New: module/alb

Setup basic aws_lb/aws_lb_listener/aws_lb_target_group resources for HTTP and HTTPS forward/redirect function.

Author: Magicloud

modules/alb-default-forward/README.md

@@ -0,0 +1,7 @@
+# ALB default forward
+
+With `alb` module setup basic ALB, this module (can be used multiple times) is to setup the detail listener and target group with default action forward.
+
+To have more control on the action, attach `aws_lb_listener_rule` resource to this listener.
+
+Checkout example/alb-test for usage.

modules/alb-default-forward/main.tf

@@ -0,0 +1,19 @@
+resource "aws_lb_listener" "lb-listener" {
+  load_balancer_arn = var.lb_arn
+  port              = var.lb_port
+  protocol          = var.protocol
+  ssl_policy        = var.protocol == "HTTP" ? "" : var.ssl_policy
+  certificate_arn   = var.https_cert_arn
+  default_action {
+    type             = "forward"
+    target_group_arn = aws_lb_target_group.lb-tg.arn
+  }
+}
+
+resource "aws_lb_target_group" "lb-tg" {
+  name     = "${var.name_prefix}-tg"
+  port     = var.service_port
+  protocol = "HTTP"
+  vpc_id   = var.vpc_id
+  tags     = var.tags
+}

modules/alb-default-forward/outputs.tf

@@ -0,0 +1,7 @@
+output "target_group_arn" {
+  value = aws_lb_target_group.lb-tg.arn
+}
+
+output "listener_arn" {
+  value = aws_lb_listener.lb-listener.arn
+}

modules/alb-default-forward/variables.tf

@@ -0,0 +1,46 @@
+variable "lb_arn" {
+  type        = string
+  description = "The ARN of the ALB to listen."
+}
+
+variable "lb_port" {
+  type        = number
+  description = "The port listened on ALB."
+}
+
+variable "protocol" {
+  type        = string
+  description = "Either HTTP or HTTPS."
+}
+
+variable "https_cert_arn" {
+  type        = string
+  default     = ""
+  description = "The ARN of the cert for HTTPS. Required if protocol is HTTPS."
+}
+
+variable "ssl_policy" {
+  type        = string
+  default     = "ELBSecurityPolicy-2016-08"
+  description = "The name of the SSL Policy for the listener. Required if protocol is HTTPS."
+}
+
+variable "service_port" {
+  type        = number
+  description = "The port listened on service."
+}
+
+variable "vpc_id" {
+  type        = string
+  description = "The identifier of the VPC in which to create the target groups."
+}
+
+variable "tags" {
+  type        = map(string)
+  default     = {}
+  description = "Tags for aws_lb resource."
+}
+
+variable "name_prefix" {
+  type = string
+}

modules/alb-redirect/README.md

@@ -0,0 +1,5 @@
+# ALB redirect
+
+With `alb` module setup basic ALB, this module (can be used multiple times) is to setup a redirect listener. Normally is used for redirecting HTTP request on port 80 to HTTPS on port 443.
+
+Checkout example/alb-test for usage.

modules/alb-redirect/main.tf

@@ -0,0 +1,13 @@
+resource "aws_lb_listener" "lb-listener" {
+  load_balancer_arn = var.lb_arn
+  port              = var.http_port
+  protocol          = "HTTP"
+  default_action {
+    type             = "redirect"
+    redirect {
+      port        = var.https_port
+      protocol    = "HTTPS"
+      status_code = "HTTP_301"
+    }
+  }
+}

modules/alb-redirect/variables.tf

@@ -0,0 +1,14 @@
+variable "lb_arn" {
+  type        = string
+  description = "The ARN of the ALB to listen."
+}
+
+variable "http_port" {
+  type        = number
+  description = "The uncrypted web service port listened on ALB. No service should actually servicing on this port."
+}
+
+variable "https_port" {
+  type        = number
+  description = "The crypted web service port listened on ALB."
+}

modules/alb/README.md

@@ -0,0 +1,5 @@
+# ALB
+
+Setup basic aws_lb/aws_lb_listener/aws_lb_target_group resources for HTTP and HTTPS forward/redirect function.
+
+Checkout example/alb-test for usage.

modules/alb/main.tf

@@ -0,0 +1,13 @@
+resource "aws_lb" "alb" {
+  name               = "${var.name_prefix}-alb"
+  internal           = var.internal
+  load_balancer_type = "application"
+  security_groups    = [aws_security_group.alb_sg.id]
+  subnets            = var.subnet_ids
+  tags               = var.tags
+}
+
+resource "aws_security_group" "alb_sg" {
+  name_prefix = "${var.name_prefix}-alb_sb"
+  vpc_id      = var.vpc_id
+}

modules/alb/outputs.tf

@@ -0,0 +1,15 @@
+output "lb_dns_name" {
+  value = aws_lb.alb.dns_name
+}
+
+output "lb_zone_id" {
+  value = aws_lb.alb.zone_id
+}
+
+output "security_group_id" {
+  value = aws_security_group.alb_sg.id
+}
+
+output "lb_arn" {
+  value = aws_lb.alb.arn
+}

modules/alb/variables.tf

@@ -0,0 +1,25 @@
+variable "internal" {
+  default     = true
+  type        = bool
+  description = "Whether the LB should face Internet."
+}
+
+variable "subnet_ids" {
+  type        = list(string)
+  description = "The subnets for LBs to live in."
+}
+
+variable "vpc_id" {
+  type        = string
+  description = "The identifier of the VPC in which to create the target groups."
+}
+
+variable "tags" {
+  type        = map(string)
+  default     = {}
+  description = "Tags for aws_lb resource."
+}
+
+variable "name_prefix" {
+  type = string
+}