wlc.rubykaigi.net

ruby-no-kai · Aug 30, 2022 · 034fe8f · 034fe8f
1 parent 99cb633
commit 034fe8f
Show file tree

Hide file tree

Showing 3 changed files with 69 additions and 0 deletions.
diff --git a/tf/core/alb_rules.tf b/tf/core/alb_rules.tf
@@ -322,3 +322,46 @@ resource "aws_lb_listener_rule" "common-grafana" {
     target_group_arn = aws_lb_target_group.common-grafana.arn
   }
 }
+
+###
+
+data "aws_lb_target_group" "common-wlc" {
+  name = "rknw-common-wlc"
+}
+
+resource "aws_lb_listener_rule" "common-wlc" {
+  listener_arn = aws_lb_listener.common-https.arn
+  priority     = 107
+  condition {
+    host_header {
+      values = ["wlc.rubykaigi.net"]
+    }
+  }
+  action {
+    type = "authenticate-oidc"
+    authenticate_oidc {
+      authorization_endpoint     = local.alb_oidc.authorization_endpoint
+      token_endpoint             = local.alb_oidc.token_endpoint
+      user_info_endpoint         = local.alb_oidc.user_info_endpoint
+      client_id                  = local.alb_oidc.client_id
+      client_secret              = local.alb_oidc.client_secret
+      issuer                     = local.alb_oidc.issuer
+      scope                      = local.alb_oidc.scope
+      on_unauthenticated_request = local.alb_oidc.on_unauthenticated_request
+      session_timeout            = local.alb_oidc.session_timeout
+    }
+  }
+  action {
+    type             = "forward"
+    target_group_arn = data.aws_lb_target_group.common-wlc.arn
+  }
+}
+
+resource "aws_route53_record" "wlc_rubykaigi_net" {
+  for_each = local.rubykaigi_net_zones
+  name     = "wlc.rubykaigi.net."
+  zone_id  = each.value
+  type     = "CNAME"
+  ttl      = 60
+  records  = ["ops-lb.rubykaigi.net."]
+}
diff --git a/tf/dns-hosts/alb-tg.tf b/tf/dns-hosts/alb-tg.tf
@@ -0,0 +1,23 @@
+resource "aws_lb_target_group" "common-wlc" {
+  name        = "rknw-common-wlc"
+  port        = 80
+  protocol    = "HTTPS"
+  vpc_id      = data.aws_vpc.main.id
+  target_type = "ip"
+
+  health_check {
+    enabled  = true
+    path     = "/"
+    protocol = "HTTPS"
+  }
+
+  deregistration_delay = 10
+}
+
+resource "aws_lb_target_group_attachment" "common-wlc" {
+  for_each          = aws_route53_record.host_sys_wlc-01_venue_rubykaigi_net_A.records
+  target_group_arn  = aws_lb_target_group.common-wlc.arn
+  target_id         = each.value
+  port              = 443
+  availability_zone = "all"
+}
diff --git a/tf/dns-hosts/vpc.tf b/tf/dns-hosts/vpc.tf
@@ -0,0 +1,3 @@
+data "aws_vpc" "main" {
+  id = "vpc-004eca6fe0bf3494d"
+}