aboutsummaryrefslogtreecommitdiffstats
path: root/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/main.tf
diff options
context:
space:
mode:
authorpmikus <peter.mikus@protonmail.ch>2023-01-24 12:11:36 +0000
committerPeter Mikus <peter.mikus@protonmail.ch>2023-01-24 12:24:42 +0000
commita4ccb8a9e56e9e3b4db9dd13851f908196ee32a7 (patch)
treeda6641d3113620dacaa18b9596ad3f4e567a9714 /fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/main.tf
parent752538617f43672a0a9eeb93432929032cca05d3 (diff)
fix(dash): Migrate to alb
Signed-off-by: pmikus <peter.mikus@protonmail.ch> Change-Id: I315d91e68ed3f626b399cf1bb237859f7cadc9ff
Diffstat (limited to 'fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/main.tf')
-rw-r--r--fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/main.tf158
1 files changed, 81 insertions, 77 deletions
diff --git a/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/main.tf b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/main.tf
index fa33b13133..44373ed4de 100644
--- a/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/main.tf
+++ b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/main.tf
@@ -1,5 +1,6 @@
locals {
tags = {
+ "Name" = "${var.application_name}"
"Environment" = "${var.application_name}"
}
@@ -12,119 +13,108 @@ locals {
}
]
- classic_elb_settings = [
+ elb_settings = [
{
- namespace = "aws:elb:loadbalancer"
- name = "CrossZone"
- value = var.environment_loadbalancer_crosszone
- },
- {
- namespace = "aws:elb:loadbalancer"
- name = "SecurityGroups"
- value = join(",", sort(var.environment_loadbalancer_security_groups))
- },
- {
- namespace = "aws:elb:loadbalancer"
- name = "ManagedSecurityGroup"
- value = var.environment_loadbalancer_managed_security_group
- },
- {
- namespace = "aws:elb:listener"
- name = "ListenerProtocol"
- value = "HTTP"
+ namespace = "aws:ec2:vpc"
+ name = "ELBSubnets"
+ value = join(",", [aws_subnet.subnet_a.id, aws_subnet.subnet_b.id])
},
{
- namespace = "aws:elb:listener"
- name = "InstancePort"
+ namespace = "aws:elasticbeanstalk:environment:process:default"
+ name = "Port"
value = var.environment_process_default_port
},
{
- namespace = "aws:elb:listener"
- name = "ListenerEnabled"
- value = var.default_listener_enabled || var.environment_loadbalancer_ssl_certificate_id == "" ? "true" : "false"
- },
- {
- namespace = "aws:elb:listener:443"
- name = "ListenerProtocol"
- value = "HTTPS"
- },
- {
- namespace = "aws:elb:listener:443"
- name = "InstancePort"
- value = var.environment_process_default_port
+ namespace = "aws:elasticbeanstalk:environment:process:default"
+ name = "Protocol"
+ value = var.environment_loadbalancer_type == "network" ? "TCP" : "HTTP"
},
{
- namespace = "aws:elb:listener:443"
- name = "SSLCertificateId"
- value = var.environment_loadbalancer_ssl_certificate_id
+ namespace = "aws:ec2:vpc"
+ name = "ELBScheme"
+ value = var.environment_type == "LoadBalanced" ? var.elb_scheme : ""
},
{
- namespace = "aws:elb:listener:443"
- name = "ListenerEnabled"
- value = var.environment_loadbalancer_ssl_certificate_id == "" ? "false" : "true"
+ namespace = "aws:elasticbeanstalk:environment:process:default"
+ name = "HealthCheckInterval"
+ value = var.environment_process_default_healthcheck_interval
},
{
- namespace = "aws:elb:policies"
- name = "ConnectionSettingIdleTimeout"
- value = var.loadbalancer_connection_settings_idle_timeout
+ namespace = "aws:elasticbeanstalk:environment:process:default"
+ name = "HealthyThresholdCount"
+ value = var.environment_process_default_healthy_threshold_count
},
{
- namespace = "aws:elb:policies"
- name = "ConnectionDrainingEnabled"
- value = "true"
+ namespace = "aws:elasticbeanstalk:environment:process:default"
+ name = "UnhealthyThresholdCount"
+ value = var.environment_process_default_unhealthy_threshold_count
}
]
- nlb_settings = [
+ generic_alb_settings = [
{
- namespace = "aws:elbv2:listener:default"
- name = "ListenerEnabled"
- value = var.default_listener_enabled
+ namespace = "aws:elbv2:loadbalancer"
+ name = "SecurityGroups"
+ value = join(",", sort(var.environment_loadbalancer_security_groups))
}
]
- beanstalk_elb_settings = [
+ alb_settings = [
{
- namespace = "aws:ec2:vpc"
- name = "ELBSubnets"
- value = aws_subnet.subnet.id
+ namespace = "aws:elbv2:listener:default"
+ name = "ListenerEnabled"
+ value = var.default_listener_enabled || var.environment_loadbalancer_ssl_certificate_id == "" ? "true" : "false"
},
{
