feat: Add ability to enable cross-zone load balancing

README.md

@@ -329,6 +329,7 @@ allow_github_webhooks        = true
 | <a name="input_alb_authenticate_cognito"></a> [alb\_authenticate\_cognito](#input\_alb\_authenticate\_cognito) | Map of AWS Cognito authentication parameters to protect ALB (eg, using SAML). See https://www.terraform.io/docs/providers/aws/r/lb_listener.html#authenticate-cognito-action | `any` | `{}` | no |
 | <a name="input_alb_authenticate_oidc"></a> [alb\_authenticate\_oidc](#input\_alb\_authenticate\_oidc) | Map of Authenticate OIDC parameters to protect ALB (eg, using Auth0). See https://www.terraform.io/docs/providers/aws/r/lb_listener.html#authenticate-oidc-action | `any` | `{}` | no |
 | <a name="input_alb_drop_invalid_header_fields"></a> [alb\_drop\_invalid\_header\_fields](#input\_alb\_drop\_invalid\_header\_fields) | Indicates whether invalid header fields are dropped in application load balancers. Defaults to false. | `bool` | `null` | no |
+| <a name="input_alb_enable_cross_zone_load_balancing"></a> [alb\_enable\_cross\_zone\_load\_balancing](#input\_alb\_enable\_cross\_zone\_load\_balancing) | Whether cross-zone load balancing is enabled for the load balancer | `bool` | `null` | no |
 | <a name="input_alb_enable_deletion_protection"></a> [alb\_enable\_deletion\_protection](#input\_alb\_enable\_deletion\_protection) | If true, deletion of the load balancer will be disabled via the AWS API. This will prevent Terraform from deleting the load balancer. Defaults to false. | `bool` | `null` | no |
 | <a name="input_alb_http_security_group_tags"></a> [alb\_http\_security\_group\_tags](#input\_alb\_http\_security\_group\_tags) | Additional tags to put on the http security group | `map(string)` | `{}` | no |
 | <a name="input_alb_https_security_group_tags"></a> [alb\_https\_security\_group\_tags](#input\_alb\_https\_security\_group\_tags) | Additional tags to put on the https security group | `map(string)` | `{}` | no |

examples/github-complete/main.tf

@@ -101,12 +101,13 @@ module "atlantis" {
   atlantis_repo_allowlist        = [for repo in var.github_repo_names : "github.com/${var.github_owner}/${repo}"]
 
   # ALB access
-  alb_ingress_cidr_blocks         = var.alb_ingress_cidr_blocks
-  alb_logging_enabled             = true
-  alb_log_bucket_name             = module.atlantis_access_log_bucket.s3_bucket_id
-  alb_log_location_prefix         = "atlantis-alb"
-  alb_listener_ssl_policy_default = "ELBSecurityPolicy-TLS-1-2-2017-01"
-  alb_drop_invalid_header_fields  = true
+  alb_ingress_cidr_blocks              = var.alb_ingress_cidr_blocks
+  alb_logging_enabled                  = true
+  alb_log_bucket_name                  = module.atlantis_access_log_bucket.s3_bucket_id
+  alb_log_location_prefix              = "atlantis-alb"
+  alb_listener_ssl_policy_default      = "ELBSecurityPolicy-TLS-1-2-2017-01"
+  alb_drop_invalid_header_fields       = true
+  alb_enable_cross_zone_load_balancing = true
 
   allow_unauthenticated_access = true
   allow_github_webhooks        = true

main.tf

@@ -242,9 +242,10 @@ module "alb" {
   name     = var.name
   internal = var.internal
 
-  vpc_id          = local.vpc_id
-  subnets         = local.public_subnet_ids
-  security_groups = flatten([module.alb_https_sg.security_group_id, module.alb_http_sg.security_group_id, var.security_group_ids])
+  enable_cross_zone_load_balancing = var.alb_enable_cross_zone_load_balancing
+  vpc_id                           = local.vpc_id
+  subnets                          = local.public_subnet_ids
+  security_groups                  = flatten([module.alb_https_sg.security_group_id, module.alb_http_sg.security_group_id, var.security_group_ids])
 
   access_logs = {
     enabled = var.alb_logging_enabled

variables.tf

@@ -766,3 +766,9 @@ variable "max_session_duration" {
   type        = number
   default     = null
 }
+
+variable "alb_enable_cross_zone_load_balancing" {
+  description = "Whether cross-zone load balancing is enabled for the load balancer"
+  type        = bool
+  default     = null
+}