Skip to content

Commit

Permalink
update README.md
Browse files Browse the repository at this point in the history
  • Loading branch information
clouddrove-ci committed Sep 6, 2023
1 parent be8522b commit 1b7b7d1
Showing 1 changed file with 115 additions and 31 deletions.
146 changes: 115 additions & 31 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,8 @@ We have [*fifty plus terraform modules*][terraform_modules]. A few of them are c
## Prerequisites

This module has a few dependencies:
- [Terraform 1.5.3](https://learn.hashicorp.com/terraform/getting-started/install.html)




Expand All @@ -71,15 +73,16 @@ Here are examples of how you can use this module in your inventory structure:
module "alb" {
source = "clouddrove/alb/aws"
version = "1.4.0"
name = "alb"
name = local.name
enable = true
internal = true
load_balancer_type = "application"
instance_count = module.ec2.instance_count
security_groups = [module.ssh.security_group_ids, module.http_https.security_group_ids]
subnets = module.public_subnets.public_subnet_id
target_id = module.ec2.instance_id
vpc_id = module.vpc.vpc_id
allowed_ip = [module.vpc.vpc_cidr_block]
allowed_ports = [3306]
listener_certificate_arn = module.acm.arn
enable_deletion_protection = false
with_target_group = true
Expand All @@ -88,6 +91,34 @@ Here are examples of how you can use this module in your inventory structure:
https_port = 443
listener_type = "forward"
target_group_port = 80
http_tcp_listeners = [
{
port = 80
protocol = "TCP"
target_group_index = 0
},
{
port = 81
protocol = "TCP"
target_group_index = 0
},
]
https_listeners = [
{
port = 443
protocol = "TLS"
target_group_index = 0
certificate_arn = module.acm.arn
},
{
port = 84
protocol = "TLS"
target_group_index = 0
certificate_arn = module.acm.arn
},
]
target_groups = [
{
backend_protocol = "HTTP"
Expand All @@ -107,17 +138,24 @@ Here are examples of how you can use this module in your inventory structure:
}
}
]
}
extra_ssl_certs = [
{
https_listener_index = 0
certificate_arn = module.acm.arn
}
]
}
```

### NLB Example
```hcl
module "nlb" {
source = "clouddrove/alb/aws"
version = "1.4.0"
name = "nlb"
name = local.name
enable = true
internal = true
internal = false
load_balancer_type = "network"
instance_count = module.ec2.instance_count
subnets = module.public_subnets.public_subnet_id
Expand All @@ -131,6 +169,11 @@ Here are examples of how you can use this module in your inventory structure:
protocol = "TCP"
target_group_index = 0
},
{
port = 81
protocol = "TCP"
target_group_index = 0
},
]
target_groups = [
{
Expand All @@ -139,11 +182,26 @@ Here are examples of how you can use this module in your inventory structure:
target_type = "instance"
},
{
backend_protocol = "TLS"
backend_port = 443
backend_protocol = "TCP"
backend_port = 81
target_type = "instance"
},
]
https_listeners = [
{
port = 443
protocol = "TLS"
target_group_index = 0
certificate_arn = module.acm.arn
},
{
port = 84
protocol = "TLS"
target_group_index = 0
certificate_arn = module.acm.arn
},
]
}
```

Expand All @@ -152,36 +210,37 @@ Here are examples of how you can use this module in your inventory structure:
module "clb" {
source = "clouddrove/alb/aws"
version = "1.4.0"
name = "clb"
load_balancer_type = "classic"
clb_enable = true
internal = true
target_id = module.ec2.instance_id
security_groups = [module.ssh.security_group_ids, module.http_https.security_group_ids]
subnets = module.public_subnets.public_subnet_id
with_target_group = true
name = local.name
load_balancer_type = "classic"
clb_enable = true
internal = true
vpc_id = module.vpc.vpc_id
target_id = module.ec2.instance_id
subnets = module.public_subnets.public_subnet_id
with_target_group = true
listeners = [
{
lb_port = 22000
lb_protocol = "TCP"
instance_port = 22000
instance_protocol = "TCP"
ssl_certificate_id = null
lb_port = 22000
lb_protocol = "TCP"
instance_port = 22000
instance_protocol = "TCP"
ssl_certificate_id = null
},
{
lb_port = 4444
lb_protocol = "TCP"
instance_port = 4444
instance_protocol = "TCP"
ssl_certificate_id = null
lb_port = 4444
lb_protocol = "TCP"
instance_port = 4444
instance_protocol = "TCP"
ssl_certificate_id = null
}
]
health_check_target = "TCP:4444"
health_check_timeout = 10
health_check_interval = 30
health_check_unhealthy_threshold = 5
health_check_healthy_threshold = 5
}
}
```


Expand All @@ -193,15 +252,27 @@ Here are examples of how you can use this module in your inventory structure:

