Skip to content

Latest commit

 

History

History
155 lines (123 loc) · 12.4 KB

README.md

File metadata and controls

155 lines (123 loc) · 12.4 KB

Miquido

miquido-terraform-alb

This module Application Load Balancer along with AWS ACM TLS/SSL certificate via ACM Request

Terraform Module

Requirements

Name Version
terraform >= 0.13
aws ~> 4.7
local >= 1.3
null >= 2.0

Providers

Name Version
aws ~> 4.7

Modules

Name Source Version
alb cloudposse/alb/aws 1.10.0

Resources

Name Type
aws_lb_listener_rule.redirect_http_to_https resource
aws_s3_bucket_public_access_block.alb-logs resource
aws_security_group_rule.allow-http-ipv6 resource
aws_security_group_rule.allow-https-ipv6 resource

Inputs

Name Description Type Default Required
access_logs_enabled A boolean flag to enable/disable access_logs bool true no
access_logs_prefix The S3 log bucket prefix string "" no
access_logs_s3_bucket_force_destroy A boolean that indicates all objects should be deleted from the ALB access logs S3 bucket so that the bucket can be destroyed without error bool false no
acm_certificate_arn The ARN of the default SSL certificate for HTTPS listener. Required if https_enabled is true. string "" no
additional_certs A list of additonal certs to add to the https listerner list(string) [] no
cross_zone_load_balancing_enabled A boolean flag to enable/disable cross zone load balancing bool false no
deletion_protection_enabled A boolean flag to enable/disable deletion protection for ALB bool false no
deregistration_delay The amount of time to wait in seconds before changing the state of a deregistering target to unused number 15 no
domain Domain to request ACM certificate for root domain and wildcard SAN string "" no
enable_redirect_http_to_https Attach rule to HTTP listener that redirects bool false no
environment Environment name string "" no
health_check_healthy_threshold The number of consecutive health checks successes required before considering an unhealthy target healthy number 2 no
health_check_interval The duration in seconds in between health checks number 15 no
health_check_matcher The HTTP response codes to indicate a healthy check string "200-399" no
health_check_path The destination for the health check request string "/" no
health_check_timeout The amount of time to wait in seconds before failing a health check request number 10 no
health_check_unhealthy_threshold The number of consecutive health check failures required before considering the target unhealthy number 2 no
http2_enabled A boolean flag to enable/disable HTTP/2 bool true no
http_enabled A boolean flag to enable/disable HTTP listener bool true no
http_ingress_cidr_blocks List of CIDR blocks to allow in HTTP security group list(string)
[
"0.0.0.0/0"
]
no
http_ingress_ipv6_cidr_blocks List of IPv6 CIDR blocks to allow in HTTP security group list(string)
[
"::/0"
]
no
http_ingress_prefix_list_ids List of prefix list IDs for allowing access to HTTP ingress security group list(string) [] no
http_port The port for the HTTP listener number 80 no
https_enabled A boolean flag to enable/disable HTTPS listener bool true no
https_ingress_cidr_blocks List of CIDR blocks to allow in HTTPS security group list(string)
[
"0.0.0.0/0"
]
no
https_ingress_ipv6_cidr_blocks List of IPv6 CIDR blocks to allow in HTTPS security group list(string)
[
"::/0"
]
no
https_ingress_prefix_list_ids List of prefix list IDs for allowing access to HTTPS ingress security group list(string) [] no
https_port The port for the HTTPS listener number 443 no
https_ssl_policy The name of the SSL Policy for the listener string "ELBSecurityPolicy-2016-08" no
idle_timeout The time in seconds that the connection is allowed to be idle number 60 no
internal A boolean flag to determine whether the ALB should be internal bool false no
ip_address_type The type of IP addresses used by the subnets for your load balancer. The possible values are ipv4 and dualstack. string "ipv4" no
name Resource common name string n/a yes
project Account/Project Name string n/a yes
redirect_http_to_https_priority HTTP Listener Rule priority number 5 no
redirect_http_to_https_status_code The HTTP redirect code. The redirect is either permanent (HTTP_301) or temporary (HTTP_302) string "HTTP_301" no
security_group_ids A list of additional security group IDs to allow access to ALB list(string) [] no
subnet_ids A list of (typically public) subnet IDs to associate with ALB. list(string) n/a yes
tags Tags to apply on repository map(string) {} no
target_group_additional_tags The additional tags to apply to the target group map(string) {} no
target_group_name The name for the default target group, uses a module label name if left empty string "" no
target_group_port The port for the default target group number 80 no
target_group_target_type The type (instance, ip or lambda) of targets that can be registered with the target group string "ip" no
vpc_id The VPC ID where resources are created string n/a yes

Outputs

Name Description
access_logs_bucket_id The S3 bucket ID for access logs
alb_arn The ARN of the ALB
alb_arn_suffix The ARN suffix of the ALB
alb_dns_name DNS name of ALB
alb_name The ARN suffix of the ALB
alb_zone_id The ID of the zone which ALB is provisioned
default_target_group_arn The default target group ARN
http_listener_arn The ARN of the HTTP listener
https_listener_arn The ARN of the HTTPS listener
listener_arns A list of all the listener ARNs
security_group_id The security group ID of the ALB

Makefile Targets

Available targets:

  help                                Help screen
  help/all                            Display help for all targets
  help/short                          This help short screen
  lint                                Lint Terraform code

Developing

  1. Make changes in terraform files

  2. Regenerate documentation

    bash <(git archive [email protected]:miquido/terraform/terraform-readme-update.git master update.sh | tar -xO)
  3. Run lint

    make lint
    

Copyright

Copyright © 2017-2023 Miquido

Contributors

Konrad Obal
Konrad Obal