diff options
| author |   pmikus <peter.mikus@protonmail.ch> | 2023-01-24 12:11:36 +0000 |
|---|---|---|
| committer | Peter Mikus <peter.mikus@protonmail.ch> | 2023-01-24 12:24:42 +0000 |
| commit | a4ccb8a9e56e9e3b4db9dd13851f908196ee32a7 (patch) | |
| tree | da6641d3113620dacaa18b9596ad3f4e567a9714 /fdio.infra.terraform | |
| parent | 752538617f43672a0a9eeb93432929032cca05d3 (diff) | |
fix(dash): Migrate to alb
Signed-off-by: pmikus <peter.mikus@protonmail.ch>
Change-Id: I315d91e68ed3f626b399cf1bb237859f7cadc9ff
Diffstat (limited to 'fdio.infra.terraform')
3 files changed, 128 insertions, 97 deletions
diff --git a/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/main.tf b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/main.tf index fa33b13133..44373ed4de 100644 --- a/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/main.tf +++ b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/main.tf @@ -1,5 +1,6 @@ locals { tags = { + "Name" = "${var.application_name}" "Environment" = "${var.application_name}" } @@ -12,119 +13,108 @@ locals { } ] - classic_elb_settings = [ + elb_settings = [ { - namespace = "aws:elb:loadbalancer" - name = "CrossZone" - value = var.environment_loadbalancer_crosszone - }, - { - namespace = "aws:elb:loadbalancer" - name = "SecurityGroups" - value = join(",", sort(var.environment_loadbalancer_security_groups)) - }, - { - namespace = "aws:elb:loadbalancer" - name = "ManagedSecurityGroup" - value = var.environment_loadbalancer_managed_security_group - }, - { - namespace = "aws:elb:listener" - name = "ListenerProtocol" - value = "HTTP" + namespace = "aws:ec2:vpc" + name = "ELBSubnets" + value = join(",", [aws_subnet.subnet_a.id, aws_subnet.subnet_b.id]) }, { - namespace = "aws:elb:listener" - name = "InstancePort" + namespace = "aws:elasticbeanstalk:environment:process:default" + name = "Port" value = var.environment_process_default_port }, { - namespace = "aws:elb:listener" - name = "ListenerEnabled" - value = var.default_listener_enabled || var.environment_loadbalancer_ssl_certificate_id == "" ? "true" : "false" - }, - { - namespace = "aws:elb:listener:443" - name = "ListenerProtocol" - value = "HTTPS" - }, - { - namespace = "aws:elb:listener:443" - name = "InstancePort" - value = var.environment_process_default_port + namespace = "aws:elasticbeanstalk:environment:process:default" + name = "Protocol" + value = var.environment_loadbalancer_type == "network" ? "TCP" : "HTTP" }, { - namespace = "aws:elb:listener:443" - name = "SSLCertificateId" - value = var.environment_loadbalancer_ssl_certificate_id + namespace = "aws:ec2:vpc" + name = "ELBScheme" + value = var.environment_type == "LoadBalanced" ? var.elb_scheme : "" }, { - namespace = "aws:elb:listener:443" - name = "ListenerEnabled" - value = var.environment_loadbalancer_ssl_certificate_id == "" ? "false" : "true" + namespace = "aws:elasticbeanstalk:environment:process:default" + name = "HealthCheckInterval" + value = var.environment_process_default_healthcheck_interval }, { - namespace = "aws:elb:policies" - name = "ConnectionSettingIdleTimeout" - value = var.loadbalancer_connection_settings_idle_timeout + namespace = "aws:elasticbeanstalk:environment:process:default" + name = "HealthyThresholdCount" + value = var.environment_process_default_healthy_threshold_count }, { - namespace = "aws:elb:policies" - name = "ConnectionDrainingEnabled" - value = "true" + namespace = "aws:elasticbeanstalk:environment:process:default" + name = "UnhealthyThresholdCount" + value = var.environment_process_default_unhealthy_threshold_count } ] - nlb_settings = [ + generic_alb_settings = [ { - namespace = "aws:elbv2:listener:default" - name = "ListenerEnabled" - value = var.default_listener_enabled + namespace = "aws:elbv2:loadbalancer" + name = "SecurityGroups" + value = join(",", sort(var.environment_loadbalancer_security_groups)) } ] - beanstalk_elb_settings = [ + alb_settings = [ { - namespace = "aws:ec2:vpc" - name = "ELBSubnets" - value = aws_subnet.subnet.id + namespace = "aws:elbv2:listener:default" + name = "ListenerEnabled" + value = var.default_listener_enabled || var.environment_loadbalancer_ssl_certificate_id == "" ? "true" : "false" }, { - namespace = "aws:elasticbeanstalk:environment:process:default" - name = "Port" - value = var.environment_process_default_port + namespace = "aws:elbv2:loadbalancer" + name = "ManagedSecurityGroup" + value = var.environment_loadbalancer_managed_security_group }, { - namespace = "aws:elasticbeanstalk:environment:process:default" + namespace = "aws:elbv2:listener:443" + name = "ListenerEnabled" + value = var.environment_loadbalancer_ssl_certificate_id == "" ? "false" : "true" + }, + { + namespace = "aws:elbv2:listener:443" name = "Protocol" - value = var.environment_loadbalancer_type == "network" ? "TCP" : "HTTP" + value = "HTTPS" }, { - namespace = "aws:ec2:vpc" - name = "ELBScheme" - value = var.environment_type == "LoadBalanced" ? var.elb_scheme : "" + namespace = "aws:elbv2:listener:443" + name = "SSLCertificateArns" + value = var.environment_loadbalancer_ssl_certificate_id }, { namespace = "aws:elasticbeanstalk:environment:process:default" - name = "HealthCheckInterval" - value = var.environment_process_default_healthcheck_interval + name = "HealthCheckPath" + value = var.application_healthcheck_url }, { namespace = "aws:elasticbeanstalk:environment:process:default" - name = "HealthyThresholdCount" - value = var.environment_process_default_healthy_threshold_count + name = "MatcherHTTPCode" + value = join(",", sort(var.default_matcher_http_code)) }, { namespace = "aws:elasticbeanstalk:environment:process:default" - name = "UnhealthyThresholdCount" - value = var.environment_process_default_unhealthy_threshold_count + name = "HealthCheckTimeout" + value = var.default_health_check_timeout + } + ] + + nlb_settings = [ + { + namespace = "aws:elbv2:listener:default" + name = "ListenerEnabled" + value = var.default_listener_enabled } ] - elb_settings_nlb = var.environment_loadbalancer_type == "network" ? concat(local.nlb_settings, local.generic_elb_settings, local.beanstalk_elb_settings) : [] - elb_setting_classic = var.environment_loadbalancer_type == "classic" ? concat(local.classic_elb_settings, local.generic_elb_settings, local.beanstalk_elb_settings) : [] + + settings_nlb = var.environment_loadbalancer_type == "network" ? concat(local.nlb_settings, local.generic_elb_settings, local.elb_settings) : [] + settings_alb = var.environment_loadbalancer_type == "application" ? concat(local.generic_alb_settings, local.alb_settings, local.generic_elb_settings, local.elb_settings) : [] # Full set of LoadBlanacer settings. - elb_settings = var.environment_tier == "WebServer" ? concat(local.elb_settings_nlb, local.elb_setting_classic) : [] + elb = var.environment_tier == "WebServer" ? concat(local.settings_nlb, local.settings_alb) : [] } # Create elastic beanstalk VPC @@ -138,19 +128,32 @@ resource "aws_vpc" "vpc" { } # Create elastic beanstalk Subnets -resource "aws_subnet" "subnet" { +resource "aws_subnet" "subnet_a" { depends_on = [ aws_vpc.vpc ] - availability_zone = var.subnet_availability_zone + availability_zone = var.subnet_a_availability_zone assign_ipv6_address_on_creation = true - cidr_block = aws_vpc.vpc.cidr_block + cidr_block = var.subnet_a_cidr_block ipv6_cidr_block = cidrsubnet(aws_vpc.vpc.ipv6_cidr_block, 8, 1) map_public_ip_on_launch = true vpc_id = aws_vpc.vpc.id tags = local.tags } +resource "aws_subnet" "subnet_b" { + depends_on = [ + aws_vpc.vpc + ] + availability_zone = var.subnet_b_availability_zone + assign_ipv6_address_on_creation = true + cidr_block = var.subnet_b_cidr_block + ipv6_cidr_block = cidrsubnet(aws_vpc.vpc.ipv6_cidr_block, 8, 2) + map_public_ip_on_launch = true + vpc_id = aws_vpc.vpc.id + tags = local.tags +} + resource "aws_internet_gateway" "internet_gateway" { depends_on = [ aws_vpc.vpc @@ -430,7 +433,8 @@ resource "aws_iam_role_policy" "default" { resource "aws_elastic_beanstalk_environment" "environment" { depends_on = [ aws_vpc.vpc, - aws_subnet.subnet, + aws_subnet.subnet_a, + aws_subnet.subnet_b, aws_ssm_activation.ec2 ] application = var.environment_application @@ -459,7 +463,7 @@ resource "aws_elastic_beanstalk_environment" "environment" { setting { namespace = "aws:ec2:vpc" name = "Subnets" - value = aws_subnet.subnet.id + value = join(",", [aws_subnet.subnet_a.id, aws_subnet.subnet_b.id]) } setting { @@ -488,7 +492,7 @@ resource "aws_elastic_beanstalk_environment" "environment" { } dynamic "setting" { - for_each = local.elb_settings + for_each = local.elb content { namespace = setting.value["namespace"] name = setting.value["name"] diff --git a/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/variables.tf b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/variables.tf index b225472aba..a442215a9e 100644 --- a/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/variables.tf +++ b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/variables.tf @@ -2,7 +2,7 @@ variable "vpc_cidr_block" { description = "The CIDR block for the association." type = string - default = "192.168.0.0/24" + default = "10.0.0.0/16" } variable "vpc_enable_dns_hostnames" { @@ -24,12 +24,30 @@ variable "vpc_instance_tenancy" { } # Variables for elastic