From 76984f52d4e3ac7ca82fafe36897282b567b6dcf Mon Sep 17 00:00:00 2001 From: Brandon O'Connor Date: Wed, 8 Mar 2017 18:10:05 -0800 Subject: [PATCH] tf template is now functional; --- README.md | 8 +-- example/main.tf | 8 +-- example/variables.tf | 2 +- main.tf | 115 +++++++++++++------------------------------ outputs.tf | 14 ++++-- variables.tf | 15 +++--- 6 files changed, 58 insertions(+), 104 deletions(-) diff --git a/README.md b/README.md index b54540e..7d7dbed 100644 --- a/README.md +++ b/README.md @@ -34,9 +34,9 @@ For an example of using ALB with ECS look no further than the [hashicorp example - `alb_id` ## Usage example: -A full example set is contained in the [examples directory](examples/). Here's the gist: -1. Set the input variables from above in [variables.tf](examples/variables.tf). -2. Define the ALB module using the following in your [main.tf](examples/main.tf): +A full example set is contained in the [example directory](example/). Here's the gist: +1. Set the input variables from above in [variables.tf](example/variables.tf). +2. Define the ALB module using the following in your [main.tf](example/main.tf): ``` module "my_web_alb" { source = "github.com/brandoconnor/tf_aws_alb" @@ -73,4 +73,4 @@ The [Change log](CHANGELOG.md) captures all important release notes. Created and maintained by [Brandon O'Connor](https://github.com/brandoconnor) - brandoconnor@gmail.com. ## License -MIT Licensed. See [LICENSE](LICENSE.md) for full details. +MIT Licensed. See [LICENSE](LICENSE) for full details. diff --git a/example/main.tf b/example/main.tf index ae6eb43..22982f6 100644 --- a/example/main.tf +++ b/example/main.tf @@ -1,6 +1,5 @@ module "external_alb" { - /*source = "github.com/brandoconnor/tf_aws_alb"*/ - source = "../" + source = "github.com/brandoconnor/tf_aws_alb" alb_name = "${var.alb_name}" backend_port = "${var.instance_port}" backend_protocol = "${var.instance_protocol}" @@ -8,6 +7,7 @@ module "external_alb" { alb_security_groups = "${join(",", var.security_group_id_list)}" log_bucket = "${var.log_bucket_name}-${var.aws_region}" log_prefix = "${var.log_prefix}" - ssl_certificate_id = "${var.ssl_cert_arn}" - subnet_azs = "${join(",", var.public_subnet_ids)}" + certificate_arn = "${var.certificate_arn}" + subnets = "${join(",", var.public_subnet_ids)}" + vpc_id = "${var.vpc_id}" } diff --git a/example/variables.tf b/example/variables.tf index 5bb5772..550f4ef 100644 --- a/example/variables.tf +++ b/example/variables.tf @@ -14,7 +14,7 @@ variable "alb_security_groups" { default = ["sg-edcd9784", "sg-edcd9785"] } -variable "ssl_certificate_id" { +variable "certificate_arn" { default = "arn:aws:iam::123456789012:server-certificate/ProdServerCert" } diff --git a/main.tf b/main.tf index 86631a8..303fec8 100644 --- a/main.tf +++ b/main.tf @@ -1,89 +1,56 @@ -### Configure the provider - -provider "aws" { - access_key = "${var.aws_access_key}" - secret_key = "${var.aws_secret_key}" - region = "${var.aws_region}" -} - ### ALB resources -resource "aws_alb_target_group" "test" { - name = "tf-example-ecs-ghost" - port = 80 - protocol = "HTTP" - vpc_id = "${aws_vpc.main.id}" -} +# TODO: +# need health check +# internal or external +# with logging or without logging (perhaps even submodule locally?) resource "aws_alb" "main" { - name = "tf-example-alb-ecs" - subnets = ["${aws_subnet.main.