-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1 from bryan-rhm/v1.0.0
[v1.0.0] initial module implementation
- Loading branch information
Showing
6 changed files
with
233 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,65 @@ | ||
# terraform-aws-alb | ||
Terraform module to provision application load balancers/network load balancers | ||
# Terraform Load Balancer module | ||
|
||
## Basic usage example | ||
|
||
``` | ||
module "alb" { | ||
source = "github.com/bryan-rhm/terraform-aws-alb?ref=v1.0.0" | ||
name = "my-lb" | ||
ssl_policy = var.alb_ssl_policy | ||
subnet_ids = var.public_subnet_ids | ||
security_groups = ["sg-12345"] | ||
ssl_certificate_arn = var.acm_certificate_arn | ||
} | ||
``` | ||
|
||
## Requirements | ||
|
||
| Name | Version | | ||
|------|---------| | ||
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.4 | | ||
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.43.0 | | ||
|
||
## Providers | ||
|
||
| Name | Version | | ||
|------|---------| | ||
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.43.0 | | ||
|
||
## Modules | ||
|
||
No modules. | ||
|
||
## Resources | ||
|
||
| Name | Type | | ||
|------|------| | ||
| [aws_lb.alb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb) | resource | | ||
| [aws_lb_listener.http_listener](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_listener) | resource | | ||
| [aws_lb_listener.https_listener](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_listener) | resource | | ||
|
||
## Inputs | ||
|
||
| Name | Description | Type | Default | Required | | ||
|------|-------------|------|---------|:--------:| | ||
| <a name="input_access_logs_bucket_name"></a> [access\_logs\_bucket\_name](#input\_access\_logs\_bucket\_name) | The S3 bucket name to store the logs in. | `string` | `null` | no | | ||
| <a name="input_access_logs_prefix"></a> [access\_logs\_prefix](#input\_access\_logs\_prefix) | The S3 bucket prefix. Logs are stored in the root if not configured. | `string` | `null` | no | | ||
| <a name="input_drop_invalid_header_fields"></a> [drop\_invalid\_header\_fields](#input\_drop\_invalid\_header\_fields) | Indicates whether HTTP headers with header fields that are not valid are removed by the load balancer (true) or routed to targets (false). | `bool` | `true` | no | | ||
| <a name="input_enable_cross_zone_load_balancing"></a> [enable\_cross\_zone\_load\_balancing](#input\_enable\_cross\_zone\_load\_balancing) | If true, cross-zone load balancing of the load balancer will be enabled. This is a network load balancer feature. | `bool` | `false` | no | | ||
| <a name="input_enable_deletion_protection"></a> [enable\_deletion\_protection](#input\_enable\_deletion\_protection) | If true, deletion of the load balancer will be disabled via the AWS API. This will prevent Terraform from deleting the load balancer. | `bool` | `false` | no | | ||
| <a name="input_idle_timeout"></a> [idle\_timeout](#input\_idle\_timeout) | Sets the time in seconds that the connection is allowed to be idle for the ALB. | `number` | `60` | no | | ||
| <a name="input_internal_alb"></a> [internal\_alb](#input\_internal\_alb) | Defines if the ALB will be internal or external. If internal, it can only use ipv4 as the ip\_address\_type. | `bool` | `false` | no | | ||
| <a name="input_loadbalancer_type"></a> [loadbalancer\_type](#input\_loadbalancer\_type) | Defines the type of loadbalancer | `string` | `"application"` | no | | ||
| <a name="input_name"></a> [name](#input\_name) | Name of the load balancer | `string` | n/a | yes | | ||
| <a name="input_security_groups"></a> [security\_groups](#input\_security\_groups) | List of ids for all the security groups that will be assigned to the ALB. | `list(string)` | `[]` | no | | ||
| <a name="input_ssl_certificate_arn"></a> [ssl\_certificate\_arn](#input\_ssl\_certificate\_arn) | ARN of the default SSL server certificate. | `string` | `null` | no | | ||
| <a name="input_ssl_policy"></a> [ssl\_policy](#input\_ssl\_policy) | Name of the SSL Policy for the HTTPS listener. | `string` | `"ELBSecurityPolicy-2016-08"` | no | | ||
| <a name="input_subnet_ids"></a> [subnet\_ids](#input\_subnet\_ids) | List of ids for all the subnets that will be attached to the ALB. At least two subnets in two different AZs must be specified. | `list(string)` | n/a | yes | | ||
| <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to assign to the ALB. If configured with a provider default\_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level. | `map(any)` | `{}` | no | | ||
|
||
## Outputs | ||
|
||
| Name | Description | | ||
|------|-------------| | ||
| <a name="output_output"></a> [output](#output\_output) | alb, http and https listeners attributes | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
locals { | ||
idle_timeout = var.loadbalancer_type == "application" ? var.idle_timeout : null | ||
security_groups = var.loadbalancer_type == "application" ? var.security_groups : null | ||
drop_invalid_header_fields = var.loadbalancer_type == "application" ? var.drop_invalid_header_fields : null | ||
