Add support for redirect and fixed-response actions to elb_application_lb

[jeffhunter]

SUMMARY

Add support for redirect and fixed-response actions to elb_application_lb

ISSUE TYPE

• Feature Idea

COMPONENT NAME

elb_application_lb

ANSIBLE VERSION

ansible 2.6.2

CONFIGURATION

OS / ENVIRONMENT

N/A

STEPS TO REPRODUCE

Amazon has added support for redirect and fixed-response action to Application Load Balancers:

https://aws.amazon.com/about-aws/whats-new/2018/07/elastic-load-balancing-announces-support-for-redirects-and-fixed-responses-for-application-load-balancer/

The ability to redirect HTTP to HTTPS directly in the load balancer is very useful, and elb_application_lb should support creating these actions.

[ansibot]

Files identified in the description:

• lib/ansible/modules/cloud/amazon/elb_application_lb.py

If these files are inaccurate, please update the component name section of the description or use the !component bot command.

click here for bot help

[ansibot]

cc @wimnat
click here for bot help

[ansibot]

Hi @jeffhunter,

Thank you for the issue, just so you are aware we have a dedicated Working Group for aws.
You can find other people interested in this in #ansible-aws on Freenode IRC
For more information about communities, meetings and agendas see https://github.com/ansible/community

click here for bot help

[randlet]

Quick workaround using command/awscli in case anyone else lands on this page wondering how to redirect http to https traffic with an application load balancer:

    - name: "Create application load balancer"
      register: elb
      elb_application_lb:
        name: "{{ elb_name }}
        subnets: "{{ subnets }}"
        security_groups:
          - "{{ security_group }}"
        scheme: internet-facing
        listeners:
          - Protocol: HTTPS 
            Port: 443 
            DefaultActions:
                - Type: forward 
                  TargetGroupName: "{{ target_group.target_group_name }}"
            Certificates:
                - CertificateArn: "{{ ssl_cert_arn }}"
            SslPolicy: ELBSecurityPolicy-2015-05
        state: present

    - name: "Add http to https redirect listener to ALB"
      command: >
        aws elbv2 create-listener
        --load-balancer-arn {{ elb.load_balancer_arn }}
        --protocol HTTP
        --port 80
        --default-actions 'Type=redirect,RedirectConfig={Protocol=HTTPS,Port=443,Host="#{host}",Path="/#{path}",Query="#{query}",StatusCode=HTTP_301}'

[ewascent]

• name: "Add http to https redirect listener to ALB" command: > aws elbv2 create-listener --load-balancer-arn {{ elb.load_balancer_arn }} --protocol HTTP --port 80 --default-actions 'Type=redirect,RedirectConfig={Protocol=HTTPS,Port=443,Host="#{host}",Path="/#{path}",Query="#{query}",StatusCode=HTTP_301}'

Eric copies the nice man's code.

[levisbakalinsky]

Any plans to add this functionality in future versions?

[emanuele-leopardi]

I was able to create Redirect from 80 to 443 with the following code:

###Var Declaration

 application_load_balancers:
  - name: test-alb
    state: present
    security_groups:
      - test-lb
    subnets:
      - sub-a-pub
      - sub-b-pub
    listeners:
      - Protocol: HTTPS
        Port: 443
        DefaultActions:
          - Type: forward
            TargetGroupName: group-https-dev
        Certificates: 
          - CertificateArn: arn:aws:acm:eu-west-1:432791473407:certificate/92bb37f0-1f81-4b0e-bbec-f14326fdf666
        SslPolicy: ELBSecurityPolicy-2016-08
        Rules:
          - Conditions:
              - Field: host-header
                Values:
                  - 'auth-test.cloud.foo.bar.it'
            Priority: '2'
            Actions:
              - TargetGroupName: group-https-test
                Type: forward
          - Conditions:
              - Field: host-header
                Values:
                  - 'test.cloud.foo.bar.it'
            Priority: '1'
            Actions:
              - TargetGroupName: group-https-dev
                Type: forward
      - Protocol: HTTP
        Port: 80
        DefaultActions:
          - Type: redirect
            RedirectConfig:
              Protocol: HTTPS
              Port: "443"
              Host: "#{host}"
              Path: "/#{path}"
              Query: "#{query}"
              StatusCode: "HTTP_301"

#Playbook task

- name: create application load balancer
  elb_application_lb:
    name: "{{ application_load_balancer.name }}"
    security_groups: "{{ security_group_id_list }}"
    subnets: "{{ subnet_id_list }}"
    listeners: "{{ application_load_balancer.listeners }}"
    deletion_protection: yes
    state: present

the catch here is to pass the whole object completely described to the module.
Hope this helps others.

[mortalius]

And for fixed-response it work same way.

  DefaultActions:
    - Type: fixed-response
      FixedResponseConfig:
        ContentType: 'text/html'
        MessageBody: '<b>Nothing There</b>'
        StatusCode: '200'

And actually for any other type should work too. Just make Config block according to https://docs.aws.amazon.com/en_us/elasticloadbalancing/latest/APIReference/API_Action.html

[orderedchaosdev]

@mortalius @emanuele-leopardi-dap actually the errors happen when you try to update an existing alb that already has something like fixed-response.
Try running the module again to update the fixed response. At least in my version of ansible it will error out

[thisdougb]

the problem here (I think) is one layer deeper than the module. The method _ensure_listeners_default_action_has_arn (in elbv2.py) only really works with default listeners that have a target arn (forward type). The elb_application_lb module depends on this utility module.

I could do some work on this, and add the functionality we all seem to need. But I'm not sure a submitted PR would be accepted, due to the existing backlog and lack of maintainer for this module.

[johnpetersjr]

Is there a plan to ever handle other types of listeners besides 'forward' in Ansible? Or should I plan on using aws cli commands for this forever as shown above by @randlet ? (and thanks for that!)

[raghualapati]

Can any one help me on how to use the module elb_application_lb to set a fixed response at the load-balancer level.

[ansibot]

cc @jillr @s-hertel @tremble
click here for bot help

[dale-c-anderson]

I find it worth noting that in randlet's command workaround above, aws elbv2 create-listener is an idempotent operation. Even though the command reports "changed" across multiple playbook runs, it doesn't continue to append multiple HTTP listeners. \m/

[ansibot]

Thank you very much for your interest in Ansible. Ansible has migrated much of the content into separate repositories to allow for more rapid, independent development. We are closing this issue/PR because this content has been moved to one or more collection repositories.

• lib/ansible/modules/cloud/amazon/elb_application_lb.py -> https://galaxy.ansible.com/community/aws

For further information, please see:
https://github.com/ansible/ansibullbot/blob/master/docs/collection_migration.md