Merge pull request #1 from bryan-rhm/v1.0.0

[v1.0.0] initial module implementation

README.md

@@ -1,2 +1,65 @@
-# terraform-aws-alb
-Terraform module to provision application load balancers/network load balancers
+# Terraform Load Balancer module
+
+## Basic usage example
+
+```
+module "alb" {
+  source = "github.com/bryan-rhm/terraform-aws-alb?ref=v1.0.0"
+
+  name                    = "my-lb"
+  ssl_policy              = var.alb_ssl_policy
+  subnet_ids              = var.public_subnet_ids
+  security_groups         = ["sg-12345"]
+  ssl_certificate_arn     = var.acm_certificate_arn
+}
+```
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.4 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.43.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.43.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_lb.alb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb) | resource |
+| [aws_lb_listener.http_listener](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_listener) | resource |
+| [aws_lb_listener.https_listener](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_listener) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_access_logs_bucket_name"></a> [access\_logs\_bucket\_name](#input\_access\_logs\_bucket\_name) | The S3 bucket name to store the logs in. | `string` | `null` | no |
+| <a name="input_access_logs_prefix"></a> [access\_logs\_prefix](#input\_access\_logs\_prefix) | The S3 bucket prefix. Logs are stored in the root if not configured. | `string` | `null` | no |
+| <a name="input_drop_invalid_header_fields"></a> [drop\_invalid\_header\_fields](#input\_drop\_invalid\_header\_fields) | Indicates whether HTTP headers with header fields that are not valid are removed by the load balancer (true) or routed to targets (false). | `bool` | `true` | no |
+| <a name="input_enable_cross_zone_load_balancing"></a> [enable\_cross\_zone\_load\_balancing](#input\_enable\_cross\_zone\_load\_balancing) | If true, cross-zone load balancing of the load balancer will be enabled. This is a network load balancer feature. | `bool` | `false` | no |
+| <a name="input_enable_deletion_protection"></a> [enable\_deletion\_protection](#input\_enable\_deletion\_protection) | If true, deletion of the load balancer will be disabled via the AWS API. This will prevent Terraform from deleting the load balancer. | `bool` | `false` | no |
+| <a name="input_idle_timeout"></a> [idle\_timeout](#input\_idle\_timeout) | Sets the time in seconds that the connection is allowed to be idle for the ALB. | `number` | `60` | no |
+| <a name="input_internal_alb"></a> [internal\_alb](#input\_internal\_alb) | Defines if the ALB will be internal or external. If internal, it can only use ipv4 as the ip\_address\_type. | `bool` | `false` | no |
+| <a name="input_loadbalancer_type"></a> [loadbalancer\_type](#input\_loadbalancer\_type) | Defines the type of loadbalancer | `string` | `"application"` | no |
+| <a name="input_name"></a> [name](#input\_name) | Name of the load balancer | `string` | n/a | yes |
+| <a name="input_security_groups"></a> [security\_groups](#input\_security\_groups) | List of ids for all the security groups that will be assigned to the ALB. | `list(string)` | `[]` | no |
+| <a name="input_ssl_certificate_arn"></a> [ssl\_certificate\_arn](#input\_ssl\_certificate\_arn) | ARN of the default SSL server certificate. | `string` | `null` | no |
+| <a name="input_ssl_policy"></a> [ssl\_policy](#input\_ssl\_policy) | Name of the SSL Policy for the HTTPS listener. | `string` | `"ELBSecurityPolicy-2016-08"` | no |
+| <a name="input_subnet_ids"></a> [subnet\_ids](#input\_subnet\_ids) | List of ids for all the subnets that will be attached to the ALB. At least two subnets in two different AZs must be specified. | `list(string)` | n/a | yes |
+| <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to assign to the ALB. If configured with a provider default\_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level. | `map(any)` | `{}` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_output"></a> [output](#output\_output) | alb, http and https listeners attributes |

locals.tf

@@ -0,0 +1,6 @@
+locals {
+  idle_timeout                     = var.loadbalancer_type == "application" ? var.idle_timeout : null
+  security_groups                  = var.loadbalancer_type == "application" ? var.security_groups : null
+  drop_invalid_header_fields       = var.loadbalancer_type == "application" ? var.drop_invalid_header_fields : null
+  enable_cross_zone_load_balancing = var.loadbalancer_type == "network" ? var.enable_cross_zone_load_balancing : null
+}