beanstalk Subnet -variable "subnet_availability_zone" { - description = "AWS availability zone" +variable "subnet_a_availability_zone" { + description = "AZ for the subnet." type = string default = "us-east-1a" } +variable "subnet_a_cidr_block" { + description = "The IPv4 CIDR block for the subnet." + type = string + default = "10.0.0.0/20" +} + +variable "subnet_b_availability_zone" { + description = "AZ for the subnet." + type = string + default = "us-east-1b" +} + +variable "subnet_b_cidr_block" { + description = "The IPv4 CIDR block for the subnet." + type = string + default = "10.0.16.0/20" +} + # Variables for elastic beanstalk Application variable "environment_application" { description = "The name of the application, must be unique within account." @@ -138,12 +156,6 @@ variable "environment_loadbalancer_type" { default = "classic" } -variable "environment_loadbalancer_crosszone" { - description = "Configure the classic load balancer to route traffic evenly across all instances in all Availability Zones rather than only within each zone." - type = bool - default = true -} - variable "environment_loadbalancer_security_groups" { description = "Load balancer security groups" type = list(string) @@ -162,12 +174,6 @@ variable "environment_loadbalancer_ssl_certificate_id" { description = "Load Balancer SSL certificate ARN. The certificate must be present in AWS Certificate Manager" } -variable "loadbalancer_connection_settings_idle_timeout" { - description = "Classic load balancer only: Number of seconds that the load balancer waits for any data to be sent or received over the connection. If no data has been sent or received after this time period elapses, the load balancer closes the connection." - type = number - default = 60 -} - # aws:elasticbeanstalk:environment:process:default variable "environment_process_default_healthcheck_interval" { description = "The interval of time, in seconds, that Elastic Load Balancing checks the health of the Amazon EC2 instances of your application." @@ -215,7 +221,25 @@ variable "autoscaling_updatepolicy_min_instance_in_service" { variable "application_healthcheck_url" { description = "The path where health check requests are sent to." type = string - default = "HTTP:5000/" + default = "/" +} + +variable "environment_listener_ssl_policy" { + description = "Specify a security policy to apply to the listener. This option is only applicable to environments with an application load balancer." + type = string + default = "" +} + +variable "default_matcher_http_code" { + description = "List of HTTP codes that indicate that an instance is healthy. Note that this option is only applicable to environments with a network or application load balancer." + type = list(string) + default = ["200"] +} + +variable "default_health_check_timeout" { + description = "The amount of time, in seconds, to wait for a response during a health check. Note that this option is only applicable to environments with an application load balancer" + type = number + default = 5 } # aws:elasticbeanstalk:command diff --git a/fdio.infra.terraform/terraform-aws-fdio-csit-dash-env/main.tf b/fdio.infra.terraform/terraform-aws-fdio-csit-dash-env/main.tf index 0fad2d99b0..7c4cc9dfe4 100644 --- a/fdio.infra.terraform/terraform-aws-fdio-csit-dash-env/main.tf +++ b/fdio.infra.terraform/terraform-aws-fdio-csit-dash-env/main.tf @@ -22,13 +22,16 @@ module "elastic_beanstalk_environment" { source = "../terraform-aws-elastic-beanstalk-environment" # vpc - vpc_cidr_block = "192.168.0.0/24" + vpc_cidr_block = "10.0.0.0/16" vpc_enable_dns_hostnames = true vpc_enable_dns_support = true vpc_instance_tenancy = "default" # subnet - subnet_availability_zone = "eu-central-1a" + subnet_a_availability_zone = "eu-central-1a" + subnet_a_cidr_block = "10.0.0.0/20" + subnet_b_availability_zone = "eu-central-1b" + subnet_b_cidr_block = "10.0.16.0/20" # environment environment_application = module.elastic_beanstalk_application.application_name @@ -40,7 +43,7 @@ module "elastic_beanstalk_environment" { environment_version_label = "" # aws:ec2:instances - instances_instance_types = "t3a.large" + instances_instance_types = "t3a.2xlarge" # aws:ec2:vpc associate_public_ip_address = true @@ -50,7 +53,7 @@ module "elastic_beanstalk_environment" { default_listener_enabled = true # aws:elasticbeanstalk:environment - environment_loadbalancer_type = "classic" + environment_loadbalancer_type = "application" environment_loadbalancer_ssl_certificate_id = "arn:aws:acm:eu-central-1:407116685360:certificate/737ad419-36f1-460d-919a-9110b0aac26a" # aws:elasticbeanstalk:environment:process:default |