miquido-terraform-alb

This module Application Load Balancer along with AWS ACM TLS/SSL certificate via ACM Request

Terraform Module

Requirements

Name	Version
terraform	>= 0.13
aws	~> 4.7
local	>= 1.3
null	>= 2.0

Providers

Name	Version
aws	~> 4.7

Modules

Name	Source	Version
alb	cloudposse/alb/aws	1.10.0

Resources

Name	Type
aws_lb_listener_rule.redirect_http_to_https	resource
aws_s3_bucket_public_access_block.alb-logs	resource
aws_security_group_rule.allow-http-ipv6	resource
aws_security_group_rule.allow-https-ipv6	resource

Inputs

Name	Description	Type	Default	Required
access_logs_enabled	A boolean flag to enable/disable access_logs	bool	true	no
access_logs_prefix	The S3 log bucket prefix	string	""	no
access_logs_s3_bucket_force_destroy	A boolean that indicates all objects should be deleted from the ALB access logs S3 bucket so that the bucket can be destroyed without error	bool	false	no
acm_certificate_arn	The ARN of the default SSL certificate for HTTPS listener. Required if https_enabled is true.	string	""	no
additional_certs	A list of additonal certs to add to the https listerner	list(string)	[]	no
cross_zone_load_balancing_enabled	A boolean flag to enable/disable cross zone load balancing	bool	false	no
deletion_protection_enabled	A boolean flag to enable/disable deletion protection for ALB	bool	false	no
deregistration_delay	The amount of time to wait in seconds before changing the state of a deregistering target to unused	number	15	no
domain	Domain to request ACM certificate for root domain and wildcard SAN	string	""	no
enable_redirect_http_to_https	Attach rule to HTTP listener that redirects	bool	false	no
environment	Environment name	string	""	no
health_check_healthy_threshold	The number of consecutive health checks successes required before considering an unhealthy target healthy	number	2	no
health_check_interval	The duration in seconds in between health checks	number	15	no
health_check_matcher	The HTTP response codes to indicate a healthy check	string	"200-399"	no
health_check_path	The destination for the health check request	string	"/"	no
health_check_timeout	The amount of time to wait in seconds before failing a health check request	number	10	no
health_check_unhealthy_threshold	The number of consecutive health check failures required before considering the target unhealthy	number	2	no
http2_enabled	A boolean flag to enable/disable HTTP/2	bool	true	no
http_enabled	A boolean flag to enable/disable HTTP listener	bool	true	no
http_ingress_cidr_blocks	List of CIDR blocks to allow in HTTP security group	list(string)	[ "0.0.0.0/0" ]	no
http_ingress_ipv6_cidr_blocks	List of IPv6 CIDR blocks to allow in HTTP security group	list(string)	[ "::/0" ]	no
http_ingress_prefix_list_ids	List of prefix list IDs for allowing access to HTTP ingress security group	list(string)	[]	no
http_port	The port for the HTTP listener	number	80	no
https_enabled	A boolean flag to enable/disable HTTPS listener	bool	true	no
https_ingress_cidr_blocks	List of CIDR blocks to allow in HTTPS security group	list(string)	[ "0.0.0.0/0" ]	no
https_ingress_ipv6_cidr_blocks	List of IPv6 CIDR blocks to allow in HTTPS security group	list(string)	[ "::/0" ]	no
https_ingress_prefix_list_ids	List of prefix list IDs for allowing access to HTTPS ingress security group	list(string)	[]	no
https_port	The port for the HTTPS listener	number	443	no
https_ssl_policy	The name of the SSL Policy for the listener	string	"ELBSecurityPolicy-2016-08"	no
idle_timeout	The time in seconds that the connection is allowed to be idle	number	60	no
internal	A boolean flag to determine whether the ALB should be internal	bool	false	no
ip_address_type	The type of IP addresses used by the subnets for your load balancer. The possible values are ipv4 and dualstack.	string	"ipv4"	no
name	Resource common name	string	n/a	yes
project	Account/Project Name	string	n/a	yes
redirect_http_to_https_priority	HTTP Listener Rule priority	number	5	no
redirect_http_to_https_status_code	The HTTP redirect code. The redirect is either permanent (HTTP_301) or temporary (HTTP_302)	string	"HTTP_301"	no
security_group_ids	A list of additional security group IDs to allow access to ALB	list(string)	[]	no
subnet_ids	A list of (typically public) subnet IDs to associate with ALB.	list(string)	n/a	yes
tags	Tags to apply on repository	map(string)	{}	no
target_group_additional_tags	The additional tags to apply to the target group	map(string)	{}	no
target_group_name	The name for the default target group, uses a module label name if left empty	string	""	no
target_group_port	The port for the default target group	number	80	no
target_group_target_type	The type (instance, ip or lambda) of targets that can be registered with the target group	string	"ip"	no
vpc_id	The VPC ID where resources are created	string	n/a	yes

Outputs

Name	Description
access_logs_bucket_id	The S3 bucket ID for access logs
alb_arn	The ARN of the ALB
alb_arn_suffix	The ARN suffix of the ALB
alb_dns_name	DNS name of ALB
alb_name	The ARN suffix of the ALB
alb_zone_id	The ID of the zone which ALB is provisioned
default_target_group_arn	The default target group ARN
http_listener_arn	The ARN of the HTTP listener
https_listener_arn	The ARN of the HTTPS listener
listener_arns	A list of all the listener ARNs
security_group_id	The security group ID of the ALB

Makefile Targets

Available targets:

  help                                Help screen
  help/all                            Display help for all targets
  help/short                          This help short screen
  lint                                Lint Terraform code

Developing

1. Make changes in terraform files

2. Regenerate documentation

   bash <(git archive [email protected]:miquido/terraform/terraform-readme-update.git master update.sh | tar -xO)

3. Run lint

   make lint
   

Copyright

Copyright © 2017-2023 Miquido

Contributors

Konrad Obal