tf template is now functional;

terraform-community-modules · Mar 9, 2017 · 76984f5 · 76984f5
1 parent ce4634b
commit 76984f5
Show file tree

Hide file tree

Showing 6 changed files with 58 additions and 104 deletions.
diff --git a/README.md b/README.md
@@ -34,9 +34,9 @@ For an example of using ALB with ECS look no further than the [hashicorp example
 - `alb_id`
 
 ## Usage example:
-A full example set is contained in the [examples directory](examples/). Here's the gist:
-1. Set the input variables from above in [variables.tf](examples/variables.tf).
-2. Define the ALB module using the following in your [main.tf](examples/main.tf):
+A full example set is contained in the [example directory](example/). Here's the gist:
+1. Set the input variables from above in [variables.tf](example/variables.tf).
+2. Define the ALB module using the following in your [main.tf](example/main.tf):
 ```
 module "my_web_alb" {
   source = "github.com/brandoconnor/tf_aws_alb"
@@ -73,4 +73,4 @@ The [Change log](CHANGELOG.md) captures all important release notes.
 Created and maintained by [Brandon O'Connor](https://github.com/brandoconnor) - [email protected].
 
 ## License
-MIT Licensed. See [LICENSE](LICENSE.md) for full details.
+MIT Licensed. See [LICENSE](LICENSE) for full details.
diff --git a/example/main.tf b/example/main.tf
@@ -1,13 +1,13 @@
 module "external_alb" {
-  /*source              = "github.com/brandoconnor/tf_aws_alb"*/
-  source              = "../"
+  source              = "github.com/brandoconnor/tf_aws_alb"
   alb_name            = "${var.alb_name}"
   backend_port        = "${var.instance_port}"
   backend_protocol    = "${var.instance_protocol}"
   health_check_target = "${var.health_check_target}"
   alb_security_groups = "${join(",", var.security_group_id_list)}"
   log_bucket          = "${var.log_bucket_name}-${var.aws_region}"
   log_prefix          = "${var.log_prefix}"
-  ssl_certificate_id  = "${var.ssl_cert_arn}"
-  subnet_azs          = "${join(",", var.public_subnet_ids)}"
+  certificate_arn     = "${var.certificate_arn}"
+  subnets             = "${join(",", var.public_subnet_ids)}"
+  vpc_id              = "${var.vpc_id}"
 }
diff --git a/example/variables.tf b/example/variables.tf
@@ -14,7 +14,7 @@ variable "alb_security_groups" {
   default = ["sg-edcd9784", "sg-edcd9785"]
 }
 
-variable "ssl_certificate_id" {
+variable "certificate_arn" {
   default = "arn:aws:iam::123456789012:server-certificate/ProdServerCert"
 }
 

diff --git a/main.tf b/main.tf
@@ -1,89 +1,56 @@
-### Configure the provider
-
-provider "aws" {
-  access_key = "${var.aws_access_key}"
-  secret_key = "${var.aws_secret_key}"
-  region     = "${var.aws_region}"
-}
-
 ### ALB resources
 
-resource "aws_alb_target_group" "test" {
-  name     = "tf-example-ecs-ghost"
-  port     = 80
-  protocol = "HTTP"
-  vpc_id   = "${aws_vpc.main.id}"
-}
+# TODO:
+# need health check
+# internal or external
+# with logging or without logging (perhaps even submodule locally?)
 
 resource "aws_alb" "main" {
-  name            = "tf-example-alb-ecs"
-  subnets         = ["${aws_subnet.main.*.id}"]
-  security_groups = ["${aws_security_group.lb_sg.id}"]
+  name            = "${var.alb_name}"
+  subnets         = ["${split(",", var.subnets)}"]
+  security_groups = ["${split(",", var.alb_security_groups)}"]
+
+  /*
+      access_logs {
+        bucket        = "${var.log_bucket}"
+        prefix = "${var.log_prefix}"
+      }*/
+  count = 1
 }
 
-resource "aws_alb_listener" "front_end" {
+resource "aws_alb_target_group" "target_group" {
+  name     = "${var.alb_name}-tg"
+  port     = "${var.backend_port}"
+  protocol = "${upper(var.backend_protocol)}"
+  vpc_id   = "${var.vpc_id}"
+}
+
+# add listeners using count based on http/https vars
+resource "aws_alb_listener" "front_end_http" {
