diff --git a/README.md b/README.md index 52f06df..3640e0d 100644 --- a/README.md +++ b/README.md @@ -7,8 +7,8 @@ Balancer (ALB/NLB). Available through the [terraform registry](https://registry. | Branch | Build status | | --- | --- | -| master | [![CircleCI](https://circleci.com/gh/devops-workflow/terraform-aws-alb.svg?style=svg)](https://circleci.com/gh/devops-workflow/terraform-aws-alb) | -| master | [![TravisCI](https://travis-ci.org/terraform-aws-modules/terraform-aws-alb.svg?branch=master)](https://travis-ci.org/terraform-aws-modules/terraform-aws-alb) | +| master | [![CircleCI](https://circleci.com/gh/devops-workflow/terraform-aws-lb.svg?style=svg)](https://circleci.com/gh/devops-workflow/terraform-aws-lb) | +| master (upstream) | [![TravisCI](https://travis-ci.org/terraform-aws-modules/terraform-aws-alb.svg?branch=master)](https://travis-ci.org/terraform-aws-modules/terraform-aws-alb) | ## Assumptions * You want to create a set of resources for the ALB: namely an associated target group and listener. diff --git a/examples/disabled/README.md b/examples/disabled/README.md new file mode 100644 index 0000000..7242527 --- /dev/null +++ b/examples/disabled/README.md @@ -0,0 +1 @@ +# Module disabled diff --git a/examples/disabled/main.tf b/examples/disabled/main.tf new file mode 100644 index 0000000..05e3ef2 --- /dev/null +++ b/examples/disabled/main.tf @@ -0,0 +1,41 @@ +data "aws_vpc" "vpc" { + tags { + Env = "one" + } +} + +# Look up security group +data "aws_subnet_ids" "public_subnet_ids" { + vpc_id = "${data.aws_vpc.vpc.id}" + + tags { + Network = "Public" + } +} + +data "aws_subnet_ids" "private_subnet_ids" { + vpc_id = "${data.aws_vpc.vpc.id}" + + tags { + Network = "Private" + } +} + +module "disabled" { + source = "../../" + name = "lb-disabled" + environment = "one" + organization = "wiser" + enabled = false + instance_http_ports = "80,8080" + instance_https_ports = "443" + instance_tcp_ports = "" + lb_http_ports = "80,8080" + lb_https_ports = "443" + lb_protocols = ["HTTP", "HTTPS"] + lb_tcp_ports = "" + ports = "3000,4000" + security_groups = ["sg-bef0a5c2"] # Need at least 1 + subnets = "${data.aws_subnet_ids.private_subnet_ids.ids}" + vpc_id = "${data.aws_vpc.vpc.id}" +} diff --git a/examples/disabled/outputs.tf b/examples/disabled/outputs.tf new file mode 100644 index 0000000..efc3e64 --- /dev/null +++ b/examples/disabled/outputs.tf @@ -0,0 +1,122 @@ +// +// LB attributes +// +output "arn" { + description = "ARN of the LB itself. Useful for debug output, for example when attaching a WAF." + value = "${module.disabled.arn}" +} + +output "dns_name" { + description = "The DNS name of the LB presumably to be used with a friendlier CNAME." + value = "${module.disabled.dns_name}" +} + +output "id" { + description = "The ID of the LB we created." + value = "${module.disabled.id}" +} + +output "zone_id" { + description = "The zone_id of the LB to assist with creating DNS records." + value = "${module.disabled.zone_id}" +} + +# arn_suffix +# canonical_hosted_zone_id + +// +// LB Listener attributes +// +output "listener_http_arns" { + description = "The ARNs of the HTTP LB Listeners" + value = "${module.disabled.listener_http_arns}" +} + +output "listener_http_ids" { + description = "The IDs of the HTTP LB Listeners" + value = "${module.disabled.listener_http_ids}" +} + +output "listener_https_arns" { + description = "The ARNs of the HTTPS LB Listeners" + value = "${module.disabled.listener_https_arns}" +} + +output "listener_https_ids" { + description = "The IDs of the HTTPS LB Listeners" + value = "${module.disabled.listener_https_ids}" +} + +output "listener_tcp_arns" { + description = "The ARNs of the network TCP LB Listeners" + value = "${module.disabled.listener_tcp_arns}" +} + +output "listener_tcp_ids" { + description = "The IDs of the network TCP LB Listeners" + value = "${module.disabled.listener_tcp_ids}" +} + +output "listener_arns" { + description = "ARNs of all the LB Listeners" + value = "${module.disabled.listener_arns}" +} + +output "listener_ids" { + description = "IDs of all the LB Listeners" + value = "${module.disabled.listener_ids}" +} + +// +// LB Target Group attributes +// +output "target_group_http_arns" { + description = "ARNs of the HTTP target groups. Useful for passing to your Auto Scaling group module." + value = "${module.disabled.target_group_http_arns}" +} + +output "target_group_https_arns" { + description = "ARNs of the HTTPS target groups. Useful for passing to your Auto Scaling group module." + value = "${module.disabled.target_group_https_arns}" +} + +output "target_group_tcp_arns" { + description = "ARNs of the TCP target groups. Useful for passing to your Auto Scaling group module." + value = "${module.disabled.target_group_tcp_arns}" +} + +output "target_group_arns" { + description = "ARNs of all the target groups. Useful for passing to your Auto Scaling group module." + value = "${module.disabled.target_group_arns}" +} + +output "target_group_http_ids" { + description = "IDs of the HTTP target groups" + value = "${module.disabled.target_group_http_ids}" +} + +output "target_group_https_ids" { + description = "IDs of the HTTPS target groups" + value = "${module.disabled.target_group_https_ids}" +} + +output "target_group_tcp_ids" { + description = "IDs of the TCP target groups" + value = "${module.disabled.target_group_tcp_ids}" +} + +output "target_group_ids" { + description = "IDs of all the target groups" + value = "${module.disabled.target_group_ids}" +} + +# arn_suffix +# name + +// +// Misc +// +output "principal_account_id" { + description = "The AWS-owned account given permissions to write your LB logs to S3." + value = "${module.disabled.principal_account_id}" +} diff --git a/test/providers.tf b/examples/disabled/providers.tf similarity index 100% rename from test/providers.tf