-
Notifications
You must be signed in to change notification settings - Fork 23.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for redirect and fixed-response actions to elb_application_lb #43506
Comments
Files identified in the description: If these files are inaccurate, please update the |
Hi @jeffhunter, Thank you for the issue, just so you are aware we have a dedicated Working Group for aws. |
Quick workaround using command/awscli in case anyone else lands on this page wondering how to redirect http to https traffic with an application load balancer: - name: "Create application load balancer"
register: elb
elb_application_lb:
name: "{{ elb_name }}
subnets: "{{ subnets }}"
security_groups:
- "{{ security_group }}"
scheme: internet-facing
listeners:
- Protocol: HTTPS
Port: 443
DefaultActions:
- Type: forward
TargetGroupName: "{{ target_group.target_group_name }}"
Certificates:
- CertificateArn: "{{ ssl_cert_arn }}"
SslPolicy: ELBSecurityPolicy-2015-05
state: present
- name: "Add http to https redirect listener to ALB"
command: >
aws elbv2 create-listener
--load-balancer-arn {{ elb.load_balancer_arn }}
--protocol HTTP
--port 80
--default-actions 'Type=redirect,RedirectConfig={Protocol=HTTPS,Port=443,Host="#{host}",Path="/#{path}",Query="#{query}",StatusCode=HTTP_301}'
|
Eric copies the nice man's code. |
Any plans to add this functionality in future versions? |
I was able to create Redirect from 80 to 443 with the following code: ###Var Declaration
application_load_balancers:
- name: test-alb
state: present
security_groups:
- test-lb
subnets:
- sub-a-pub
- sub-b-pub
listeners:
- Protocol: HTTPS
Port: 443
DefaultActions:
- Type: forward
TargetGroupName: group-https-dev
Certificates:
- CertificateArn: arn:aws:acm:eu-west-1:432791473407:certificate/92bb37f0-1f81-4b0e-bbec-f14326fdf666
SslPolicy: ELBSecurityPolicy-2016-08
Rules:
- Conditions:
- Field: host-header
Values:
- 'auth-test.cloud.foo.bar.it'
Priority: '2'
Actions:
- TargetGroupName: group-https-test
Type: forward
- Conditions:
- Field: host-header
Values:
- 'test.cloud.foo.bar.it'
Priority: '1'
Actions:
- TargetGroupName: group-https-dev
Type: forward
- Protocol: HTTP
Port: 80
DefaultActions:
- Type: redirect
RedirectConfig:
Protocol: HTTPS
Port: "443"
Host: "#{host}"
Path: "/#{path}"
Query: "#{query}"
StatusCode: "HTTP_301" #Playbook task
- name: create application load balancer
elb_application_lb:
name: "{{ application_load_balancer.name }}"
security_groups: "{{ security_group_id_list }}"
subnets: "{{ subnet_id_list }}"
listeners: "{{ application_load_balancer.listeners }}"
deletion_protection: yes
state: present the catch here is to pass the whole object completely described to the module. |
And for fixed-response it work same way.
And actually for any other type should work too. Just make Config block according to https://docs.aws.amazon.com/en_us/elasticloadbalancing/latest/APIReference/API_Action.html |
@mortalius @emanuele-leopardi-dap actually the errors happen when you try to update an existing alb that already has something like fixed-response. |
the problem here (I think) is one layer deeper than the module. The method _ensure_listeners_default_action_has_arn (in elbv2.py) only really works with default listeners that have a target arn (forward type). The elb_application_lb module depends on this utility module. I could do some work on this, and add the functionality we all seem to need. But I'm not sure a submitted PR would be accepted, due to the existing backlog and lack of maintainer for this module. |
Is there a plan to ever handle other types of listeners besides 'forward' in Ansible? Or should I plan on using aws cli commands for this forever as shown above by @randlet ? (and thanks for that!) |
Can any one help me on how to use the module elb_application_lb to set a fixed response at the load-balancer level. |
I find it worth noting that in randlet's |
Thank you very much for your interest in Ansible. Ansible has migrated much of the content into separate repositories to allow for more rapid, independent development. We are closing this issue/PR because this content has been moved to one or more collection repositories.
For further information, please see: |
SUMMARY
Add support for redirect and fixed-response actions to elb_application_lb
ISSUE TYPE
COMPONENT NAME
elb_application_lb
ANSIBLE VERSION
CONFIGURATION
OS / ENVIRONMENT
N/A
STEPS TO REPRODUCE
Amazon has added support for redirect and fixed-response action to Application Load Balancers:
https://aws.amazon.com/about-aws/whats-new/2018/07/elastic-load-balancing-announces-support-for-redirects-and-fixed-responses-for-application-load-balancer/
The ability to redirect HTTP to HTTPS directly in the load balancer is very useful, and elb_application_lb should support creating these actions.
The text was updated successfully, but these errors were encountered: