Added alb module

sourcefuse · Dec 5, 2024 · fe71391 · fe71391
1 parent 3f23674
commit fe71391
Show file tree

Hide file tree

Showing 5 changed files with 157 additions and 60 deletions.
diff --git a/example/alb/.terraform.lock.hcl b/example/alb/.terraform.lock.hcl
diff --git a/example/alb/main.tf b/example/alb/main.tf
@@ -9,24 +9,27 @@ terraform {
   }
 }
 
-
 module "alb" {
   source = "../../modules/alb"
 
+  vpc_id = "vpc-123445"
+
   alb = {
     name = "arc-poc-alb"
     internal = false
+    subnets = ["subnet-1123", "subnet-1113"]
   }
 
   alb_target_group = [{
     name = "arc-poc-alb-tg"
     port = 80
-    vpc_id = "vpc-1234"
+    protocol = "HTTP"
+    vpc_id = "vpc-123445"
     health_check = {
       enabled = true
       path = "/"
     }
   }]
 
-  listener_rules = {}
+  listener_rules = []
 }
diff --git a/modules/alb/main.tf b/modules/alb/main.tf
@@ -1,6 +1,6 @@
-################################################################################
+###################################################################
 ## defaults
-################################################################################
+###################################################################
 terraform {
   required_version = "~> 1.5"
 
@@ -11,32 +11,85 @@ terraform {
     }
   }
 }
+provider "aws" {
+  region = var.region
+}
 
-################################################################################
+###################################################################
 ## Load balancer
-################################################################################
+###################################################################
+resource "aws_security_group" "lb_sg" {
+  name        = "${var.alb.name}-sg"
+  description = "Default security group for internet facing ALB"
+  vpc_id      = var.vpc_id
+
+  ingress {
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
 
-resource "aws_lb" "this" {
-  count = var.create_alb ? 1 : 0
+  ingress {
+    from_port   = 443
+    to_port     = 443
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  tags = {
+    Name = "${var.alb.name}-sg"
+  }
+}
+
+
+data "aws_subnets" "public" {
+  filter {
+    name   = "vpc-id"
+    values = [var.vpc_id]
+  }
+
+  tags = {
+    Type = "public"
+  }
+}
 
+locals {
+  alb_subnets = var.create_alb ? [for subnet in data.aws_subnets.public : subnet.id] : []
+}
+
+resource "aws_lb" "this" {
   name                       = var.alb.name
   internal                   = var.alb.internal
   load_balancer_type         = var.alb.load_balancer_type
   security_groups            = [aws_security_group.lb_sg.id]
-  subnets                    = [for subnet in aws_subnet.public : subnet.id]
+  subnets                    = var.alb.subnets
   idle_timeout               = var.alb.idle_timeout
   enable_deletion_protection = var.alb.enable_deletion_protection
   enable_http2               = var.alb.enable_http2
 
-  access_logs {
-    bucket  = var.alb.access_logs.bucket
-    enabled = var.alb.access_logs.enabled
-    prefix  = var.alb.access_logs.prefix
+  dynamic "access_logs" {
+    for_each = var.alb.access_logs != null ? [var.alb.access_logs] : []
+
+    content {
+      bucket  = access_logs.value.bucket
+      enabled = access_logs.value.enabled
+      prefix  = access_logs.value.prefix
+    }
   }
 }
 
 
+###################################################################
 ## Target Group
+###################################################################
 
 resource "aws_lb_target_group" "this" {
   for_each = { for tg in var.alb_target_group : tg.name => tg }
@@ -66,7 +119,7 @@ resource "aws_lb_target_group" "this" {
   }
 
   dynamic "stickiness" {
-    for_each = each.value.stickiness != null && each.value.stickiness.enabled ? [each.value.stickiness] : []
+    for_each = each.value.stickiness != null ? [each.value.stickiness] : []
     content {
       cookie_duration = stickiness.value.cookie_duration
       type            = stickiness.value.type
@@ -77,51 +130,63 @@ resource "aws_lb_target_group" "this" {
     create_before_destroy = true
   }
 
-	tags = each.value.tags
+  tags = each.value.tags
 }
 
-# Listener
+###################################################################
+## Listener
+###################################################################
+
 resource "aws_lb_listener" "http" {
   load_balancer_arn = aws_lb.this.arn
   port              = var.alb.port
   protocol          = var.alb.protocol
 
-  certificate_arn   = var.alb.certificate_arn
+  certificate_arn = var.alb.certificate_arn
 
