add xff_header_processing_mode option to alb (#143)

* add xff_header_processing_mode option to alb * update docs --------- Co-authored-by: Thomas Pötke <thomas.poetke@exconcept.com>
cloudposse · Jun 7, 2023 · e0846c2 · e0846c2
1 parent 27f69b1
commit e0846c2
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -319,6 +319,7 @@ Available targets:
 | <a name="input_target_group_target_type"></a> [target\_group\_target\_type](#input\_target\_group\_target\_type) | The type (`instance`, `ip` or `lambda`) of targets that can be registered with the target group | `string` | `"ip"` | no |
 | <a name="input_tenant"></a> [tenant](#input\_tenant) | ID element \_(Rarely used, not included by default)\_. A customer identifier, indicating who this instance of a resource is for | `string` | `null` | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | VPC ID to associate with ALB | `string` | n/a | yes |
+| <a name="input_xff_header_processing_mode"></a> [xff\_header\_processing\_mode](#input\_xff\_header\_processing\_mode) | Determines how the load balancer modifies the X-Forwarded-For header in the HTTP request before sending the request to the target. The possible values are append, preserve, and remove. Only valid for Load Balancers of type application. The default is append | `string` | `"append"` | no |
 
 ## Outputs
 

diff --git a/docs/terraform.md b/docs/terraform.md
@@ -119,6 +119,7 @@
 | <a name="input_target_group_target_type"></a> [target\_group\_target\_type](#input\_target\_group\_target\_type) | The type (`instance`, `ip` or `lambda`) of targets that can be registered with the target group | `string` | `"ip"` | no |
 | <a name="input_tenant"></a> [tenant](#input\_tenant) | ID element \_(Rarely used, not included by default)\_. A customer identifier, indicating who this instance of a resource is for | `string` | `null` | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | VPC ID to associate with ALB | `string` | n/a | yes |
+| <a name="input_xff_header_processing_mode"></a> [xff\_header\_processing\_mode](#input\_xff\_header\_processing\_mode) | Determines how the load balancer modifies the X-Forwarded-For header in the HTTP request before sending the request to the target. The possible values are append, preserve, and remove. Only valid for Load Balancers of type application. The default is append | `string` | `"append"` | no |
 
 ## Outputs
 

diff --git a/main.tf b/main.tf
@@ -88,6 +88,7 @@ resource "aws_lb" "default" {
   enable_deletion_protection       = var.deletion_protection_enabled
   drop_invalid_header_fields       = var.drop_invalid_header_fields
   preserve_host_header             = var.preserve_host_header
+  xff_header_processing_mode       = var.xff_header_processing_mode
 
   access_logs {
     bucket  = try(element(compact([var.access_logs_s3_bucket_id, module.access_logs.bucket_id]), 0), "")

diff --git a/variables.tf b/variables.tf
@@ -348,3 +348,9 @@ variable "preserve_host_header" {
   default     = false
   description = "Indicates whether the Application Load Balancer should preserve the Host header in the HTTP request and send it to the target without any change."
 }
+
+variable "xff_header_processing_mode" {
+  type        = string
+  default     = "append"
+  description = "Determines how the load balancer modifies the X-Forwarded-For header in the HTTP request before sending the request to the target. The possible values are append, preserve, and remove. Only valid for Load Balancers of type application. The default is append"
+}