification settings - Fork 13
/
alb.tf
108 lines (93 loc) · 3.5 KB
/
alb.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
resource "aws_alb" "service" {
count = var.create_alb && (var.alb_enable_https || var.alb_enable_http) ? 1 : 0
name = "${var.service_identifier}-${var.task_identifier}"
internal = var.alb_internal
security_groups = [aws_security_group.alb[0].id]
subnets = var.alb_subnet_ids
access_logs {
enabled = var.lb_log_enabled
bucket = var.lb_bucket_name
prefix = coalesce(var.lb_prefix_override, "${var.lb_log_prefix}/${var.service_identifier}/${var.task_identifier}")
}
tags = local.default_tags
}
resource "aws_alb_listener" "service_https" {
count = var.create_alb && var.alb_enable_https ? 1 : 0
load_balancer_arn = aws_alb.service[0].arn
port = "443"
protocol = "HTTPS"
ssl_policy = "ELBSecurityPolicy-2015-05"
certificate_arn = data.aws_acm_certificate.alb[0].arn
default_action {
target_group_arn = aws_alb_target_group.service.arn
type = "forward"
}
}
resource "aws_alb_listener" "service_http" {
count = var.create_alb && var.alb_enable_http ? 1 : 0
load_balancer_arn = aws_alb.service[0].arn
port = "80"
protocol = "HTTP"
default_action {
target_group_arn = aws_alb_target_group.service.arn
type = "forward"
}
}
resource "aws_alb_target_group" "service" {
name = "${var.service_identifier}-${var.task_identifier}"
port = var.app_port
protocol = "HTTP"
target_type = var.target_type
deregistration_delay = var.alb_deregistration_delay
vpc_id = data.aws_vpc.vpc.id
health_check {
interval = var.alb_healthcheck_interval
path = var.alb_healthcheck_path
port = var.alb_healthcheck_port
protocol = var.alb_healthcheck_protocol
timeout = var.alb_healthcheck_timeout
healthy_threshold = var.alb_healthcheck_healthy_threshold
unhealthy_threshold = var.alb_healthcheck_unhealthy_threshold
matcher = var.alb_healthcheck_matcher
}
stickiness {
enabled = var.alb_stickiness_enabled
type = "lb_cookie"
cookie_duration = var.alb_cookie_duration
}
tags = local.default_tags
}
resource "aws_security_group" "alb" {
count = var.create_alb ? 1 : 0
name_prefix = "alb-${var.service_identifier}-${var.task_identifier}-"
description = "Security group for ${var.service_identifier}-${var.task_identifier} ALB"
vpc_id = data.aws_vpc.vpc.id
tags = local.default_tags
}
resource "aws_security_group_rule" "alb_ingress_https" {
count = var.create_alb && var.alb_enable_https ? 1 : 0
type = "ingress"
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = var.alb_sg_cidr
security_group_id = aws_security_group.alb[0].id
}
resource "aws_security_group_rule" "alb_ingress_http" {
count = var.create_alb && var.alb_enable_http ? 1 : 0
type = "ingress"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = var.alb_sg_cidr
security_group_id = aws_security_group.alb[0].id
}
resource "aws_security_group_rule" "alb_egress" {
count = var.create_alb ? 1 : 0
type = "egress"
from_port = 0
to_port = 65535
protocol = "-1"
cidr_blocks = var.alb_sg_cidr_egress
security_group_id = aws_security_group.alb[0].id
}