diff options
author | pmikus <peter.mikus@protonmail.ch> | 2023-01-24 12:11:36 +0000 |
---|---|---|
committer | Peter Mikus <peter.mikus@protonmail.ch> | 2023-01-24 12:24:42 +0000 |
commit | a4ccb8a9e56e9e3b4db9dd13851f908196ee32a7 (patch) | |
tree | da6641d3113620dacaa18b9596ad3f4e567a9714 /fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/main.tf | |
parent | 752538617f43672a0a9eeb93432929032cca05d3 (diff) |
fix(dash): Migrate to alb
Signed-off-by: pmikus <peter.mikus@protonmail.ch>
Change-Id: I315d91e68ed3f626b399cf1bb237859f7cadc9ff
Diffstat (limited to 'fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/main.tf')
-rw-r--r-- | fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/main.tf | 158 |
1 files changed, 81 insertions, 77 deletions
diff --git a/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/main.tf b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/main.tf index fa33b13133..44373ed4de 100644 --- a/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/main.tf +++ b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/main.tf @@ -1,5 +1,6 @@ locals { tags = { + "Name" = "${var.application_name}" "Environment" = "${var.application_name}" } @@ -12,119 +13,108 @@ locals { } ] - classic_elb_settings = [ + elb_settings = [ { - namespace = "aws:elb:loadbalancer" - name = "CrossZone" - value = var.environment_loadbalancer_crosszone - }, - { - namespace = "aws:elb:loadbalancer" - name = "SecurityGroups" - value = join(",", sort(var.environment_loadbalancer_security_groups)) - }, - { - namespace = "aws:elb:loadbalancer" - name = "ManagedSecurityGroup" - value = var.environment_loadbalancer_managed_security_group - }, - { - namespace = "aws:elb:listener" - name = "ListenerProtocol" - value = "HTTP" + namespace = "aws:ec2:vpc" + name = "ELBSubnets" + value = join(",", [aws_subnet.subnet_a.id, aws_subnet.subnet_b.id]) }, { - namespace = "aws:elb:listener" - name = "InstancePort" + namespace = "aws:elasticbeanstalk:environment:process:default" + name = "Port" value = var.environment_process_default_port }, { - namespace = "aws:elb:listener" - name = "ListenerEnabled" - value = var.default_listener_enabled || var.environment_loadbalancer_ssl_certificate_id == "" ? "true" : "false" - }, - { - namespace = "aws:elb:listener:443" - name = "ListenerProtocol" - value = "HTTPS" - }, - { - namespace = "aws:elb:listener:443" - name = "InstancePort" - value = var.environment_process_default_port + namespace = "aws:elasticbeanstalk:environment:process:default" + name = "Protocol" + value = var.environment_loadbalancer_type == "network" ? "TCP" : "HTTP" }, { - namespace = "aws:elb:listener:443" - name = "SSLCertificateId" - value = var.environment_loadbalancer_ssl_certificate_id + namespace = "aws:ec2:vpc" + name = "ELBScheme" + value = var.environment_type == "LoadBalanced" ? var.elb_scheme : "" }, { - namespace = "aws:elb:listener:443" - name = "ListenerEnabled" - value = var.environment_loadbalancer_ssl_certificate_id == "" ? "false" : "true" + namespace = "aws:elasticbeanstalk:environment:process:default" + name = "HealthCheckInterval" + value = var.environment_process_default_healthcheck_interval }, { - namespace = "aws:elb:policies" - name = "ConnectionSettingIdleTimeout" - value = var.loadbalancer_connection_settings_idle_timeout + namespace = "aws:elasticbeanstalk:environment:process:default" + name = "HealthyThresholdCount" + value = var.environment_process_default_healthy_threshold_count }, { - namespace = "aws:elb:policies" - name = "ConnectionDrainingEnabled" - value = "true" + namespace = "aws:elasticbeanstalk:environment:process:default" + name = "UnhealthyThresholdCount" + value = var.environment_process_default_unhealthy_threshold_count } ] - nlb_settings = [ + generic_alb_settings = [ { - namespace = "aws:elbv2:listener:default" - name = "ListenerEnabled" - value = var.default_listener_enabled + namespace = "aws:elbv2:loadbalancer" + name = "SecurityGroups" + value = join(",", sort(var.environment_loadbalancer_security_groups)) } ] - beanstalk_elb_settings = [ + alb_settings = [ { - namespace = "aws:ec2:vpc" - name = "ELBSubnets" - value = aws_subnet.subnet.id + namespace = "aws:elbv2:listener:default" + name = "ListenerEnabled" + value = var.default_listener_enabled || var.environment_loadbalancer_ssl_certificate_id == "" ? "true" : "false" }, { - namespace = "aws:elasticbeanstalk:environment:process:default" - name = "Port" - value = var.environment_process_default_port + namespace = "aws:elbv2:loadbalancer" + name = "ManagedSecurityGroup" + value = var.environment_loadbalancer_managed_security_group }, { - namespace = "aws:elasticbeanstalk:environment:process:default" + namespace = "aws:elbv2:listener:443" + name = "ListenerEnabled" + value = var.environment_loadbalancer_ssl_certificate_id == "" ? "false" : "true" + }, + { + namespace = "aws:elbv2:listener:443" name = "Protocol" - value = var.environment_loadbalancer_type == "network" ? "TCP" : "HTTP" + value = "HTTPS" }, { - namespace = "aws:ec2:vpc" - name = "ELBScheme" - value = var.environment_type == "LoadBalanced" ? var.elb_scheme : "" + namespace = "aws:elbv2:listener:443" + name = "SSLCertificateArns" + value = var.environment_loadbalancer_ssl_certificate_id }, { namespace = "aws:elasticbeanstalk:environment:process:default" - name = "HealthCheckInterval" - value = var.environment_process_default_healthcheck_interval + name = "HealthCheckPath" + value = var.application_healthcheck_url }, { namespace = "aws:elasticbeanstalk:environment:process:default" - name = "HealthyThresholdCount" - value = var.environment_process_default_healthy_threshold_count + name = "MatcherHTTPCode" + value = join(",", sort(var.default_matcher_http_code)) }, { namespace = "aws:elasticbeanstalk:environment:process:default" - name = "UnhealthyThresholdCount" - value = var.environment_process_default_unhealthy_threshold_count + name = "HealthCheckTimeout" + value = var.default_health_check_timeout + } + ] + + nlb_settings = [ + { + namespace = "aws:elbv2:listener:default" + name = "ListenerEnabled" + value = var.default_listener_enabled } ] - elb_settings_nlb = var.environment_loadbalancer_type == "network" ? concat(local.nlb_settings, local.generic_elb_settings, local.beanstalk_elb_settings) : [] - elb_setting_classic = var.environment_loadbalancer_type == "classic" ? concat(local.classic_elb_settings, local.generic_elb_settings, local.beanstalk_elb_settings) : [] + + settings_nlb = var.environment_loadbalancer_type == "network" ? concat(local.nlb_settings, local.generic_elb_settings, local.elb_settings) : [] + settings_alb = var.environment_loadbalancer_type == "application" ? concat(local.generic_alb_settings, local.alb_settings, local.generic_elb_settings, local.elb_settings) : [] # Full set of LoadBlanacer settings. - elb_settings = var.environment_tier == "WebServer" ? concat(local.elb_settings_nlb, local.elb_setting_classic) : [] + elb = var.environment_tier == "WebServer" ? concat(local.settings_nlb, local.settings_alb) : [] } # Create elastic beanstalk VPC @@ -138,19 +128,32 @@ resource "aws_vpc" "vpc" { } # Create elastic beanstalk Subnets -resource "aws_subnet" "subnet" { +resource "aws_subnet" "subnet_a" { depends_on = [ aws_vpc.vpc ] - availability_zone = var.subnet_availability_zone + availability_zone = var.subnet_a_availability_zone assign_ipv6_address_on_creation = true - cidr_block = aws_vpc.vpc.cidr_block + cidr_block = var.subnet_a_cidr_block ipv6_cidr_block = cidrsubnet(aws_vpc.vpc.ipv6_cidr_block, 8, 1) map_public_ip_on_launch = true vpc_id = aws_vpc.vpc.id tags = local.tags } +resource "aws_subnet" "subnet_b" { + depends_on = [ + aws_vpc.vpc + ] + availability_zone = var.subnet_b_availability_zone + assign_ipv6_address_on_creation = true + cidr_block = var.subnet_b_cidr_block + ipv6_cidr_block = cidrsubnet(aws_vpc.vpc.ipv6_cidr_block, 8, 2) + map_public_ip_on_launch = true + vpc_id = aws_vpc.vpc.id + tags = local.tags +} + resource "aws_internet_gateway" "internet_gateway" { depends_on = [ aws_vpc.vpc @@ -430,7 +433,8 @@ resource "aws_iam_role_policy" "default" { resource "aws_elastic_beanstalk_environment" "environment" { depends_on = [ aws_vpc.vpc, - aws_subnet.subnet, + aws_subnet.subnet_a, + aws_subnet.subnet_b, aws_ssm_activation.ec2 ] application = var.environment_application @@ -459,7 +463,7 @@ resource "aws_elastic_beanstalk_environment" "environment" { setting { namespace = "aws:ec2:vpc" name = "Subnets" - value = aws_subnet.subnet.id + value = join(",", [aws_subnet.subnet_a.id, aws_subnet.subnet_b.id]) } setting { @@ -488,7 +492,7 @@ resource "aws_elastic_beanstalk_environment" "environment" { } dynamic "setting" { - for_each = local.elb_settings + for_each = local.elb content { namespace = setting.value["namespace"] name = setting.value["name"] |