[#98] Add a flag to redirect HTTP traffic to HTTPS

[sestrella]

what

• Add a flag to redirect HTTP traffic to HTTPS
• The hostname included in the redirection can be customized

why

• It is a common best practice to redirect HTTP traffic to HTTPS
• This workaround is necessary since Elastic Beanstalk HTTP listener rule can't be changed to a redirect action via the general options

references

• Kudos to @yashshanker who posted the simplified solution
• Closes Redirect http to https #98

[joe-niland]

Thanks @sestrella
Looks good. I have a couple of suggestions.
Let us know when it can be moved out of draft.

[sestrella]

@joe-niland thank you for the review, I addressed most of the comments, however, I would like to do some testing on a project before flagging this PR as "Ready for Review"

[sestrella]

@joe-niland I tried to avoid hard-coding the 0 index here, however, it didn't work:

one(aws_elastic_beanstalk_environment.default.*.load_balancers)

On the other hand, I noticed the 0 index is hard-coded on the load_balancers output, so I'm using the same approach for now.

[joe-niland]

What was the error you saw with the above?

[sestrella]

This one:

[joe-niland]

Sorry this was my mistake - in the example code I was thinking of something else and forgot the indexing was there just because count is used on the eb environment resource. This seems fine now.

[sestrella]

@joe-niland I did some local testing and it seems to work fine, this is the rule added to the HTTP listener:

[joe-niland]

/rebuild-readme

[joe-niland]

@sestrella would you mind adding this new var to https://github.com/cloudposse/terraform-aws-elastic-beanstalk-environment/tree/master/examples/complete so we can check it with Terratest?

[sestrella]

@joe-niland done

[joe-niland]

/test all

[joe-niland]

/rebuild-readme

[joe-niland]

@sestrella just a minor thing in the BATS test to look at

[joe-niland]

Also @sestrella could you please run the following:

make
make readme

[joe-niland]

@sestrella or change your PR to allow edits by maintainers: https://github.com/cloudposse/terraform-aws-elastic-beanstalk-environment/actions/runs/4121415576/jobs/7117081418

[sestrella]

@joe-niland I updated the README.md and docs/terraform.md files as suggested

[joe-niland]

/test all

[joe-niland]

@sestrella can you please update the version constraint in examples/**/versions.tf also?

[joe-niland]

/test bats

[joe-niland]

/test readme

[joe-niland]

/test terratest

[joe-niland]

@sestrella since you changed the main versions.tf again you'll need to regenerate the readme as well

[sestrella]

@joe-niland sorry for taking so long updating the README file, I got a weird error running make readme/build on Mac with M1:

make: *** [/Users/sestrella/code/stackbuilders/terraform-aws-elastic-beanstalk-environment/build-harness/modules/readme/Makefile:32: readme/build] Killed: 9

After taking a closer look, I realized that readme/deps step downloads the wrong binary for the arm64 architecture:

❯ uname -a
Darwin Administrators-MacBook-Pro 22.3.0 Darwin Kernel Version 22.3.0: Thu Jan  5 20:48:54 PST 2023; root:xnu-8792.81.2~2/RELEASE_ARM64_T6000 arm64 arm Darwin
…anstalk-environment on  redirect_http_to_https [?] via 💠 default via ❄️  impure (nix-shell)
➜ file build-harness/vendor/gomplate
build-harness/vendor/gomplate: Mach-O 64-bit x86_64 executable, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL>
…anstalk-environment on  redirect_http_to_https [?] via 💠 default via ❄️  impure (nix-shell)
➜ file build-harness/vendor/terraform-docs
build-harness/vendor/terraform-docs: Mach-O 64-bit x86_64 executable

Anyway, I found a workaround and I'm planning to report this issue to cloudposse/build-harness later.

[joe-niland]

/test all

[joe-niland]

Thanks for your contribution and patience @sestrella.
Released as https://github.com/cloudposse/terraform-aws-elastic-beanstalk-environment/releases/tag/0.49.0

Regarding the aws provider version constraint, was this updated by the make target?

[sestrella]

@joe-niland thank you for the code review and guidance! About:

Regarding the aws provider version constraint, was this updated by the make target?

I realized this version was coming from the .terraform.lock.hcl generated by terraform init so in the end I decided to delete this file and run make readme/build again which changed the constraint back to >= 3.0

[joe-niland]

I realized this version was coming from the .terraform.lock.hcl generated by terraform init so in the end I decided to delete this file and run make readme/build again which changed the constraint back to >= 3.0

Thanks for clarifying!