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| access\_logs | Access logs Enable or Disable. | `bool` | `false` | no |
| access\_logs | Map containing access logging configuration for load balancer. | `map(string)` | `{}` | no |
| allowed\_ip | List of allowed ip. | `list(any)` | `[]` | no |
| allowed\_ports | List of allowed ingress ports | `list(any)` | `[]` | no |
| cidr\_blocks | equal to 0. The supported values are defined in the IpProtocol argument on the IpPermission API reference | `list(string)` | <pre>[<br> "0.0.0.0/0"<br>]</pre> | no |
| clb\_enable | If true, create clb. | `bool` | `false` | no |
| connection\_draining | TBoolean to enable connection draining. Default: false. | `bool` | `false` | no |
| connection\_draining\_timeout | The time after which connection draining is aborted in seconds. | `number` | `300` | no |
| desync\_mitigation\_mode | Determines how the load balancer handles requests that might pose a security risk to an application due to HTTP desync. | `string` | `"defensive"` | no |
| egress\_protocol | equal to 0. The supported values are defined in the IpProtocol argument on the IpPermission API reference | `number` | `-1` | no |
| egress\_rule | Enable to create egress rule | `bool` | `true` | no |
| enable | If true, create alb. | `bool` | `false` | no |
| enable\_cross\_zone\_load\_balancing | Indicates whether cross zone load balancing should be enabled in application load balancers. | `bool` | `true` | no |
| enable\_deletion\_protection | If true, deletion of the load balancer will be disabled via the AWS API. This will prevent Terraform from deleting the load balancer. Defaults to false. | `bool` | `false` | no |
| enable\_http2 | Indicates whether HTTP/2 is enabled in application load balancers. | `bool` | `true` | no |
| enable\_security\_group | Enable default Security Group with only Egress traffic allowed. | `bool` | `true` | no |
| enable\_tls\_version\_and\_cipher\_suite\_headers | Indicates whether the two headers (x-amzn-tls-version and x-amzn-tls-cipher-suite), which contain information about the negotiated TLS version and cipher suite, are added to the client request before sending it to the target. | `bool` | `false` | no |
| enable\_waf\_fail\_open | Indicates whether to route requests to targets if lb fails to forward the request to AWS WAF | `bool` | `false` | no |
| enable\_xff\_client\_port | Indicates whether the X-Forwarded-For header should preserve the source port that the client used to connect to the load balancer in application load balancers. | `bool` | `true` | no |
| environment | Environment (e.g. `prod`, `dev`, `staging`). | `string` | `"test"` | no |
| extra\_ssl\_certs | A list of maps describing any extra SSL certificates to apply to the HTTPS listeners. Required key/values: certificate\_arn, https\_listener\_index (the index of the listener within https\_listeners which the cert applies toward). | `list(map(string))` | `[]` | no |
| from\_port | (Required) Start port (or ICMP type number if protocol is icmp or icmpv6). | `number` | `0` | no |
| health\_check\_healthy\_threshold | The number of successful health checks before an instance is put into service. | `number` | `10` | no |
| health\_check\_interval | The time between health check attempts in seconds. | `number` | `30` | no |
| health\_check\_target | The target to use for health checks. | `string` | `"TCP:80"` | no |
Expand All @@ -210,14 +281,18 @@ Here are examples of how you can use this module in your inventory structure:
| http\_enabled | A boolean flag to enable/disable HTTP listener. | `bool` | `true` | no |
| http\_listener\_type | The type of routing action. Valid values are forward, redirect, fixed-response, authenticate-cognito and authenticate-oidc. | `string` | `"redirect"` | no |
| http\_port | The port on which the load balancer is listening. like 80 or 443. | `number` | `80` | no |
| http\_tcp\_listeners | A list of maps describing the HTTP listeners for this ALB. Required key/values: port, protocol. Optional key/values: target\_group\_index (defaults to 0) | `list(map(string))` | `[]` | no |
| http\_tcp\_listener\_rules | A list of maps describing the Listener Rules for this ALB. Required key/values: actions, conditions. Optional key/values: priority, http\_tcp\_listener\_index (default to http\_tcp\_listeners[count.index]) | `any` | `[]` | no |
| http\_tcp\_listeners | A list of maps describing the HTTP listeners or TCP ports for this ALB. Required key/values: port, protocol. Optional key/values: target\_group\_index (defaults to http\_tcp\_listeners[count.index]) | `any` | `[]` | no |
| https\_enabled | A boolean flag to enable/disable HTTPS listener. | `bool` | `true` | no |
| https\_listener\_rules | A list of maps describing the Listener Rules for this ALB. Required key/values: actions, conditions. Optional key/values: priority, https\_listener\_index (default to https\_listeners[count.index]) | `any` | `[]` | no |
| https\_listeners | A list of maps describing the HTTPS listeners for this ALB. Required key/values: port, certificate\_arn. Optional key/values: ssl\_policy (defaults to ELBSecurityPolicy-2016-08), target\_group\_index (defaults to 0) | `list(map(string))` | `[]` | no |
| https\_port | The port on which the load balancer is listening. like 80 or 443. | `number` | `443` | no |
| idle\_timeout | The time in seconds that the connection is allowed to be idle. | `number` | `60` | no |
