Allow SSL cert and port 443 setup 🔒

[alismx]

DEVOPS PULL REQUEST

Related Issue

• resolve Optional cert for setting up ssl and port 443 #8

Changes Proposed

• Output Changes:
  • Renamed alb_listener_rules_arns to http_alb_listener_rules_arns.
  • Added a new output https_alb_listener_rules_arns for HTTPS listener rules.
• Variable Changes:
  • Added a new variable certificate_arn to manage SSL certificate for ALB.
• ALB Listener and Rules:
  • Split aws_alb_listener_rule.this into aws_alb_listener_rule.http and aws_alb_listener_rule.https.
  • Added conditional logic for redirect actions based on the presence of certificate_arn.
  • Created a new aws_alb_listener.https resource with appropriate SSL settings and default action.
• Dynamic Actions:
  • Introduced dynamic forward and redirect actions based on the presence of certificate_arn.
• New HTTPS Listener Rule:
  • Added aws_alb_listener_rule.https for handling HTTPS paths with SSL termination.

[shanice-skylight]

Can you elaborate on this terraform complaint?

[alismx]

It's a deprecation warning saying we shouldn't have a redirect action, not anything that throws.

This happens when I create the infra with a cert and then run it without the cert (destroying all the ssl/443/cert related infra). That shouldn't be a typical case.

The resource doesn't explicitly delete the redirect part of the action, but it does implicitly because AWS doesn't allow it, which is why we don't see it on the follow-up run.

[rin-skylight]

Found a possible solution to the trivy issue.

[rin-skylight]

This scan-ref block is likely causing the false failures. Normally, we would isolate this to an operations directory, but we don't have that luxury here. Consider implementing skip-dirs to exclude the .cache directory: https://trivy.dev/v0.56/docs/configuration/skipping/