Improved alb module

sourcefuse · Dec 6, 2024 · 9293eab · 9293eab
1 parent c4d8f29
commit 9293eab
Show file tree

Hide file tree

Showing 7 changed files with 40 additions and 31 deletions.
diff --git a/example/alb/main.tf b/example/alb/main.tf
@@ -12,19 +12,19 @@ terraform {
 module "alb" {
   source = "../../modules/alb"
 
-  vpc_id = "vpc-123445"
+  vpc_id = "vpc-12345"
 
   alb = {
     name     = "arc-poc-alb"
     internal = false
-    subnets  = ["subnet-1123", "subnet-1113"]
+    port = 80
   }
 
   alb_target_group = [{
     name     = "arc-poc-alb-tg"
     port     = 80
     protocol = "HTTP"
-    vpc_id   = "vpc-123445"
+    vpc_id = "vpc-12345"
     health_check = {
       enabled = true
       path    = "/"

diff --git a/modules/alb/data.tf b/modules/alb/data.tf
@@ -0,0 +1,14 @@
+# Fetch all subnets in the VPC
+data "aws_subnets" "all" {
+  filter {
+    name   = "vpc-id"
+    values = [var.vpc_id]
+  }
+}
+
+# Filter subnets with the "Type=public" tag
+data "aws_subnet" "public" {
+  for_each = toset(data.aws_subnets.all.ids)
+
+  id = each.value
+}
diff --git a/modules/alb/locals.tf b/modules/alb/locals.tf
@@ -0,0 +1,7 @@
+# Collect public subnets in a list
+locals {
+  public_subnets = [
+    for s in data.aws_subnet.public :
+    s.id if lookup(s.tags, "Type", "") == "public"
+  ]
+}
diff --git a/modules/alb/main.tf b/modules/alb/main.tf
@@ -16,7 +16,7 @@ provider "aws" {
 }
 
 ###################################################################
-## Load balancer
+## Load balancer Security Group
 ###################################################################
 resource "aws_security_group" "lb_sg" {
   name        = "${var.alb.name}-sg"
@@ -49,28 +49,15 @@ resource "aws_security_group" "lb_sg" {
   }
 }
 
-
-data "aws_subnets" "public" {
-  filter {
-    name   = "vpc-id"
-    values = [var.vpc_id]
-  }
-
-  tags = {
-    Type = "public"
-  }
-}
-
-locals {
-  alb_subnets = var.create_alb ? [for subnet in data.aws_subnets.public : subnet.id] : []
-}
-
+###################################################################
+## Application Load balancer
+###################################################################
 resource "aws_lb" "this" {
   name                       = var.alb.name
   internal                   = var.alb.internal
   load_balancer_type         = var.alb.load_balancer_type
   security_groups            = [aws_security_group.lb_sg.id]
-  subnets                    = var.alb.subnets
+  subnets                    = local.public_subnets
   idle_timeout               = var.alb.idle_timeout
   enable_deletion_protection = var.alb.enable_deletion_protection
   enable_http2               = var.alb.enable_http2
@@ -159,10 +146,13 @@ resource "aws_lb_listener" "http" {
       target_group_arn = length(each.value.actions) > 0 ? lookup(each.value.actions[0], "target_group_arn", null) : null
     }
   }
+  depends_on = [ aws_lb_target_group.this ]
 }
 
 
-
+###################################################################
+## Listener Rules
+###################################################################
 resource "aws_lb_listener_rule" "this" {
   for_each = var.create_listener_rule ? { for rule in var.listener_rules : "${rule.priority}" => rule } : {}
 
@@ -209,4 +199,6 @@ resource "aws_lb_listener_rule" "this" {
       }
     }
   }
+
+  depends_on = [ aws_lb_listener.http ]
 }
diff --git a/modules/alb/outputs.tf b/modules/alb/outputs.tf
@@ -22,11 +22,8 @@ output "alb_zone_id" {
 } */
 
 
-output "public_subnet_ids" {
-  value       = data.aws_subnets.public
-  description = "List of IDs of the public subnets in the specified VPC"
-}
 
-output "alb_subnets_debug" {
-  value = local.alb_subnets
+# Use the filtered subnets
+output "public_subnets" {
+  value = local.public_subnets
 }
diff --git a/modules/alb/variables.tf b/modules/alb/variables.tf
@@ -30,7 +30,6 @@ variable "alb" {
     enable_deletion_protection = optional(bool, false)
     enable_http2               = optional(bool, true)
     certificate_arn            = optional(string, null)
-    subnets                    = list(string)
 
     access_logs = optional(object({
       bucket  = string
@@ -84,7 +83,6 @@ variable "alb_target_group" {
 variable "listener_rules" {
   description = "List of listener rules to create"
   type = list(object({
-    # listener_arn = string
     priority = number
 
     conditions = list(object({

diff --git a/modules/ecs-cluster/main.tf b/modules/ecs-cluster/main.tf
@@ -67,7 +67,8 @@ resource "aws_ecs_cluster" "this" {
 }
 
 
-########################################################################CloudWatch Log Group
+########################################################################
+# CloudWatch Log Group
 ########################################################################
 resource "aws_cloudwatch_log_group" "this" {
   count = var.create && var.ecs_cluster.create_cloudwatch_log_group ? 1 : 0