diff options
author | pmikus <peter.mikus@protonmail.ch> | 2023-01-17 13:37:45 +0000 |
---|---|---|
committer | Peter Mikus <peter.mikus@protonmail.ch> | 2023-01-18 13:54:36 +0000 |
commit | e31069553a47428fa4ec1920fe6519bba8a876d2 (patch) | |
tree | c133db37a13cbc7aea29c3b7393e20eb39c44fa4 /fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/main.tf | |
parent | e0eb07f2ec67405abf621bcbe845598de92a0803 (diff) |
feat(dash): SSL certificate
Signed-off-by: pmikus <peter.mikus@protonmail.ch>
Change-Id: Iccab2214a62d5d928d989e8e0dcb927b8ae3390f
Diffstat (limited to 'fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/main.tf')
-rw-r--r-- | fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/main.tf | 208 |
1 files changed, 144 insertions, 64 deletions
diff --git a/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/main.tf b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/main.tf index 2e6fb44e36..fa33b13133 100644 --- a/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/main.tf +++ b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/main.tf @@ -1,8 +1,130 @@ locals { tags = { - "Name" = "${var.application_name}" "Environment" = "${var.application_name}" } + + # Settings for all loadbalancer types + generic_elb_settings = [ + { + namespace = "aws:elasticbeanstalk:environment" + name = "LoadBalancerType" + value = var.environment_loadbalancer_type + } + ] + + classic_elb_settings = [ + { + namespace = "aws:elb:loadbalancer" + name = "CrossZone" + value = var.environment_loadbalancer_crosszone + }, + { + namespace = "aws:elb:loadbalancer" + name = "SecurityGroups" + value = join(",", sort(var.environment_loadbalancer_security_groups)) + }, + { + namespace = "aws:elb:loadbalancer" + name = "ManagedSecurityGroup" + value = var.environment_loadbalancer_managed_security_group + }, + { + namespace = "aws:elb:listener" + name = "ListenerProtocol" + value = "HTTP" + }, + { + namespace = "aws:elb:listener" + name = "InstancePort" + value = var.environment_process_default_port + }, + { + namespace = "aws:elb:listener" + name = "ListenerEnabled" + value = var.default_listener_enabled || var.environment_loadbalancer_ssl_certificate_id == "" ? "true" : "false" + }, + { + namespace = "aws:elb:listener:443" + name = "ListenerProtocol" + value = "HTTPS" + }, + { + namespace = "aws:elb:listener:443" + name = "InstancePort" + value = var.environment_process_default_port + }, + { + namespace = "aws:elb:listener:443" + name = "SSLCertificateId" + value = var.environment_loadbalancer_ssl_certificate_id + }, + { + namespace = "aws:elb:listener:443" + name = "ListenerEnabled" + value = var.environment_loadbalancer_ssl_certificate_id == "" ? "false" : "true" + }, + { + namespace = "aws:elb:policies" + name = "ConnectionSettingIdleTimeout" + value = var.loadbalancer_connection_settings_idle_timeout + }, + { + namespace = "aws:elb:policies" + name = "ConnectionDrainingEnabled" + value = "true" + } + ] + + nlb_settings = [ + { + namespace = "aws:elbv2:listener:default" + name = "ListenerEnabled" + value = var.default_listener_enabled + } + ] + + beanstalk_elb_settings = [ + { + namespace = "aws:ec2:vpc" + name = "ELBSubnets" + value = aws_subnet.subnet.id + }, + { + namespace = "aws:elasticbeanstalk:environment:process:default" + name = "Port" + value = var.environment_process_default_port + }, + { + namespace = "aws:elasticbeanstalk:environment:process:default" + name = "Protocol" + value = var.environment_loadbalancer_type == "network" ? "TCP" : "HTTP" + }, + { + namespace = "aws:ec2:vpc" + name = "ELBScheme" + value = var.environment_type == "LoadBalanced" ? var.elb_scheme : "" + }, + { + namespace = "aws:elasticbeanstalk:environment:process:default" + name = "HealthCheckInterval" + value = var.environment_process_default_healthcheck_interval + }, + { + namespace = "aws:elasticbeanstalk:environment:process:default" + name = "HealthyThresholdCount" + value = var.environment_process_default_healthy_threshold_count + }, + { + namespace = "aws:elasticbeanstalk:environment:process:default" + name = "UnhealthyThresholdCount" + value = var.environment_process_default_unhealthy_threshold_count + } + ] + elb_settings_nlb = var.environment_loadbalancer_type == "network" ? concat(local.nlb_settings, local.generic_elb_settings, local.beanstalk_elb_settings) : [] + elb_setting_classic = var.environment_loadbalancer_type == "classic" ? concat(local.classic_elb_settings, local.generic_elb_settings, local.beanstalk_elb_settings) : [] + + # Full set of LoadBlanacer settings. + elb_settings = var.environment_tier == "WebServer" ? concat(local.elb_settings_nlb, local.elb_setting_classic) : [] } # Create elastic beanstalk VPC @@ -342,79 +464,16 @@ resource "aws_elastic_beanstalk_environment" "environment" { setting { namespace = "aws:ec2:vpc" - name = "ELBSubnets" - value = aws_subnet.subnet.id - } - - setting { - namespace = "aws:ec2:vpc" - name = "ELBScheme" - value = var.environment_type == "LoadBalanced" ? var.elb_scheme : "" - } - - setting { - namespace = "aws:ec2:vpc" name = "AssociatePublicIpAddress" value = var.associate_public_ip_address } setting { - namespace = "aws:elasticbeanstalk:application" - name = "Application Healthcheck URL" - value = "/" - } - - # aws:elbv2:listener:default - setting { - namespace = "aws:elbv2:listener:default" - name = "ListenerEnabled" - value = var.default_listener_enabled - } - - # aws:elasticbeanstalk:environment - setting { - namespace = "aws:elasticbeanstalk:environment" - name = "LoadBalancerType" - value = var.environment_loadbalancer_type - } - - setting { namespace = "aws:elasticbeanstalk:environment" name = "ServiceRole" value = aws_iam_role.service.name } - # aws:elasticbeanstalk:environment:process:default - setting { - namespace = "aws:elasticbeanstalk:environment:process:default" - name = "HealthCheckInterval" - value = var.environment_process_default_healthcheck_interval - } - - setting { - namespace = "aws:elasticbeanstalk:environment:process:default" - name = "HealthyThresholdCount" - value = var.environment_process_default_healthy_threshold_count - } - - setting { - namespace = "aws:elasticbeanstalk:environment:process:default" - name = "Port" - value = var.environment_process_default_port - } - - setting { - namespace = "aws:elasticbeanstalk:environment:process:default" - name = "Protocol" - value = var.environment_loadbalancer_type == "network" ? "TCP" : "HTTP" - } - - setting { - namespace = "aws:elasticbeanstalk:environment:process:default" - name = "UnhealthyThresholdCount" - value = var.environment_process_default_unhealthy_threshold_count - } - # aws:autoscaling:launchconfiguration setting { namespace = "aws:autoscaling:launchconfiguration" @@ -428,6 +487,15 @@ resource "aws_elastic_beanstalk_environment" "environment" { value = true } + dynamic "setting" { + for_each = local.elb_settings + content { + namespace = setting.value["namespace"] + name = setting.value["name"] + value = setting.value["value"] + } + } + # aws:autoscaling:updatepolicy:rollingupdate setting { namespace = "aws:autoscaling:updatepolicy:rollingupdate" @@ -447,6 +515,12 @@ resource "aws_elastic_beanstalk_environment" "environment" { value = var.autoscaling_updatepolicy_min_instance_in_service } + setting { + namespace = "aws:elasticbeanstalk:application" + name = "Application Healthcheck URL" + value = var.application_healthcheck_url + } + # aws:elasticbeanstalk:command setting { namespace = "aws:elasticbeanstalk:command" @@ -494,6 +568,12 @@ resource "aws_elastic_beanstalk_environment" "environment" { value = var.managedactions_platformupdate_instance_refresh_enabled } + setting { + namespace = "aws:elasticbeanstalk:command" + name = "IgnoreHealthCheck" + value = var.command_ignore_health_check + } + # aws:autoscaling:asg setting { namespace = "aws:autoscaling:asg" |