From 8cb422df7b575c2349715fa153c5c34aff18f3a0 Mon Sep 17 00:00:00 2001
From: Andrew Grangaard <granny-github@ofb.net>
Date: Wed, 25 Oct 2023 06:39:35 -0700
Subject: [PATCH] Fixes #134 - Provides guard against referencing
 aws_lb_target_group.default when disabled
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* disables aws_lb_listener.http_forward when default_target_group is not enabled
* disables aws_lb_listener.http_redirect when default_target_group is disabled unless default http response exists
* disables aws_lb_listener.https when default_target_group is disabled unless default secure https response exists

Fixes this Validation error when default_target_group_enabled == 0 :
```
module.alb.aws_lb_listener.http_forward[0]: Creating...
╷
│ Error: creating ELBv2 Listener
(arn:aws:elasticloadbalancing:...:...:loadbalancer/...):
ValidationError: A target group ARN must be specified
│       status code: 400, request id:
7cf9d727-fc77-4d32-a160-cbd175e16e20
│
│   with module.alb.aws_lb_listener.http_forward[0],
│   on .terraform/modules/alb/main.tf line 150, in resource
"aws_lb_listener" "http_forward":
│  150: resource "aws_lb_listener" "http_forward" {

```
---
 main.tf | 23 ++++++++++++++++++++---
 1 file changed, 20 insertions(+), 3 deletions(-)

diff --git a/main.tf b/main.tf
index 00b38bf..729cfb7 100644
--- a/main.tf
+++ b/main.tf
@@ -150,7 +150,13 @@ resource "aws_lb_target_group" "default" {
 resource "aws_lb_listener" "http_forward" {
   #bridgecrew:skip=BC_AWS_GENERAL_43 - Skipping Ensure that load balancer is using TLS 1.2.
   #bridgecrew:skip=BC_AWS_NETWORKING_29 - Skipping Ensure ALB Protocol is HTTPS
-  count             = module.this.enabled && var.http_enabled && var.http_redirect != true ? 1 : 0
+  count = (
+    module.this.enabled &&
+    var.http_enabled &&
+    var.http_redirect != true &&
+    (var.listener_http_fixed_response != null || var.default_target_group_enabled)
+    ? 1 : 0
+  )
   load_balancer_arn = one(aws_lb.default[*].arn)
   port              = var.http_port
   protocol          = "HTTP"
@@ -172,7 +178,13 @@ resource "aws_lb_listener" "http_forward" {
 }
 
 resource "aws_lb_listener" "http_redirect" {
-  count             = module.this.enabled && var.http_enabled && var.http_redirect == true ? 1 : 0
+  count = (
+    module.this.enabled &&
+    var.http_enabled &&
+    var.http_redirect == true &&
+    var.default_target_group_enabled
+    ? 1 : 0
+  )
   load_balancer_arn = one(aws_lb.default[*].arn)
   port              = var.http_port
   protocol          = "HTTP"
@@ -192,7 +204,12 @@ resource "aws_lb_listener" "http_redirect" {
 
 resource "aws_lb_listener" "https" {
   #bridgecrew:skip=BC_AWS_GENERAL_43 - Skipping Ensure that load balancer is using TLS 1.2.
-  count             = module.this.enabled && var.https_enabled ? 1 : 0
+  count = (
+    module.this.enabled &&
+    var.https_enabled &&
+    (var.listener_https_fixed_response != null || var.default_target_group_enabled)
+    ? 1 : 0
+  )
   load_balancer_arn = one(aws_lb.default[*].arn)
 
   port            = var.https_port