From 31ed3e6948537e21577b1ca2b210347c14c4c2f7 Mon Sep 17 00:00:00 2001 From: Andrew Grangaard Date: Wed, 25 Oct 2023 06:39:35 -0700 Subject: [PATCH 1/2] Fixes #134 - Skips http_forward when aws_lb_target_group.default is disabled MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * disables aws_lb_listener.http_forward when default_target_group is not enabled * target_group is required when type is 'redirect' Fixes this Validation error when default_target_group_enabled == 0 : ``` module.alb.aws_lb_listener.http_forward[0]: Creating... ╷ │ Error: creating ELBv2 Listener (arn:aws:elasticloadbalancing:...:...:loadbalancer/...): ValidationError: A target group ARN must be specified │ status code: 400, request id: 7cf9d727-fc77-4d32-a160-cbd175e16e20 │ │ with module.alb.aws_lb_listener.http_forward[0], │ on .terraform/modules/alb/main.tf line 150, in resource "aws_lb_listener" "http_forward": │ 150: resource "aws_lb_listener" "http_forward" { ``` --- main.tf | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 856b5e5..5983528 100644 --- a/main.tf +++ b/main.tf @@ -165,13 +165,20 @@ resource "aws_lb_target_group" "default" { resource "aws_lb_listener" "http_forward" { #bridgecrew:skip=BC_AWS_GENERAL_43 - Skipping Ensure that load balancer is using TLS 1.2. #bridgecrew:skip=BC_AWS_NETWORKING_29 - Skipping Ensure ALB Protocol is HTTPS - count = module.this.enabled && var.http_enabled && var.http_redirect != true ? 1 : 0 + count = ( + module.this.enabled && + var.http_enabled && + var.http_redirect != true && + (var.listener_http_fixed_response != null || var.default_target_group_enabled) + ? 1 : 0 + ) load_balancer_arn = one(aws_lb.default[*].arn) port = var.http_port protocol = "HTTP" tags = merge(module.this.tags, var.listener_additional_tags) default_action { + # target_group_arn is required when type is forward target_group_arn = var.listener_http_fixed_response != null ? null : one(aws_lb_target_group.default[*].arn) type = var.listener_http_fixed_response != null ? "fixed-response" : "forward" From a3d75dab455a55710eb42fdfb9c76e493d9d2088 Mon Sep 17 00:00:00 2001 From: Andrew Grangaard Date: Tue, 21 Jan 2025 01:18:28 +0000 Subject: [PATCH 2/2] regenerate docs with `make init readme` --- docs/terraform.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/terraform.md b/docs/terraform.md index 9f7f99e..d001fe1 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -81,7 +81,7 @@ | [https\_ingress\_cidr\_blocks](#input\_https\_ingress\_cidr\_blocks) | List of CIDR blocks to allow in HTTPS security group | `list(string)` | 
[
  "0.0.0.0/0",
  "::/0"
]
| no | | [https\_ingress\_prefix\_list\_ids](#input\_https\_ingress\_prefix\_list\_ids) | List of prefix list IDs for allowing access to HTTPS ingress security group | `list(string)` | `[]` | no | | [https\_port](#input\_https\_port) | The port for the HTTPS listener | `number` | `443` | no | -| [https\_ssl\_policy](#input\_https\_ssl\_policy) | The name of the SSL Policy for the listener | `string` | `"ELBSecurityPolicy-2015-05"` | no | +| [https\_ssl\_policy](#input\_https\_ssl\_policy) | The name of the SSL Policy for the listener | `string` | `"ELBSecurityPolicy-TLS13-1-2-2021-06"` | no | | [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for keep the existing setting, which defaults to `0`.
Does not affect `id_full`. | `number` | `null` | no | | [idle\_timeout](#input\_idle\_timeout) | The time in seconds that the connection is allowed to be idle | `number` | `60` | no | | [internal](#input\_internal) | A boolean flag to determine whether the ALB should be internal | `bool` | `false` | no |