rename to examples/disabled/providers.tf diff --git a/test/variables.tf b/examples/disabled/variables.tf similarity index 100% rename from test/variables.tf rename to examples/disabled/variables.tf diff --git a/examples/http/README.md b/examples/http/README.md new file mode 100644 index 0000000..3dbede5 --- /dev/null +++ b/examples/http/README.md @@ -0,0 +1 @@ +# ALB using HTTP diff --git a/examples/http/main.tf b/examples/http/main.tf new file mode 100644 index 0000000..f5740ee --- /dev/null +++ b/examples/http/main.tf @@ -0,0 +1,44 @@ +data "aws_vpc" "vpc" { + tags { + Env = "one" + } +} + +# Look up security group +data "aws_subnet_ids" "public_subnet_ids" { + vpc_id = "${data.aws_vpc.vpc.id}" + + tags { + Network = "Public" + } +} + +data "aws_subnet_ids" "private_subnet_ids" { + vpc_id = "${data.aws_vpc.vpc.id}" + + tags { + Network = "Private" + } +} + +module "lb-http" { + source = "../../" + name = "lb-http" + environment = "one" + organization = "wiser" + + #enable_deletion_protection = true + #enable_http2 = false + instance_http_ports = "80,8080" + + instance_https_ports = "" + instance_tcp_ports = "" + lb_http_ports = "80,8080" + lb_https_ports = "" + lb_protocols = ["HTTP"] + lb_tcp_ports = "" + ports = "3000,4000" + security_groups = ["sg-bef0a5c2"] # Need at least 1 + subnets = "${data.aws_subnet_ids.private_subnet_ids.ids}" + vpc_id = "${data.aws_vpc.vpc.id}" +} diff --git a/examples/http/outputs.tf b/examples/http/outputs.tf new file mode 100644 index 0000000..400646b --- /dev/null +++ b/examples/http/outputs.tf @@ -0,0 +1,122 @@ +// +// LB attributes +// +output "arn" { + description = "ARN of the LB itself. Useful for debug output, for example when attaching a WAF." + value = "${module.lb-http.arn}" +} + +output "dns_name" { + description = "The DNS name of the LB presumably to be used with a friendlier CNAME." + value = "${module.lb-http.dns_name}" +} + +output "id" { + description = "The ID of the LB we created." + value = "${module.lb-http.id}" +} + +output "zone_id" { + description = "The zone_id of the LB to assist with creating DNS records." + value = "${module.lb-http.zone_id}" +} + +# arn_suffix +# canonical_hosted_zone_id + +// +// LB Listener attributes +// +output "listener_http_arns" { + description = "The ARNs of the HTTP LB Listeners" + value = "${module.lb-http.listener_http_arns}" +} + +output "listener_http_ids" { + description = "The IDs of the HTTP LB Listeners" + value = "${module.lb-http.listener_http_ids}" +} + +output "listener_https_arns" { + description = "The ARNs of the HTTPS LB Listeners" + value = "${module.lb-http.listener_https_arns}" +} + +output "listener_https_ids" { + description = "The IDs of the HTTPS LB Listeners" + value = "${module.lb-http.listener_https_ids}" +} + +output "listener_tcp_arns" { + description = "The ARNs of the network TCP LB Listeners" + value = "${module.lb-http.listener_tcp_arns}" +} + +output "listener_tcp_ids" { + description = "The IDs of the network TCP LB Listeners" + value = "${module.lb-http.listener_tcp_ids}" +} + +output "listener_arns" { + description = "ARNs of all the LB Listeners" + value = "${module.lb-http.listener_arns}" +} + +output "listener_ids" { + description = "IDs of all the LB Listeners" + value = "${module.lb-http.listener_ids}" +} + +// +// LB Target Group attributes +// +output "target_group_http_arns" { + description = "ARNs of the HTTP target groups. Useful for passing to your Auto Scaling group module." + value = "${module.lb-http.target_group_http_arns}" +} + +output "target_group_https_arns" { + description = "ARNs of the HTTPS target groups. Useful for passing to your Auto Scaling group module." + value = "${module.lb-http.target_group_https_arns}" +} + +output "target_group_tcp_arns" { + description = "ARNs of the TCP target groups. Useful for passing to your Auto Scaling group module." + value = "${module.lb-http.target_group_tcp_arns}" +} + +output "target_group_arns" { + description = "ARNs of all the target groups. Useful for passing to your Auto Scaling group module." + value = "${module.lb-http.target_group_arns}" +} + +output "target_group_http_ids" { + description = "IDs of the HTTP target groups" + value = "${module.lb-http.target_group_http_ids}" +} + +output "target_group_https_ids" { + description = "IDs of the HTTPS target groups" + value = "${module.lb-http.target_group_https_ids}" +} + +output "target_group_tcp_ids" { + description = "IDs of the TCP target groups" + value = "${module.lb-http.target_group_tcp_ids}" +} + +output "target_group_ids" { + description = "IDs of all the target groups" + value = "${module.lb-http.target_group_ids}" +} + +# arn_suffix +# name + +// +// Misc +// +output "principal_account_id" { + description = "The AWS-owned account given permissions to write your LB logs to S3." + value = "${module.lb-http.principal_account_id}" +} diff --git a/examples/http/providers.tf b/examples/http/providers.tf new file mode 100644 index 0000000..b8652bf --- /dev/null +++ b/examples/http/providers.tf @@ -0,0 +1,5 @@ +provider "aws" { + region = "${var.region}" + + #version = "1.5" +} diff --git a/examples/http/variables.tf b/examples/http/variables.tf new file mode 100644 index 0000000..81b8dbe --- /dev/null +++ b/examples/http/variables.tf @@ -0,0 +1,3 @@ +variable "region" { + default = "us-west-2" +} diff --git a/examples/https/README.md b/examples/https/README.md new file mode 100644 index 0000000..5ac67b7 --- /dev/null +++ b/examples/https/README.md @@ -0,0 +1 @@ +# ALB using HTTPS diff --git a/examples/https/main.tf b/examples/https/main.tf new file mode 100644 index 0000000..9cd6ce8 --- /dev/null +++ b/examples/https/main.tf @@ -0,0 +1,41 @@ +data "aws_vpc" "vpc" { + tags { + Env = "one" + } +} + +# Look up security group +data "aws_subnet_ids" "public_subnet_ids" { + vpc_id = "${data.aws_vpc.vpc.id}" + + tags { + Network = "Public" + } +} + +data "aws_subnet_ids" "private_subnet_ids" { + vpc_id = "${data.aws_vpc.vpc.id}" + + tags { + Network = "Private" + } +} + +module "lb-https" { + source = "../../" + name = "lb-https" + environment = "one" + organization = "wiser" + instance_http_ports = "" + instance_https_ports = "443,8443" + instance_tcp_ports = "" + internal = false # PUBLIC + lb_http_ports = "" + lb_https_ports = "443,8443" + lb_protocols = ["HTTPS"] + lb_tcp_ports = "" + ports = "3000,4000" + security_groups = ["sg-bef0a5c2"] # PUBLIC -> use whitelist SG + subnets = "${data.aws_subnet_ids.public_subnet_ids.ids}" # PUBLIC -> use public subnets + vpc_id = "${data.aws_vpc.vpc.id}" +} diff --git a/examples/https/outputs.tf b/examples/https/outputs.tf new file mode 100644 index 0000000..954d386 --- /dev/null +++ b/examples/https/outputs.tf @@ -0,0 +1,122 @@ +// +// LB attributes +// +output "arn" { + description = "ARN of the LB itself. Useful for debug output, for example when attaching a WAF." + value = "${module.lb-https.arn}" +} + +output "dns_name" { + description = "The DNS name of the LB presumably to be used with a friendlier CNAME." + value = "${module.lb-https.dns_name}" +} + +output "id" { + description = "The ID of the LB we created." + value = "${module.lb-https.id}" +} + +output "zone_id" { + description = "The zone_id of the LB to assist with creating DNS records." + value = "${module.lb-https.zone_id}" +} + +# arn_suffix +# canonical_hosted_zone_id + +// +// LB Listener attributes +// +output "listener_http_arns" { + description = "The ARNs of the HTTP LB Listeners" + value = "${module.lb-https.listener_http_arns}" +} + +output "listener_http_ids" { + description = "The IDs of the HTTP LB Listeners" + value = "${module.lb-https.listener_http_ids}" +} + +output "listener_https_arns" { + description = "The ARNs of the HTTPS LB Listeners" + value = "${module.lb-https.listener_https_arns}" +} + +output "listener_https_ids" { + description = "The IDs of the HTTPS LB Listeners" + value = "${module.lb-https.listener_https_ids}" +} + +output "listener_tcp_arns" { + description = "The ARNs of the network TCP LB Listeners" + value = "${module.lb-https.listener_tcp_arns}" +} + +output "listener_tcp_ids" { + description = "The IDs of the network TCP LB Listeners" + value = "${module.lb-https.listener_tcp_ids}" +} + +output "listener_arns" { + description = "ARNs of all the LB Listeners" + value = "${module.lb-https.listener_arns}" +} + +output "listener_ids" { + description = "IDs of all the LB Listeners" + value = "${module.lb-https.listener_ids}" +} + +// +// LB Target Group attributes +// +output "target_group_http_arns" { + description = "ARNs of the HTTP target groups. Useful for passing to your Auto Scaling group module." + value = "${module.lb-https.target_group_http_arns}" +} + +output "target_group_https_arns" { + description = "ARNs of the HTTPS target groups. Useful for passing to your Auto Scaling group module." + value = "${module.lb-https.target_group_https_arns}" +} + +output "target_group_tcp_arns" { + description = "ARNs of the TCP target groups. Useful for passing to your Auto Scaling group module." + value = "${module.lb-https.target_group_tcp_arns}" +} + +output "target_group_arns" { + description = "ARNs of all the target groups. Useful for passing to your Auto Scaling group module." + value = "${module.lb-https.target_group_arns}" +} + +output "target_group_http_ids" { + description = "IDs of the HTTP target groups" + value = "${module.lb-https.target_group_http_ids}" +} + +output "target_group_https_ids" { + description = "IDs of the HTTPS target groups" + value = "${module.lb-https.target_group_https_ids}" +} + +output "target_group_tcp_ids" { + description = "IDs of the TCP target groups" + value = "${module.lb-https.target_group_tcp_ids}" +} + +output "target_group_ids" { + description = "IDs of all the target groups" + value = "${module.lb-https.target_group_ids}" +} + +# arn_suffix +# name + +// +// Misc +// +output "principal_account_id" { + description = "The AWS-owned account given permissions to write your LB logs to S3." + value = "${module.lb-https.principal_account_id}" +} diff --git a/examples/https/providers.tf b/examples/https/providers.tf new file mode 100644 index 0000000..b8652bf --- /dev/null +++ b/examples/https/providers.tf @@ -0,0 +1,5 @@ +provider "aws" { + region = "${var.region}" + + #version = "1.5" +} diff --git a/examples/https/variables.tf b/examples/https/variables.tf new file mode 100644 index 0000000..81b8dbe --- /dev/null +++ b/examples/https/variables.tf @@ -0,0 +1,3 @@ +variable "region" { + default = "us-west-2" +} diff --git a/examples/tcp-http/README.md b/examples/tcp-http/README.md new file mode 100644 index 0000000..3e87ae7 --- /dev/null +++ b/examples/tcp-http/README.md @@ -0,0 +1 @@ +# NLB with HTTP health check diff --git a/examples/tcp-http/main.tf b/examples/tcp-http/main.tf new file mode 100644 index 0000000..3fa944f --- /dev/null +++ b/examples/tcp-http/main.tf @@ -0,0 +1,48 @@ +data "aws_vpc" "vpc" { + tags { + Env = "one" + } +} + +# Look up security group +data "aws_subnet_ids" "public_subnet_ids" { + vpc_id = "${data.aws_vpc.vpc.id}" + + tags { + Network = "Public" + } +} + +data "aws_subnet_ids" "private_subnet_ids" { + vpc_id = "${data.aws_vpc.vpc.id}" + + tags { + Network = "Private" + } +} + +module "lb-tcp-http" { + source = "../../" + name = "lb-tcp-http" + environment = "one" + organization = "wiser" + + #enable_cross_zone_load_balancing = true + #enable_deletion_protection = true + health_check_path = "/healthcheck" + + health_check_port = "3199" + health_check_protocol = "HTTP" + instance_http_ports = "80,8080" + instance_https_ports = "443" + instance_tcp_ports = "" + lb_http_ports = "80,8080" + lb_https_ports = "443" + lb_protocols = ["HTTP", "HTTPS"] + lb_tcp_ports = "" + ports = "3000,4000" + security_groups = ["sg-bef0a5c2"] # Need at least 1 + subnets = "${data.aws_subnet_ids.private_subnet_ids.ids}" + type = "network" + vpc_id = "${data.aws_vpc.vpc.id}" +} diff --git a/examples/tcp-http/outputs.tf b/examples/tcp-http/outputs.tf new file mode 100644 index 0000000..fd602f4 --- /dev/null +++ b/examples/tcp-http/outputs.tf @@ -0,0 +1,122 @@ +// +// LB attributes +// +output "arn" { + description = "ARN of the LB itself. Useful for debug output, for example when attaching a WAF." + value = "${module.lb-tcp-http.arn}" +} + +output "dns_name" { + description = "The DNS name of the LB presumably to be used with a friendlier CNAME." + value = "${module.lb-tcp-http.dns_name}" +} + +output "id" { + description = "The ID of the LB we created." + value = "${module.lb-tcp-http.id}" +} + +output "zone_id" { + description = "The zone_id of the LB to assist with creating DNS records." + value = "${module.lb-tcp-http.zone_id}" +} + +# arn_suffix +# canonical_hosted_zone_id + +// +// LB Listener attributes +// +output "listener_http_arns" { + description = "The ARNs of the HTTP LB Listeners" + value = "${module.lb-tcp-http.listener_http_arns}" +} + +output "listener_http_ids" { + description = "The IDs of the HTTP LB Listeners" + value = "${module.lb-tcp-http.listener_http_ids}" +} + +output "listener_https_arns" { + description = "The ARNs of the HTTPS LB Listeners" + value = "${module.lb-tcp-http.listener_https_arns}" +} + +output "listener_https_ids" { + description = "The IDs of the HTTPS LB Listeners" + value = "${module.lb-tcp-http.listener_https_ids}" +} + +output "listener_tcp_arns" { + description = "The ARNs of the network TCP LB Listeners" + value = "${module.lb-tcp-http.listener_tcp_arns}" +} + +output "listener_tcp_ids" { + description = "The IDs of the network TCP LB Listeners" + value = "${module.lb-tcp-http.listener_tcp_ids}" +} + +output "listener_arns" { + description = "ARNs of all the LB Listeners" + value = "${module.lb-tcp-http.listener_arns}" +} + +output "listener_ids" { + description = "IDs of all the LB Listeners" + value = "${module.lb-tcp-http.listener_ids}" +} + +// +// LB Target Group attributes +// +output "target_group_http_arns" { + description = "ARNs of the HTTP target groups. Useful for passing to your Auto Scaling group module." + value = "${module.lb-tcp-http.target_group_http_arns}" +} + +output "target_group_https_arns" { + description = "ARNs of the HTTPS target groups. Useful for passing to your Auto Scaling group module." + value = "${module.lb-tcp-http.target_group_https_arns}" +} + +output "target_group_tcp_arns" { + description = "ARNs of the TCP target groups. Useful for passing to your Auto Scaling group module." + value = "${module.lb-tcp-http.target_group_tcp_arns}" +} + +output "target_group_arns" { + description = "ARNs of all the target groups. Useful for passing to your Auto Scaling group module." + value = "${module.lb-tcp-http.target_group_arns}" +} + +output "target_group_http_ids" { + description = "IDs of the HTTP target groups" + value = "${module.lb-tcp-http.target_group_http_ids}" +} + +output "target_group_https_ids" { + description = "IDs of the HTTPS target groups" + value = "${module.lb-tcp-http.target_group_https_ids}" +} + +output "target_group_tcp_ids" { + description = "IDs of the TCP target groups" + value = "${module.lb-tcp-http.target_group_tcp_ids}" +} + +output "target_group_ids" { + description = "IDs of all the target groups" + value = "${module.lb-tcp-http.target_group_ids}" +} + +# arn_suffix +# name + +// +// Misc +// +output "principal_account_id" { + description = "The AWS-owned account given permissions to write your LB logs to S3." + value = "${module.lb-tcp-http.principal_account_id}" +} diff --git a/examples/tcp-http/providers.tf b/examples/tcp-http/providers.tf new file mode 100644 index 0000000..b8652bf --- /dev/null +++ b/examples/tcp-http/providers.tf @@ -0,0 +1,5 @@ +provider "aws" { + region = "${var.region}" + + #version = "1.5" +} diff --git a/examples/tcp-http/variables.tf b/examples/tcp-http/variables.tf new file mode 100644 index 0000000..81b8dbe --- /dev/null +++ b/examples/tcp-http/variables.tf @@ -0,0 +1,3 @@ +variable "region" { + default = "us-west-2" +} diff --git a/examples/tcp-tcp/README.md b/examples/tcp-tcp/README.md new file mode 100644 index 0000000..d32bbeb --- /dev/null +++ b/examples/tcp-tcp/README.md @@ -0,0 +1 @@ +# NLB with TCP health check diff --git a/examples/tcp-tcp/main.tf b/examples/tcp-tcp/main.tf new file mode 100644 index 0000000..bd4d82e --- /dev/null +++ b/examples/tcp-tcp/main.tf @@ -0,0 +1,48 @@ +data "aws_vpc" "vpc" { + tags { + Env = "one" + } +} + +# Look up security group +data "aws_subnet_ids" "public_subnet_ids" { + vpc_id = "${data.aws_vpc.vpc.id}" + + tags { + Network = "Public" + } +} + +data "aws_subnet_ids" "private_subnet_ids" { + vpc_id = "${data.aws_vpc.vpc.id}" + + tags { + Network = "Private" + } +} + +module "lb-tcp-tcp" { + source = "../../" + name = "lb-tcp-tcp" + environment = "one" + organization = "wiser" + + #enable_cross_zone_load_balancing = true + #enable_deletion_protection = true + health_check_path = "/healthcheck" + + health_check_port = "3199" + health_check_protocol = "TCP" + instance_http_ports = "80,8080" + instance_https_ports = "443" + instance_tcp_ports = "" + lb_http_ports = "80,8080" + lb_https_ports = "443" + lb_protocols = ["HTTP", "HTTPS"] + lb_tcp_ports = "" + ports = "3000,4000" + security_groups = ["sg-bef0a5c2"] # Need at least 1 + subnets = "${data.aws_subnet_ids.private_subnet_ids.ids}" + type = "network" + vpc_id = "${data.aws_vpc.vpc.id}" +} diff --git a/examples/tcp-tcp/outputs.tf b/examples/tcp-tcp/outputs.tf new file mode 100644 index 0000000..a918c26 --- /dev/null +++ b/examples/tcp-tcp/outputs.tf @@ -0,0 +1,122 @@ +// +// LB attributes +// +output "arn" { + description = "ARN of the LB itself. Useful for debug output, for example when attaching a WAF." + value = "${module.lb-tcp-tcp.arn}" +} + +output "dns_name" { + description = "The DNS name of the LB presumably to be used with a friendlier CNAME." + value = "${module.lb-tcp-tcp.dns_name}" +} + +output "id" { + description = "The ID of the LB we created." + value = "${module.lb-tcp-tcp.id}" +} + +output "zone_id" { + description = "The zone_id of the LB to assist with creating DNS records." + value = "${module.lb-tcp-tcp.zone_id}" +} + +# arn_suffix +# canonical_hosted_zone_id + +// +// LB Listener attributes +// +output "listener_http_arns" { + description = "The ARNs of the HTTP LB Listeners" + value = "${module.lb-tcp-tcp.listener_http_arns}" +} + +output "listener_http_ids" { + description = "The IDs of the HTTP LB Listeners" + value = "${module.lb-tcp-tcp.listener_http_ids}" +} + +output "listener_https_arns" { + description = "The ARNs of the HTTPS LB Listeners" + value = "${module.lb-tcp-tcp.listener_https_arns}" +} + +output "listener_https_ids" { + description = "The IDs of the HTTPS LB Listeners" + value = "${module.lb-tcp-tcp.listener_https_ids}" +} + +output "listener_tcp_arns" { + description = "The ARNs of the network TCP LB Listeners" + value = "${module.lb-tcp-tcp.listener_tcp_arns}" +} + +output "listener_tcp_ids" { + description = "The IDs of the network TCP LB Listeners" + value = "${module.lb-tcp-tcp.listener_tcp_ids}" +} + +output "listener_arns" { + description = "ARNs of all the LB Listeners" + value = "${module.lb-tcp-tcp.listener_arns}" +} + +output "listener_ids" { + description = "IDs of all the LB Listeners" + value = "${module.lb-tcp-tcp.listener_ids}" +} + +// +// LB Target Group attributes +// +output "target_group_http_arns" { + description = "ARNs of the HTTP target groups. Useful for passing to your Auto Scaling group module." + value = "${module.lb-tcp-tcp.target_group_http_arns}" +} + +output "target_group_https_arns" { + description = "ARNs of the HTTPS target groups. Useful for passing to your Auto Scaling group module." + value = "${module.lb-tcp-tcp.target_group_https_arns}" +} + +output "target_group_tcp_arns" { + description = "ARNs of the TCP target groups. Useful for passing to your Auto Scaling group module." + value = "${module.lb-tcp-tcp.target_group_tcp_arns}" +} + +output "target_group_arns" { + description = "ARNs of all the target groups. Useful for passing to your Auto Scaling group module." + value = "${module.lb-tcp-tcp.target_group_arns}" +} + +output "target_group_http_ids" { + description = "IDs of the HTTP target groups" + value = "${module.lb-tcp-tcp.target_group_http_ids}" +} + +output "target_group_https_ids" { + description = "IDs of the HTTPS target groups" + value = "${module.lb-tcp-tcp.target_group_https_ids}" +} + +output "target_group_tcp_ids" { + description = "IDs of the TCP target groups" + value = "${module.lb-tcp-tcp.target_group_tcp_ids}" +} + +output "target_group_ids" { + description = "IDs of all the target groups" + value = "${module.lb-tcp-tcp.target_group_ids}" +} + +# arn_suffix +# name + +// +// Misc +// +output "principal_account_id" { + description = "The AWS-owned account given permissions to write your LB logs to S3." + value = "${module.lb-tcp-tcp.principal_account_id}" +} diff --git a/examples/tcp-tcp/providers.tf b/examples/tcp-tcp/providers.tf new file mode 100644 index 0000000..b8652bf --- /dev/null +++ b/examples/tcp-tcp/providers.tf @@ -0,0 +1,5 @@ +provider "aws" { + region = "${var.region}" + + #version = "1.5" +} diff --git a/examples/tcp-tcp/variables.tf b/examples/tcp-tcp/variables.tf new file mode 100644 index 0000000..81b8dbe --- /dev/null +++ b/examples/tcp-tcp/variables.tf @@ -0,0 +1,3 @@ +variable "region" { + default = "us-west-2" +} diff --git a/main.tf b/main.tf index 5303fe5..be92fcf 100644 --- a/main.tf +++ b/main.tf @@ -17,26 +17,20 @@ # Multiple LBs ? module "enable_logging" { - #source = "devops-workflow/boolean/local" - #version = "0.1.0" - #source = "git::https://github.com/WisePricer/terraform-local-boolean.git?ref=tags/v0.1.1" - source = "git::https://github.com/WisePricer/terraform-local-boolean.git" + source = "devops-workflow/boolean/local" + version = "0.1.1" value = "${var.enable_logging}" } module "enabled" { - #source = "devops-workflow/boolean/local" - #version = "0.1.0" - #source = "git::https://github.com/WisePricer/terraform-local-boolean.git?ref=tags/v0.1.1" - source = "git::https://github.com/WisePricer/terraform-local-boolean.git" + source = "devops-workflow/boolean/local" + version = "0.1.1" value = "${var.enabled}" } module "label" { - #source = "devops-workflow/label/local" - #version = "0.1.2" - #source = "git::https://github.com/WisePricer/terraform-local-label.git?ref=tags/v0.1.3" - source = "git::https://github.com/WisePricer/terraform-local-label.git" + source = "devops-workflow/label/local" + version = "0.1.3" organization = "${var.organization}" name = "${var.name}" namespace-env = "${var.namespace-env}" @@ -50,10 +44,8 @@ module "label" { # TODO: need to support from var both basename and a complete name # may have 1 log bucket for many apps module "log_bucket" { - #source = "devops-workflow/label/local" - #version = "0.1.2" - #source = "git::https://github.com/WisePricer/terraform-local-label.git?ref=tags/v0.1.3" - source = "git::https://github.com/WisePricer/terraform-local-label.git" + source = "devops-workflow/label/local" + version = "0.1.3" organization = "${var.organization}" name = "${var.log_bucket_name}" namespace-env = true @@ -95,13 +87,14 @@ resource "aws_lb" "application" { internal = "${var.internal}" load_balancer_type = "${var.type}" - #enable_deletion_protection = "${}" - idle_timeout = "${var.idle_timeout}" + enable_deletion_protection = "${var.enable_deletion_protection}" + enable_http2 = "${var.enable_http2}" + idle_timeout = "${var.idle_timeout}" + security_groups = ["${var.security_groups}"] + subnets = ["${var.subnets}"] + tags = "${module.label.tags}" #ip_address_type = "${}" - security_groups = ["${var.security_groups}"] - subnets = ["${var.subnets}"] - tags = "${module.label.tags}" # Doesn't seem to be able to disable properly # access_logs { @@ -127,12 +120,13 @@ resource "aws_lb" "network" { internal = "${var.internal}" load_balancer_type = "${var.type}" - #enable_deletion_protection = "${}" - idle_timeout = "${var.idle_timeout}" + enable_cross_zone_load_balancing = "${var.enable_cross_zone_load_balancing}" + enable_deletion_protection = "${var.enable_deletion_protection}" + idle_timeout = "${var.idle_timeout}" + subnets = ["${var.subnets}"] + tags = "${module.label.tags}" #ip_address_type = "${}" - subnets = ["${var.subnets}"] - tags = "${module.label.tags}" /* subnet_mapping { diff --git a/outputs.tf b/outputs.tf index 4a64871..74d235c 100644 --- a/outputs.tf +++ b/outputs.tf @@ -3,30 +3,22 @@ // output "arn" { description = "ARN of the LB itself. Useful for debug output, for example when attaching a WAF." - - #value = "${element(concat(aws_lb.this.*.arn, list("")), 0)}" - value = "${element(concat(aws_lb.application.*.arn, aws_lb.network.*.arn, list("")), 0)}" + value = "${element(concat(aws_lb.application.*.arn, aws_lb.network.*.arn, list("")), 0)}" } output "dns_name" { description = "The DNS name of the LB presumably to be used with a friendlier CNAME." - - #value = "${element(concat(aws_lb.this.*.dns_name, list("")), 0)}" - value = "${element(concat(aws_lb.application.*.dns_name, aws_lb.network.*.dns_name, list("")), 0)}" + value = "${element(concat(aws_lb.application.*.dns_name, aws_lb.network.*.dns_name, list("")), 0)}" } output "id" { description = "The ID of the LB we created." - - #value = "${element(concat(aws_lb.this.*.id, list("")), 0)}" - value = "${element(concat(aws_lb.application.*.id, aws_lb.network.*.id, list("")), 0)}" + value = "${element(concat(aws_lb.application.*.id, aws_lb.network.*.id, list("")), 0)}" } output "zone_id" { description = "The zone_id of the LB to assist with creating DNS records." - - #value = "${element(concat(aws_lb.this.*.zone_id, list("")), 0)}" - value = "${element(concat(aws_lb.application.*.zone_id, aws_lb.network.*.zone_id, list("")), 0)}" + value = "${element(concat(aws_lb.application.*.zone_id, aws_lb.network.*.zone_id, list("")), 0)}" } # arn_suffix diff --git a/test/main.tf b/test/main.tf deleted file mode 100644 index 4e780b4..0000000 --- a/test/main.tf +++ /dev/null @@ -1,134 +0,0 @@ -data "aws_vpc" "vpc" { - tags { - Env = "one" - } -} - -# Look up security group -data "aws_subnet_ids" "public_subnet_ids" { - vpc_id = "${data.aws_vpc.vpc.id}" - - tags { - Network = "Public" - } -} - -data "aws_subnet_ids" "private_subnet_ids" { - vpc_id = "${data.aws_vpc.vpc.id}" - - tags { - Network = "Private" - } -} - -# TODO: setup at least 3 LB: NLB, ALB w/o logs, ALB w/ logs -# update outputs for all 3 -module "lb-tcp" { - source = "../" - name = "lb-tcp" - environment = "one" - organization = "wiser" - - #attributes = ["role", "policy", "use", ""] - #tags = "${map("Key", "Value")}" - #enabled = false - health_check_path = "/healthcheck" - - health_check_protocol = "HTTP" - health_check_port = "3199" - security_groups = ["sg-bef0a5c2"] # Need at least 1 - lb_protocols = ["HTTP", "HTTPS"] - type = "network" - subnets = "${data.aws_subnet_ids.private_subnet_ids.ids}" - vpc_id = "${data.aws_vpc.vpc.id}" - ports = "3000,4000" - instance_http_ports = "80,8080" - instance_https_ports = "443" - instance_tcp_ports = "" - lb_http_ports = "80,8080" - lb_https_ports = "443" - lb_tcp_ports = "" -} - -module "lb-tcp-tcp" { - source = "../" - name = "lb-tcp-tcp" - environment = "one" - organization = "wiser" - - #attributes = ["role", "policy", "use", ""] - #tags = "${map("Key", "Value")}" - #enabled = false - health_check_path = "/healthcheck" - - health_check_protocol = "TCP" - health_check_port = "3199" - security_groups = ["sg-bef0a5c2"] # Need at least 1 - lb_protocols = ["HTTP", "HTTPS"] - type = "network" - subnets = "${data.aws_subnet_ids.private_subnet_ids.ids}" - vpc_id = "${data.aws_vpc.vpc.id}" - ports = "3000,4000" - instance_http_ports = "80,8080" - instance_https_ports = "443" - instance_tcp_ports = "" - lb_http_ports = "80,8080" - lb_https_ports = "443" - lb_tcp_ports = "" -} - -module "lb-http" { - source = "../" - name = "lb-http" - environment = "one" - organization = "wiser" - - #attributes = ["role", "policy", "use", ""] - #tags = "${map("Key", "Value")}" - #enabled = false - #health_check_path = "" - security_groups = ["sg-bef0a5c2"] # Need at least 1 - - lb_protocols = ["HTTP"] - - #type = "network" - subnets = "${data.aws_subnet_ids.private_subnet_ids.ids}" - vpc_id = "${data.aws_vpc.vpc.id}" - ports = "3000,4000" - instance_http_ports = "80,8080" - instance_https_ports = "" - instance_tcp_ports = "" - lb_http_ports = "80,8080" - lb_https_ports = "" - lb_tcp_ports = "" -} - -module "lb-https" { - source = "../" - name = "lb-https" - environment = "one" - organization = "wiser" - - #attributes = ["role", "policy", "use", ""] - #tags = "${map("Key", "Value")}" - #enabled = false - #health_check_path = "" - internal = false # PUBLIC - - #security_groups = ["sg-a5bf1cd8"] # Need at least 1 - security_groups = ["sg-bef0a5c2"] # PUBLIC -> use whitelist SG - lb_protocols = ["HTTPS"] - - #type = "network" - #subnets = "${data.aws_subnet_ids.private_subnet_ids.ids}" - subnets = "${data.aws_subnet_ids.public_subnet_ids.ids}" # PUBLIC -> use public subnets - - vpc_id = "${data.aws_vpc.vpc.id}" - ports = "3000,4000" - instance_http_ports = "" - instance_https_ports = "443,8443" - instance_tcp_ports = "" - lb_http_ports = "" - lb_https_ports = "443,8443" - lb_tcp_ports = "" -} diff --git a/test/outputs.tf b/test/outputs.tf deleted file mode 100644 index f1fe6ee..0000000 --- a/test/outputs.tf +++ /dev/null @@ -1,379 +0,0 @@ -/* -output "ports" { value = "${module.lb.ports}" } -output "instance_http_ports" { value = "${module.lb.instance_http_ports}" } -output "instance_https_ports" { value = "${module.lb.instance_https_ports}" } -output "instance_tcp_ports" { value = "${module.lb.instance_tcp_ports}" } -output "lb_http_ports" { value = "${module.lb.lb_http_ports}" } -output "lb_https_ports" { value = "${module.lb.lb_https_ports}" } -output "lb_tcp_ports" { value = "${module.lb.lb_tcp_ports}" } -*/ -// -// LB attributes -// -output "tcp_arn" { - description = "ARN of the LB itself. Useful for debug output, for example when attaching a WAF." - value = "${module.lb-tcp.arn}" -} - -output "tcp_dns_name" { - description = "The DNS name of the LB presumably to be used with a friendlier CNAME." - value = "${module.lb-tcp.dns_name}" -} - -output "tcp_id" { - description = "The ID of the LB we created." - value = "${module.lb-tcp.id}" -} - -output "tcp_zone_id" { - description = "The zone_id of the LB to assist with creating DNS records." - value = "${module.lb-tcp.zone_id}" -} - -# arn_suffix -# canonical_hosted_zone_id - -// -// LB Listener attributes -// -output "tcp_listener_http_arns" { - description = "The ARNs of the HTTP LB Listeners" - value = "${module.lb-tcp.listener_http_arns}" -} - -output "tcp_listener_http_ids" { - description = "The IDs of the HTTP LB Listeners" - value = "${module.lb-tcp.listener_http_ids}" -} - -output "tcp_listener_https_arns" { - description = "The ARNs of the HTTPS LB Listeners" - value = "${module.lb-tcp.listener_https_arns}" -} - -output "tcp_listener_https_ids" { - description = "The IDs of the HTTPS LB Listeners" - value = "${module.lb-tcp.listener_https_ids}" -} - -output "tcp_listener_tcp_arns" { - description = "The ARNs of the network TCP LB Listeners" - value = "${module.lb-tcp.listener_tcp_arns}" -} - -output "tcp_listener_tcp_ids" { - description = "The IDs of the network TCP LB Listeners" - value = "${module.lb-tcp.listener_tcp_ids}" -} - -output "tcp_listener_arns" { - description = "ARNs of all the LB Listeners" - value = "${module.lb-tcp.listener_arns}" -} - -output "tcp_listener_ids" { - description = "IDs of all the LB Listeners" - value = "${module.lb-tcp.listener_ids}" -} - -// -// LB Target Group attributes -// -output "tcp_target_group_http_arns" { - description = "ARNs of the HTTP target groups. Useful for passing to your Auto Scaling group module." - value = "${module.lb-tcp.target_group_http_arns}" -} - -output "tcp_target_group_https_arns" { - description = "ARNs of the HTTPS target groups. Useful for passing to your Auto Scaling group module." - value = "${module.lb-tcp.target_group_https_arns}" -} - -output "tcp_target_group_tcp_arns" { - description = "ARNs of the TCP target groups. Useful for passing to your Auto Scaling group module." - value = "${module.lb-tcp.target_group_tcp_arns}" -} - -output "tcp_target_group_arns" { - description = "ARNs of all the target groups. Useful for passing to your Auto Scaling group module." - value = "${module.lb-tcp.target_group_arns}" -} - -output "tcp_target_group_http_ids" { - description = "IDs of the HTTP target groups" - value = "${module.lb-tcp.target_group_http_ids}" -} - -output "tcp_target_group_https_ids" { - description = "IDs of the HTTPS target groups" - value = "${module.lb-tcp.target_group_https_ids}" -} - -output "tcp_target_group_tcp_ids" { - description = "IDs of the TCP target groups" - value = "${module.lb-tcp.target_group_tcp_ids}" -} - -output "tcp_target_group_ids" { - description = "IDs of all the target groups" - value = "${module.lb-tcp.target_group_ids}" -} - -# arn_suffix -# name - -// -// Misc -// -output "tcp_principal_account_id" { - description = "The AWS-owned account given permissions to write your LB logs to S3." - value = "${module.lb-tcp.principal_account_id}" -} - -//// LB HTTP -// -// LB attributes -// -output "http_arn" { - description = "ARN of the LB itself. Useful for debug output, for example when attaching a WAF." - value = "${module.lb-http.arn}" -} - -output "http_dns_name" { - description = "The DNS name of the LB presumably to be used with a friendlier CNAME." - value = "${module.lb-http.dns_name}" -} - -output "http_id" { - description = "The ID of the LB we created." - value = "${module.lb-http.id}" -} - -output "http_zone_id" { - description = "The zone_id of the LB to assist with creating DNS records." - value = "${module.lb-http.zone_id}" -} - -# arn_suffix -# canonical_hosted_zone_id - -// -// LB Listener attributes -// -output "http_listener_http_arns" { - description = "The ARNs of the HTTP LB Listeners" - value = "${module.lb-http.listener_http_arns}" -} - -output "http_listener_http_ids" { - description = "The IDs of the HTTP LB Listeners" - value = "${module.lb-http.listener_http_ids}" -} - -output "http_listener_https_arns" { - description = "The ARNs of the HTTPS LB Listeners" - value = "${module.lb-http.listener_https_arns}" -} - -output "http_listener_https_ids" { - description = "The IDs of the HTTPS LB Listeners" - value = "${module.lb-http.listener_https_ids}" -} - -output "http_listener_tcp_arns" { - description = "The ARNs of the network TCP LB Listeners" - value = "${module.lb-http.listener_tcp_arns}" -} - -output "http_listener_tcp_ids" { - description = "The IDs of the network TCP LB Listeners" - value = "${module.lb-http.listener_tcp_ids}" -} - -output "http_listener_arns" { - description = "ARNs of all the LB Listeners" - value = "${module.lb-http.listener_arns}" -} - -output "http_listener_ids" { - description = "IDs of all the LB Listeners" - value = "${module.lb-http.listener_ids}" -} - -// -// LB Target Group attributes -// -output "http_target_group_http_arns" { - description = "ARNs of the HTTP target groups. Useful for passing to your Auto Scaling group module." - value = "${module.lb-http.target_group_http_arns}" -} - -output "http_target_group_https_arns" { - description = "ARNs of the HTTPS target groups. Useful for passing to your Auto Scaling group module." - value = "${module.lb-http.target_group_https_arns}" -} - -output "http_target_group_tcp_arns" { - description = "ARNs of the TCP target groups. Useful for passing to your Auto Scaling group module." - value = "${module.lb-http.target_group_tcp_arns}" -} - -output "http_target_group_arns" { - description = "ARNs of all the target groups. Useful for passing to your Auto Scaling group module." - value = "${module.lb-http.target_group_arns}" -} - -output "http_target_group_http_ids" { - description = "IDs of the HTTP target groups" - value = "${module.lb-http.target_group_http_ids}" -} - -output "http_target_group_https_ids" { - description = "IDs of the HTTPS target groups" - value = "${module.lb-http.target_group_https_ids}" -} - -output "http_target_group_tcp_ids" { - description = "IDs of the TCP target groups" - value = "${module.lb-http.target_group_tcp_ids}" -} - -output "http_target_group_ids" { - description = "IDs of all the target groups" - value = "${module.lb-http.target_group_ids}" -} - -# arn_suffix -# name - -// -// Misc -// -output "http_principal_account_id" { - description = "The AWS-owned account given permissions to write your LB logs to S3." - value = "${module.lb-http.principal_account_id}" -} - -//// LB HTTPS -// -// LB attributes -// -output "https_arn" { - description = "ARN of the LB itself. Useful for debug output, for example when attaching a WAF." - value = "${module.lb-https.arn}" -} - -output "https_dns_name" { - description = "The DNS name of the LB presumably to be used with a friendlier CNAME." - value = "${module.lb-https.dns_name}" -} - -output "https_id" { - description = "The ID of the LB we created." - value = "${module.lb-https.id}" -} - -output "https_zone_id" { - description = "The zone_id of the LB to assist with creating DNS records." - value = "${module.lb-https.zone_id}" -} - -# arn_suffix -# canonical_hosted_zone_id - -// -// LB Listener attributes -// -output "https_listener_http_arns" { - description = "The ARNs of the HTTP LB Listeners" - value = "${module.lb-https.listener_http_arns}" -} - -output "https_listener_http_ids" { - description = "The IDs of the HTTP LB Listeners" - value = "${module.lb-https.listener_http_ids}" -} - -output "https_listener_https_arns" { - description = "The ARNs of the HTTPS LB Listeners" - value = "${module.lb-https.listener_https_arns}" -} - -output "https_listener_https_ids" { - description = "The IDs of the HTTPS LB Listeners" - value = "${module.lb-https.listener_https_ids}" -} - -output "https_listener_tcp_arns" { - description = "The ARNs of the network TCP LB Listeners" - value = "${module.lb-https.listener_tcp_arns}" -} - -output "https_listener_tcp_ids" { - description = "The IDs of the network TCP LB Listeners" - value = "${module.lb-https.listener_tcp_ids}" -} - -output "https_listener_arns" { - description = "ARNs of all the LB Listeners" - value = "${module.lb-https.listener_arns}" -} - -output "https_listener_ids" { - description = "IDs of all the LB Listeners" - value = "${module.lb-https.listener_ids}" -} - -// -// LB Target Group attributes -// -output "https_target_group_http_arns" { - description = "ARNs of the HTTP target groups. Useful for passing to your Auto Scaling group module." - value = "${module.lb-https.target_group_http_arns}" -} - -output "https_target_group_https_arns" { - description = "ARNs of the HTTPS target groups. Useful for passing to your Auto Scaling group module." - value = "${module.lb-https.target_group_https_arns}" -} - -output "https_target_group_tcp_arns" { - description = "ARNs of the TCP target groups. Useful for passing to your Auto Scaling group module." - value = "${module.lb-https.target_group_tcp_arns}" -} - -output "https_target_group_arns" { - description = "ARNs of all the target groups. Useful for passing to your Auto Scaling group module." - value = "${module.lb-https.target_group_arns}" -} - -output "https_target_group_http_ids" { - description = "IDs of the HTTP target groups" - value = "${module.lb-https.target_group_http_ids}" -} - -output "https_target_group_https_ids" { - description = "IDs of the HTTPS target groups" - value = "${module.lb-https.target_group_https_ids}" -} - -output "https_target_group_tcp_ids" { - description = "IDs of the TCP target groups" - value = "${module.lb-https.target_group_tcp_ids}" -} - -output "https_target_group_ids" { - description = "IDs of all the target groups" - value = "${module.lb-https.target_group_ids}" -} - -# arn_suffix -# name - -// -// Misc -// -output "https_principal_account_id" { - description = "The AWS-owned account given permissions to write your LB logs to S3." - value = "${module.lb-https.principal_account_id}" -} diff --git a/variables.tf b/variables.tf index eb4562d..6c25e81 100644 --- a/variables.tf +++ b/variables.tf @@ -66,6 +66,21 @@ variable "certificate_name" { // // Load Balancer settings // +variable "enable_cross_zone_load_balancing" { + description = "Enable cross-zone load balancing on NLB" + default = false +} + +variable "enable_deletion_protection" { + description = "Enable deletion protection. Prevent LB from being deleted" + default = false +} + +variable "enable_http2" { + description = "Enable HTTP/2 on ALB" + default = true +} + variable "idle_timeout" { description = "The time in seconds that the connection is allowed to be idle" default = "60"