| instance\_count | The count of instances. | `number` | `0` | no |
| internal | If true, the LB will be internal. | `string` | `""` | no |
| ip\_address\_type | The type of IP addresses used by the subnets for your load balancer. The possible values are ipv4 and dualstack. | `string` | `"ipv4"` | no |
| ipv6\_cidr\_blocks | Enable to create egress rule | `list(string)` | <pre>[<br> "::/0"<br>]</pre> | no |
| is\_external | enable to udated existing security Group | `bool` | `false` | no |
| label\_order | Label order, e.g. `name`,`application`. | `list(any)` | <pre>[<br> "name",<br> "environment"<br>]</pre> | no |
| listener\_certificate\_arn | The ARN of the SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. | `string` | `""` | no |
| listener\_https\_fixed\_response | Have the HTTPS listener return a fixed response for the default action. | <pre>object({<br> content_type = string<br> message_body = string<br> status_code = string<br> })</pre> | `null` | no |
Expand All @@ -228,20 +303,27 @@ Here are examples of how you can use this module in your inventory structure:
| load\_balancer\_delete\_timeout | Timeout value when deleting the ALB. | `string` | `"10m"` | no |
| load\_balancer\_type | The type of load balancer to create. Possible values are application or network. The default value is application. | `string` | `""` | no |
| load\_balancer\_update\_timeout | Timeout value when updating the ALB. | `string` | `"10m"` | no |
| log\_bucket\_name | S3 bucket (externally created) for storing load balancer access logs. Required if logging\_enabled is true. | `string` | `""` | no |
| managedby | ManagedBy, eg 'CloudDrove'. | `string` | `"[email protected]"` | no |
| name | Name (e.g. `app` or `cluster`). | `string` | `""` | no |
| preserve\_host\_header | Indicates whether Host header should be preserve and forward to targets without any change. Defaults to false. | `bool` | `false` | no |
| protocol | The protocol. If not icmp, tcp, udp, or all use the. | `string` | `"tcp"` | no |
| repository | Terraform current module repo | `string` | `"https://github.com/clouddrove/terraform-aws-alb"` | no |
| security\_groups | A list of security group IDs to assign to the LB. Only valid for Load Balancers of type application. | `list(any)` | `[]` | no |
| sg\_description | The security group description. | `string` | `"Instance default security group (only egress access is allowed)."` | no |
| sg\_egress\_description | Description of the egress and ingress rule | `string` | `"Description of the rule."` | no |
| sg\_egress\_ipv6\_description | Description of the egress\_ipv6 rule | `string` | `"Description of the rule."` | no |
| sg\_ids | of the security group id. | `list(any)` | `[]` | no |
| sg\_ingress\_description | Description of the ingress rule | `string` | `"Description of the ingress rule use elasticache."` | no |
| ssl\_policy | Name of the SSL Policy for the listener. Required if protocol is HTTPS or TLS. | `string` | `"ELBSecurityPolicy-TLS-1-2-2017-01"` | no |
| status\_code | The HTTP redirect code. The redirect is either permanent (HTTP\_301) or temporary (HTTP\_302). | `string` | `"HTTP_301"` | no |
| subnet\_mapping | A list of subnet mapping blocks describing subnets to attach to network load balancer | `list(map(string))` | `[]` | no |
| subnets | A list of subnet IDs to attach to the LB. Subnets cannot be updated for Load Balancers of type network. Changing this value will for load balancers of type network will force a recreation of the resource. | `list(any)` | `[]` | no |
| target\_group\_port | The port on which targets receive traffic, unless overridden when registering a specific target. | `string` | `80` | no |
| target\_groups | A list of maps containing key/value pairs that define the target groups to be created. Order of these maps is important and the index of these are to be referenced in listener definitions. Required key/values: name, backend\_protocol, backend\_port. Optional key/values are in the target\_groups\_defaults variable. | `any` | `[]` | no |
| target\_id | The ID of the target. This is the Instance ID for an instance, or the container ID for an ECS container. If the target type is ip, specify an IP address. | `list(any)` | n/a | yes |
| target\_type | The type of target that you must specify when registering targets with this target group. | `string` | `""` | no |
| to\_port | equal to 0. The supported values are defined in the IpProtocol argument on the IpPermission API reference | `number` | `65535` | no |
| vpc\_id | The identifier of the VPC in which to create the target group. | `string` | `""` | no |
| with\_target\_group | Create LoadBlancer without target group | `bool` | `true` | no |
| xff\_header\_processing\_mode | Determines how the load balancer modifies the X-Forwarded-For header in the HTTP request before sending the request to the target. | `string` | `"append"` | no |

## Outputs

Expand All @@ -258,6 +340,8 @@ Here are examples of how you can use this module in your inventory structure:
| listener\_arns | A list of all the listener ARNs. |
| main\_target\_group\_arn | The main target group ARN. |
| name | The ARN suffix of the ALB. |
| security\_group\_arn | Amazon Resource Name (ARN) of the security group |
| security\_group\_id | ID of the security group |
| tags | A mapping of tags to assign to the resource. |
| zone\_id | The ID of the zone which ALB is provisioned. |

Expand Down

0 comments on commit 1b7b7d1

Please sign in to comment.