-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.tf
111 lines (99 loc) · 4.5 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
variable subnet_ids {} # The AWS Subnet Id to place the lb into
variable resource_tags {} # AWS tags to apply to resources
variable vpc_id {} # The VPC Id
variable apps_domain {} # url used for apps domain
variable system_domain {} # url used for system domain
variable route53_zone_id {} # Route53 zone id
variable security_groups {} # Array of security groups to use
variable apps_acm_arn {} # ACM arn for the apps certificates
variable system_acm_arn {} # ACM arn for the system certificates
variable internal_lb { default = true } # Determine whether the load balancer is internal-only facing
variable enable_route_53 { default = 1 } # Disable if using CloudFlare or other DNS
#################################################################################
# ALB
#################################################################################
resource "aws_lb" "cf_system_app_lb" {
name = "cf-system-apps-lb"
internal = var.internal_lb
load_balancer_type = "application"
subnets = var.subnet_ids
security_groups = var.security_groups
tags = merge({Name = "cf-system-apps-lb"}, var.resource_tags)
}
#################################################################################
# ALB Target Group
#################################################################################
resource "aws_lb_target_group" "cf_system_app_lb_tg" {
name = "cf-system-apps-lb-tg"
port = 443
protocol = "HTTPS"
vpc_id = var.vpc_id
tags = merge({Name = "cf-system-apps-lb-tg"}, var.resource_tags)
health_check {
path = "/health"
port = 8080
protocol = "HTTP"
}
}
#################################################################################
# ALB Target Group Attachment - Removed, should be done with vm_extension
#################################################################################
# data "aws_instances" "cf_router_instances" {
# instance_tags = {
# instance_group = "router"
# }
# }
# resource "aws_lb_target_group_attachment" "cf_system_app_lb_tga" {
# count = length(data.aws_instances.cf_router_instances.ids)
# target_id = data.aws_instances.cf_router_instances.ids[count.index]
# target_group_arn = aws_lb_target_group.cf_system_app_lb_tg.arn
# port = 443
# }
################################################################################
# ALB Listener - System Domain
################################################################################
resource "aws_alb_listener" "cf_system_app_lb_listener" {
load_balancer_arn = aws_lb.cf_system_app_lb.arn
port = "443"
protocol = "HTTPS"
ssl_policy = "ELBSecurityPolicy-TLS-1-2-2017-01"
certificate_arn = var.apps_acm_arn
default_action {
type = "forward"
target_group_arn = aws_lb_target_group.cf_system_app_lb_tg.arn
}
tags = merge({Name = "cf-system-apps-lb-listener-sys"}, var.resource_tags)
}
################################################################################
# ALB Listener Certificate - Apps Domain
# For future self - this is how you map a second domain to a listener
################################################################################
resource "aws_alb_listener_certificate" "lb_listner_apps_crt" {
listener_arn = aws_alb_listener.cf_system_app_lb_listener.arn
certificate_arn = var.system_acm_arn
}
################################################################################
# CF ALB Route53 DNS CNAME Record - System Domain
################################################################################
resource "aws_route53_record" "cf_system_app_lb_record_sys" {
count = var.enable_route_53
zone_id = var.route53_zone_id
name = var.system_domain
type = "CNAME"
ttl = "60"
records = ["${aws_lb.cf_system_app_lb.dns_name}"]
}
################################################################################
# CF ALB Route53 DNS CNAME Record - Apps Domain
################################################################################
resource "aws_route53_record" "cf_system_app_lb_record_apps" {
count = var.enable_route_53
zone_id = var.route53_zone_id
name = var.apps_domain
type = "CNAME"
ttl = "60"
records = ["${aws_lb.cf_system_app_lb.dns_name}"]
}
output "dns_name" {value = aws_lb.cf_system_app_lb.dns_name}
output "lb_name" {value = aws_lb.cf_system_app_lb.name }
output "lb_target_group_name" { value = aws_lb_target_group.cf_system_app_lb_tg.name }