*.id}"] - security_groups = ["${aws_security_group.lb_sg.id}"] + name = "${var.alb_name}" + subnets = ["${split(",", var.subnets)}"] + security_groups = ["${split(",", var.alb_security_groups)}"] + + /* + access_logs { + bucket = "${var.log_bucket}" + prefix = "${var.log_prefix}" + }*/ + count = 1 } -resource "aws_alb_listener" "front_end" { +resource "aws_alb_target_group" "target_group" { + name = "${var.alb_name}-tg" + port = "${var.backend_port}" + protocol = "${upper(var.backend_protocol)}" + vpc_id = "${var.vpc_id}" +} + +# add listeners using count based on http/https vars +resource "aws_alb_listener" "front_end_http" { load_balancer_arn = "${aws_alb.main.id}" port = "80" protocol = "HTTP" default_action { - target_group_arn = "${aws_alb_target_group.test.id}" + target_group_arn = "${aws_alb_target_group.target_group.id}" type = "forward" } } -### Security - -resource "aws_security_group" "lb_sg" { - description = "controls access to the application ELB" - - vpc_id = "${aws_vpc.main.id}" - name = "tf-ecs-lbsg" - - ingress { - protocol = "tcp" - from_port = 80 - to_port = 80 - cidr_blocks = ["0.0.0.0/0"] - } - - egress { - from_port = 0 - to_port = 0 - protocol = "-1" - - cidr_blocks = [ - "0.0.0.0/0", - ] - } -} - -resource "aws_security_group" "instance_sg" { - description = "Controls direct access to application instances." - vpc_id = "${aws_vpc.main.id}" - name = "${var.alb_name}-sg" - - ingress { - protocol = "tcp" - from_port = "${var.backend_port}" - to_port = "${var.backend_port}" - - security_groups = [ - "${aws_security_group.alb_sg.id}", - ] - } +resource "aws_alb_listener" "front_end_https" { + load_balancer_arn = "${aws_alb.main.id}" + port = "443" + protocol = "HTTPS" + certificate_arn = "${var.certificate_arn}" + ssl_policy = "ELBSecurityPolicy-2015-05" - egress { - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] + default_action { + target_group_arn = "${aws_alb_target_group.target_group.id}" + type = "forward" } } /* -### ELB - resource "aws_elb" "elb" { name = "${var.elb_name}" subnets = ["${split(",", var.subnet_azs)}"] @@ -96,21 +63,6 @@ resource "aws_elb" "elb" { interval = 5 } - listener { - instance_port = "${var.backend_port}" - instance_protocol = "${var.backend_protocol}" - lb_port = 443 - lb_protocol = "https" - ssl_certificate_id = "${var.ssl_certificate_id}" - } - - listener { - instance_port = "${var.backend_port}" - instance_protocol = "${var.backend_protocol}" - lb_port = 80 - lb_protocol = "http" - } - health_check { healthy_threshold = 2 unhealthy_threshold = 2 @@ -147,3 +99,4 @@ resource "aws_lb_cookie_stickiness_policy" "https_stickiness" { depends_on = ["aws_elb.elb"] } */ + diff --git a/outputs.tf b/outputs.tf index 9a97c1c..b8eb752 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,11 +1,15 @@ output "alb_id" { - value = "${aws_alb.alb.id}" + value = "${aws_alb.main.id}" } -output "alb_name" { - value = "${aws_alb.alb.name}" +output "alb_dns_name" { + value = "${aws_alb.main.dns_name}" } -output "alb_dns_name" { - value = "${aws_alb.alb.dns_name}" +output "alb_zone_id" { + value = "${aws_alb.main.zone_id}" +} + +output "target_group_arn" { + value = "${aws_alb_target_group.target_group.arn}" } diff --git a/variables.tf b/variables.tf index 1604aa2..4ff58fc 100644 --- a/variables.tf +++ b/variables.tf @@ -1,11 +1,3 @@ -/* -Provider variables -*/ -variable "aws_access_key" {} - -variable "aws_secret_key" {} -variable "aws_region" {} - /* Module variables */ @@ -18,7 +10,7 @@ variable "alb_security_groups" { description = "A comma separated string of security groups with which we associate the ALB. e.g. 'sg-edcd9784,sg-edcd9785'" } -variable "ssl_certificate_id" { +variable "certificate_arn" { description = "The ARN of the SSL Certificate. e.g. 'arn:aws:iam::123456789012:server-certificate/ProdServerCert'" } @@ -38,6 +30,10 @@ variable "health_check_target" { description = "The URL the ELB should use for health checks. e.g. HTTPS:443/health" } +variable "vpc_id" { + description = "" +} + variable "log_bucket" { default = "" } @@ -52,3 +48,4 @@ variable "alb_is_internal" { default = false } */ +