- namespace = "aws:elasticbeanstalk:environment:process:default"
- name = "Port"
- value = var.environment_process_default_port
+ namespace = "aws:elbv2:loadbalancer"
+ name = "ManagedSecurityGroup"
+ value = var.environment_loadbalancer_managed_security_group
},
{
- namespace = "aws:elasticbeanstalk:environment:process:default"
+ namespace = "aws:elbv2:listener:443"
+ name = "ListenerEnabled"
+ value = var.environment_loadbalancer_ssl_certificate_id == "" ? "false" : "true"
+ },
+ {
+ namespace = "aws:elbv2:listener:443"
name = "Protocol"
- value = var.environment_loadbalancer_type == "network" ? "TCP" : "HTTP"
+ value = "HTTPS"
},
{
- namespace = "aws:ec2:vpc"
- name = "ELBScheme"
- value = var.environment_type == "LoadBalanced" ? var.elb_scheme : ""
+ namespace = "aws:elbv2:listener:443"
+ name = "SSLCertificateArns"
+ value = var.environment_loadbalancer_ssl_certificate_id
},
{
namespace = "aws:elasticbeanstalk:environment:process:default"
- name = "HealthCheckInterval"
- value = var.environment_process_default_healthcheck_interval
+ name = "HealthCheckPath"
+ value = var.application_healthcheck_url
},
{
namespace = "aws:elasticbeanstalk:environment:process:default"
- name = "HealthyThresholdCount"
- value = var.environment_process_default_healthy_threshold_count
+ name = "MatcherHTTPCode"
+ value = join(",", sort(var.default_matcher_http_code))
},
{
namespace = "aws:elasticbeanstalk:environment:process:default"
- name = "UnhealthyThresholdCount"
- value = var.environment_process_default_unhealthy_threshold_count
+ name = "HealthCheckTimeout"
+ value = var.default_health_check_timeout
+ }
+ ]
+
+ nlb_settings = [
+ {
+ namespace = "aws:elbv2:listener:default"
+ name = "ListenerEnabled"
+ value = var.default_listener_enabled
}
]
- elb_settings_nlb = var.environment_loadbalancer_type == "network" ? concat(local.nlb_settings, local.generic_elb_settings, local.beanstalk_elb_settings) : []
- elb_setting_classic = var.environment_loadbalancer_type == "classic" ? concat(local.classic_elb_settings, local.generic_elb_settings, local.beanstalk_elb_settings) : []
+
+ settings_nlb = var.environment_loadbalancer_type == "network" ? concat(local.nlb_settings, local.generic_elb_settings, local.elb_settings) : []
+ settings_alb = var.environment_loadbalancer_type == "application" ? concat(local.generic_alb_settings, local.alb_settings, local.generic_elb_settings, local.elb_settings) : []
# Full set of LoadBlanacer settings.
- elb_settings = var.environment_tier == "WebServer" ? concat(local.elb_settings_nlb, local.elb_setting_classic) : []
+ elb = var.environment_tier == "WebServer" ? concat(local.settings_nlb, local.settings_alb) : []
}
# Create elastic beanstalk VPC
@@ -138,19 +128,32 @@ resource "aws_vpc" "vpc" {
}
# Create elastic beanstalk Subnets
-resource "aws_subnet" "subnet" {
+resource "aws_subnet" "subnet_a" {
depends_on = [
aws_vpc.vpc
]
- availability_zone = var.subnet_availability_zone
+ availability_zone = var.subnet_a_availability_zone
assign_ipv6_address_on_creation = true
- cidr_block = aws_vpc.vpc.cidr_block
+ cidr_block = var.subnet_a_cidr_block
ipv6_cidr_block = cidrsubnet(aws_vpc.vpc.ipv6_cidr_block, 8, 1)
map_public_ip_on_launch = true
vpc_id = aws_vpc.vpc.id
tags = local.tags
}
+resource "aws_subnet" "subnet_b" {
+ depends_on = [
+ aws_vpc.vpc
+ ]
+ availability_zone = var.subnet_b_availability_zone
+ assign_ipv6_address_on_creation = true
+ cidr_block = var.subnet_b_cidr_block
+ ipv6_cidr_block = cidrsubnet(aws_vpc.vpc.ipv6_cidr_block, 8, 2)
+ map_public_ip_on_launch = true
+ vpc_id = aws_vpc.vpc.id
+ tags = local.tags
+}
+
resource "aws_internet_gateway" "internet_gateway" {
depends_on = [
aws_vpc.vpc
@@ -430,7 +433,8 @@ resource "aws_iam_role_policy" "default" {
resource "aws_elastic_beanstalk_environment" "environment" {
depends_on = [
aws_vpc.vpc,
- aws_subnet.subnet,
+ aws_subnet.subnet_a,
+ aws_subnet.subnet_b,
aws_ssm_activation.ec2
]
application = var.environment_application
@@ -459,7 +463,7 @@ resource "aws_elastic_beanstalk_environment" "environment" {
setting {
namespace = "aws:ec2:vpc"
name = "Subnets"
- value = aws_subnet.subnet.id
+ value = join(",", [aws_subnet.subnet_a.id, aws_subnet.subnet_b.id])
}
setting {
@@ -488,7 +492,7 @@ resource "aws_elastic_beanstalk_environment" "environment" {
}
dynamic "setting" {
- for_each = local.elb_settings
+ for_each = local.elb
content {
namespace = setting.value["namespace"]
name = setting.value["name"]