+  # Static "default_action" for forward
+  default_action {
+    type             = "forward"
+    target_group_arn = aws_lb_target_group.this[var.alb_target_group[0].name].arn
+  }
+
+ # Dynamic "default_action" for variable-driven actions
   dynamic "default_action" {
     for_each = var.listener_rules
+
     content {
-      type             = each.value.actions[0].type
-      target_group_arn = lookup(each.value.actions[0], "target_group_arn", null)
+      type             = length(each.value.actions) > 0 ? each.value.actions[0].type : null
+      target_group_arn = length(each.value.actions) > 0 ? lookup(each.value.actions[0], "target_group_arn", null) : null
     }
   }
 }
 
 
+
 resource "aws_lb_listener_rule" "this" {
   for_each = var.create_listener_rule ? { for rule in var.listener_rules : "${rule.priority}" => rule } : {}
 
   listener_arn = aws_lb_listener.http.arn
   priority     = each.value.priority
 
   dynamic "condition" {
-  for_each = each.value.conditions
-  content {
-    dynamic "host_header" {
-      for_each = each.value.field == "host-header" ? [each.value] : []
-      content {
-        values = each.value.values
+    for_each = each.value.conditions
+    content {
+      dynamic "host_header" {
+        for_each = each.value.field == "host-header" ? [each.value] : []
+        content {
+          values = each.value.values
+        }
       }
-    }
 
-    dynamic "path_pattern" {
-      for_each = each.value.field == "path-pattern" ? [each.value] : []
-      content {
-        values = each.value.values
+      dynamic "path_pattern" {
+        for_each = each.value.field == "path-pattern" ? [each.value] : []
+        content {
+          values = each.value.values
+        }
       }
     }
   }
-}
 
   dynamic "action" {
     for_each = each.value.actions

diff --git a/modules/alb/outputs.tf b/modules/alb/outputs.tf
@@ -1,22 +1,32 @@
 ################################################################################
 ## alb
 ################################################################################
-output "alb_name" {
+/* output "alb_name" {
   description = "Name of the ALB"
   value       = module.alb.alb_name
 }
 
 output "alb_arn" {
   description = "ARN to the ALB"
-  value       = module.alb.alb_arn
+  value       = aws_lb.this.alb_arn
 }
 
 output "alb_dns_name" {
   description = "External DNS name to the ALB"
-  value       = module.alb.alb_dns_name
+  value       = aws_lb.this.alb_dns_name
 }
 
 output "alb_zone_id" {
   description = "Zone ID of the ALB"
-  value       = module.alb.alb_zone_id
+  value       = aws_lb.this.alb_zone_id
+} */
+
+
+output "public_subnet_ids" {
+  value = data.aws_subnets.public
+  description = "List of IDs of the public subnets in the specified VPC"
+}
+
+output "alb_subnets_debug" {
+  value = local.alb_subnets
 }
diff --git a/modules/alb/variables.tf b/modules/alb/variables.tf
@@ -5,19 +5,32 @@ variable "create_alb" {
 }
 
 variable "create_listener_rule" {
-  type        = bool
-  default     = false
+  type    = bool
+  default = false
+}
+
+variable "region" {
+  type    = string
+  default = "us-east-1"
+}
+
+variable "vpc_id" {
+  type        = string
+  description = "VPC in which security group for ALB has to be created"
 }
 
 variable "alb" {
   type = object({
     name                       = optional(string, null)
+    port                       = optional(number)
+    protocol                   = optional(string, "HTTP")
     internal                   = optional(bool, false)
     load_balancer_type         = optional(string, "application")
     idle_timeout               = optional(number, 60)
     enable_deletion_protection = optional(bool, false)
     enable_http2               = optional(bool, true)
     certificate_arn            = optional(string, null)
+    subnets                = list(string)
 
     access_logs = optional(object({
       bucket  = string
@@ -29,10 +42,11 @@ variable "alb" {
   })
 }
 
+
 variable "alb_target_group" {
   description = "List of target groups to create"
   type = list(object({
-    name                              = optional(string, null)
+    name                              = optional(string, "target-group")
     port                              = number
     protocol                          = optional(string, null)
     protocol_version                  = optional(string, "HTTP1")
@@ -70,12 +84,14 @@ variable "alb_target_group" {
 variable "listener_rules" {
   description = "List of listener rules to create"
   type = list(object({
-    listener_arn = string
-    priority     = number
-    conditions  = list(object({
-      field     = string
-      values    = list(string)
+    # listener_arn = string
+    priority = number
+
+    conditions = list(object({
+      field  = string
+      values = list(string)
     }))
+
     actions = list(object({
       type             = string
       target_group_arn = optional(string)
@@ -88,11 +104,14 @@ variable "listener_rules" {
         query       = optional(string)
         status_code = string
       }), null)
+
       fixed_response = optional(object({
         content_type = string
         message_body = optional(string)
         status_code  = optional(string)
       }), null)
+
     }))
+
   }))
 }