enable_cross_zone_load_balancing = var.loadbalancer_type == "network" ? var.enable_cross_zone_load_balancing : null | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
resource "aws_lb" "alb" { | ||
name = var.name | ||
subnets = var.subnet_ids | ||
internal = var.internal_alb #tfsec:ignore:aws-elbv2-alb-not-public | ||
idle_timeout = local.idle_timeout | ||
security_groups = local.security_groups | ||
load_balancer_type = var.loadbalancer_type | ||
drop_invalid_header_fields = local.drop_invalid_header_fields | ||
enable_deletion_protection = var.enable_deletion_protection | ||
enable_cross_zone_load_balancing = local.enable_cross_zone_load_balancing | ||
|
||
dynamic "access_logs" { | ||
for_each = var.access_logs_bucket_name != null ? [1] : [] | ||
content { | ||
enabled = true | ||
bucket = var.access_logs_bucket_name | ||
prefix = var.access_logs_prefix | ||
} | ||
} | ||
|
||
tags = var.tags | ||
} | ||
|
||
resource "aws_lb_listener" "http_listener" { | ||
count = var.loadbalancer_type == "application" ? 1 : 0 | ||
|
||
port = "80" | ||
protocol = "HTTP" | ||
load_balancer_arn = aws_lb.alb.arn | ||
|
||
default_action { | ||
type = "redirect" | ||
|
||
redirect { | ||
port = "443" | ||
protocol = "HTTPS" | ||
status_code = "HTTP_301" | ||
} | ||
} | ||
} | ||
|
||
resource "aws_lb_listener" "https_listener" { | ||
count = var.ssl_certificate_arn != null && var.loadbalancer_type == "application" ? 1 : 0 | ||
|
||
port = "443" | ||
protocol = "HTTPS" | ||
ssl_policy = var.ssl_policy | ||
certificate_arn = var.ssl_certificate_arn | ||
load_balancer_arn = aws_lb.alb.arn | ||
|
||
default_action { | ||
type = "fixed-response" | ||
fixed_response { | ||
content_type = "text/plain" | ||
message_body = "Page not found" | ||
status_code = "404" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
output "output" { | ||
description = "alb, http and https listeners attributes " | ||
value = { | ||
alb = aws_lb.alb | ||
http_listener = try(aws_lb_listener.http_listener[0], null) | ||
https_listener = try(aws_lb_listener.https_listener[0], null) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,85 @@ | ||
# ------------------------------------------------------------------------ | ||
# Amazon Application Load Balancer variables | ||
# ------------------------------------------------------------------------ | ||
variable "name" { | ||
type = string | ||
description = "Name of the load balancer" | ||
} | ||
|
||
variable "internal_alb" { | ||
type = bool | ||
default = false | ||
description = "Defines if the ALB will be internal or external. If internal, it can only use ipv4 as the ip_address_type." | ||
} | ||
|
||
variable "loadbalancer_type" { | ||
type = string | ||
default = "application" | ||
description = "Defines the type of loadbalancer" | ||
} | ||
|
||
variable "enable_deletion_protection" { | ||
type = bool | ||
default = false | ||
description = "If true, deletion of the load balancer will be disabled via the AWS API. This will prevent Terraform from deleting the load balancer." | ||
} | ||
|
||
|
||
variable "drop_invalid_header_fields" { | ||
type = bool | ||
default = true | ||
description = "Indicates whether HTTP headers with header fields that are not valid are removed by the load balancer (true) or routed to targets (false)." | ||
} | ||
|
||
variable "enable_cross_zone_load_balancing" { | ||
type = bool | ||
default = false | ||
description = "If true, cross-zone load balancing of the load balancer will be enabled. This is a network load balancer feature." | ||
} | ||
|
||
variable "security_groups" { | ||
type = list(string) | ||
default = [] | ||
description = "List of ids for all the security groups that will be assigned to the ALB." | ||
} | ||
|
||
variable "subnet_ids" { | ||
type = list(string) | ||
description = "List of ids for all the subnets that will be attached to the ALB. At least two subnets in two different AZs must be specified." | ||
} | ||
|
||
variable "idle_timeout" { | ||
type = number | ||
default = 60 | ||
description = "Sets the time in seconds that the connection is allowed to be idle for the ALB." | ||
} | ||
|
||
variable "access_logs_bucket_name" { | ||
type = string | ||
default = null | ||
description = "The S3 bucket name to store the logs in." | ||
} | ||
|
||
variable "access_logs_prefix" { | ||
type = string | ||
default = null | ||
description = "The S3 bucket prefix. Logs are stored in the root if not configured." | ||
} | ||
|
||
variable "tags" { | ||
type = map(any) | ||
default = {} | ||
description = "A map of tags to assign to the ALB. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level." | ||
} | ||
|
||
variable "ssl_policy" { | ||
type = string | ||
default = "ELBSecurityPolicy-2016-08" | ||
description = "Name of the SSL Policy for the HTTPS listener." | ||
} | ||
|
||
variable "ssl_certificate_arn" { | ||
type = string | ||
default = null | ||
description = "ARN of the default SSL server certificate." | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
terraform { | ||
required_version = ">= 0.13.4" | ||
|
||
required_providers { | ||
aws = { | ||
source = "hashicorp/aws" | ||
version = ">= 3.43.0" | ||
} | ||
} | ||
} |