main.tf

@@ -0,0 +1,59 @@
+resource "aws_lb" "alb" {
+  name                             = var.name
+  subnets                          = var.subnet_ids
+  internal                         = var.internal_alb #tfsec:ignore:aws-elbv2-alb-not-public
+  idle_timeout                     = local.idle_timeout
+  security_groups                  = local.security_groups
+  load_balancer_type               = var.loadbalancer_type
+  drop_invalid_header_fields       = local.drop_invalid_header_fields
+  enable_deletion_protection       = var.enable_deletion_protection
+  enable_cross_zone_load_balancing = local.enable_cross_zone_load_balancing
+
+  dynamic "access_logs" {
+    for_each = var.access_logs_bucket_name != null ? [1] : []
+    content {
+      enabled = true
+      bucket  = var.access_logs_bucket_name
+      prefix  = var.access_logs_prefix
+    }
+  }
+
+  tags = var.tags
+}
+
+resource "aws_lb_listener" "http_listener" {
+  count             = var.loadbalancer_type == "application" ? 1 : 0
+
+  port              = "80"
+  protocol          = "HTTP"
+  load_balancer_arn = aws_lb.alb.arn
+
+  default_action {
+    type = "redirect"
+
+    redirect {
+      port        = "443"
+      protocol    = "HTTPS"
+      status_code = "HTTP_301"
+    }
+  }
+}
+
+resource "aws_lb_listener" "https_listener" {
+  count             = var.ssl_certificate_arn != null && var.loadbalancer_type == "application" ? 1 : 0
+
+  port              = "443"
+  protocol          = "HTTPS"
+  ssl_policy        = var.ssl_policy
+  certificate_arn   = var.ssl_certificate_arn
+  load_balancer_arn = aws_lb.alb.arn
+
+  default_action {
+    type = "fixed-response"
+    fixed_response {
+      content_type = "text/plain"
+      message_body = "Page not found"
+      status_code  = "404"
+    }
+  }
+}

outputs.tf

@@ -0,0 +1,8 @@
+output "output" {
+    description = "alb, http and https listeners attributes "
+    value       = {
+        alb            = aws_lb.alb
+        http_listener  = try(aws_lb_listener.http_listener[0], null)
+        https_listener = try(aws_lb_listener.https_listener[0], null)
+    }
+}

variables.tf

@@ -0,0 +1,85 @@
+# ------------------------------------------------------------------------
+# Amazon Application Load Balancer variables
+# ------------------------------------------------------------------------
+variable "name" {
+  type        = string
+  description = "Name of the load balancer"
+}
+
+variable "internal_alb" {
+  type        = bool
+  default     = false
+  description = "Defines if the ALB will be internal or external. If internal, it can only use ipv4 as the ip_address_type."
+}
+
+variable "loadbalancer_type" {
+  type        = string
+  default     = "application"
+  description = "Defines the type of loadbalancer"
+}
+
+variable "enable_deletion_protection" {
+  type        = bool
+  default     = false
+  description = "If true, deletion of the load balancer will be disabled via the AWS API. This will prevent Terraform from deleting the load balancer."
+}
+
+
+variable "drop_invalid_header_fields" {
+  type        = bool
+  default     = true
+  description = "Indicates whether HTTP headers with header fields that are not valid are removed by the load balancer (true) or routed to targets (false)."
+}
+
+variable "enable_cross_zone_load_balancing" {
+  type        = bool
+  default     = false
+  description = "If true, cross-zone load balancing of the load balancer will be enabled. This is a network load balancer feature."
+}
+
+variable "security_groups" {
+  type        = list(string)
+  default     = []
+  description = "List of ids for all the security groups that will be assigned to the ALB."
+}
+
+variable "subnet_ids" {
+  type        = list(string)
+  description = "List of ids for all the subnets that will be attached to the ALB. At least two subnets in two different AZs must be specified."
+}
+
+variable "idle_timeout" {
+  type        = number
+  default     = 60
+  description = "Sets the time in seconds that the connection is allowed to be idle for the ALB."
+}
+
+variable "access_logs_bucket_name" {
+  type        = string
+  default     = null
+  description = "The S3 bucket name to store the logs in."
+}
+
+variable "access_logs_prefix" {
+  type        = string
+  default     = null
+  description = "The S3 bucket prefix. Logs are stored in the root if not configured."
+}
+
+variable "tags" {
+  type        = map(any)
+  default     = {}
+  description = "A map of tags to assign to the ALB. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level."
+}
+
+variable "ssl_policy" {
+  type        = string
+  default     = "ELBSecurityPolicy-2016-08"
+  description = "Name of the SSL Policy for the HTTPS listener."
+}
+
+variable "ssl_certificate_arn" {
+  type        = string
+  default     = null 
+  description = "ARN of the default SSL server certificate."
+}

versions.tf

@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 0.13.4"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 3.43.0"
+    }
+  }
+}