   load_balancer_arn = "${aws_alb.main.id}"
   port              = "80"
   protocol          = "HTTP"
 
   default_action {
-    target_group_arn = "${aws_alb_target_group.test.id}"
+    target_group_arn = "${aws_alb_target_group.target_group.id}"
     type             = "forward"
   }
 }
 
-### Security
-
-resource "aws_security_group" "lb_sg" {
-  description = "controls access to the application ELB"
-
-  vpc_id = "${aws_vpc.main.id}"
-  name   = "tf-ecs-lbsg"
-
-  ingress {
-    protocol    = "tcp"
-    from_port   = 80
-    to_port     = 80
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-
-  egress {
-    from_port = 0
-    to_port   = 0
-    protocol  = "-1"
-
-    cidr_blocks = [
-      "0.0.0.0/0",
-    ]
-  }
-}
-
-resource "aws_security_group" "instance_sg" {
-  description = "Controls direct access to application instances."
-  vpc_id      = "${aws_vpc.main.id}"
-  name        = "${var.alb_name}-sg"
-
-  ingress {
-    protocol  = "tcp"
-    from_port = "${var.backend_port}"
-    to_port   = "${var.backend_port}"
-
-    security_groups = [
-      "${aws_security_group.alb_sg.id}",
-    ]
-  }
+resource "aws_alb_listener" "front_end_https" {
+  load_balancer_arn = "${aws_alb.main.id}"
+  port              = "443"
+  protocol          = "HTTPS"
+  certificate_arn   = "${var.certificate_arn}"
+  ssl_policy        = "ELBSecurityPolicy-2015-05"
 
-  egress {
-    from_port   = 0
-    to_port     = 0
-    protocol    = "-1"
-    cidr_blocks = ["0.0.0.0/0"]
+  default_action {
+    target_group_arn = "${aws_alb_target_group.target_group.id}"
+    type             = "forward"
   }
 }
 
 /*
-### ELB
-
 resource "aws_elb" "elb" {
   name            = "${var.elb_name}"
   subnets         = ["${split(",", var.subnet_azs)}"]
@@ -96,21 +63,6 @@ resource "aws_elb" "elb" {
     interval      = 5
   }
 
-  listener {
-    instance_port      = "${var.backend_port}"
-    instance_protocol  = "${var.backend_protocol}"
-    lb_port            = 443
-    lb_protocol        = "https"
-    ssl_certificate_id = "${var.ssl_certificate_id}"
-  }
-
-  listener {
-    instance_port     = "${var.backend_port}"
-    instance_protocol = "${var.backend_protocol}"
-    lb_port           = 80
-    lb_protocol       = "http"
-  }
-
   health_check {
     healthy_threshold   = 2
     unhealthy_threshold = 2
@@ -147,3 +99,4 @@ resource "aws_lb_cookie_stickiness_policy" "https_stickiness" {
   depends_on               = ["aws_elb.elb"]
 }
 */
+
diff --git a/outputs.tf b/outputs.tf
@@ -1,11 +1,15 @@
 output "alb_id" {
-  value = "${aws_alb.alb.id}"
+  value = "${aws_alb.main.id}"
 }
 
-output "alb_name" {
-  value = "${aws_alb.alb.name}"
+output "alb_dns_name" {
+  value = "${aws_alb.main.dns_name}"
 }
 
-output "alb_dns_name" {
-  value = "${aws_alb.alb.dns_name}"
+output "alb_zone_id" {
+  value = "${aws_alb.main.zone_id}"
+}
+
+output "target_group_arn" {
+  value = "${aws_alb_target_group.target_group.arn}"
 }
diff --git a/variables.tf b/variables.tf
@@ -1,11 +1,3 @@
-/*
-Provider variables
-*/
-variable "aws_access_key" {}
-
-variable "aws_secret_key" {}
-variable "aws_region" {}
-
 /*
 Module variables
 */
@@ -18,7 +10,7 @@ variable "alb_security_groups" {
   description = "A comma separated string of security groups with which we associate the ALB. e.g. 'sg-edcd9784,sg-edcd9785'"
 }
 
-variable "ssl_certificate_id" {
+variable "certificate_arn" {
   description = "The ARN of the SSL Certificate. e.g. 'arn:aws:iam::123456789012:server-certificate/ProdServerCert'"
 }
 
@@ -38,6 +30,10 @@ variable "health_check_target" {
   description = "The URL the ELB should use for health checks. e.g. HTTPS:443/health"
 }
 
+variable "vpc_id" {
+  description = ""
+}
+
 variable "log_bucket" {
   default = ""
 }
@@ -52,3 +48,4 @@ variable "alb_is_internal" {
   default = false
 }
 */
+