feat: Add support for internal load balancer, upgraded ALB module (te…

…rraform-aws-modules#99)
argus-github · May 12, 2020 · 1171bdb · 1171bdb
1 parent 6fd323d
commit 1171bdb
Show file tree

Hide file tree

Showing 5 changed files with 32 additions and 40 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -4,6 +4,7 @@ repos:
     hooks:
       - id: terraform_fmt
       - id: terraform_docs
+      - id: terraform_validate
   - repo: git://github.com/pre-commit/pre-commit-hooks
     rev: v2.5.0
     hooks:

diff --git a/README.md b/README.md
@@ -167,6 +167,7 @@ No requirements.
 | ecs\_service\_desired\_count | The number of instances of the task definition to place and keep running | `number` | `1` | no |
 | ecs\_task\_cpu | The number of cpu units used by the task | `number` | `256` | no |
 | ecs\_task\_memory | The amount (in MiB) of memory used by the task | `number` | `512` | no |
+| internal | Whether the load balancer is internal or external | `bool` | `false` | no |
 | name | Name to use on all resources created (VPC, ALB, etc) | `string` | `"atlantis"` | no |
 | policies\_arn | A list of the ARN of the policies you want to apply | `list(string)` | <pre>[<br>  "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"<br>]</pre> | no |
 | private\_subnet\_ids | A list of IDs of existing private subnets inside the VPC | `list(string)` | `[]` | no |

diff --git a/main.tf b/main.tf
@@ -8,7 +8,7 @@ locals {
   atlantis_image = var.atlantis_image == "" ? "runatlantis/atlantis:${var.atlantis_version}" : var.atlantis_image
   atlantis_url = "https://${coalesce(
     element(concat(aws_route53_record.atlantis.*.fqdn, [""]), 0),
-    module.alb.dns_name,
+    module.alb.this_lb_dns_name,
     "_"
   )}"
   atlantis_url_events = "${local.atlantis_url}/events"
@@ -165,36 +165,43 @@ module "vpc" {
 ###################
 module "alb" {
   source  = "terraform-aws-modules/alb/aws"
-  version = "v4.0.0"
+  version = "v5.5.0"
 
-  load_balancer_name = var.name
+  name     = var.name
+  internal = var.internal
 
   vpc_id          = local.vpc_id
   subnets         = local.public_subnet_ids
   security_groups = flatten([module.alb_https_sg.this_security_group_id, module.alb_http_sg.this_security_group_id, var.security_group_ids])
 
-  logging_enabled     = var.alb_logging_enabled
-  log_bucket_name     = var.alb_log_bucket_name
-  log_location_prefix = var.alb_log_location_prefix
+  access_logs = {
+    enabled = var.alb_logging_enabled
+    bucket  = var.alb_log_bucket_name
+    prefix  = var.alb_log_location_prefix
+  }
 
   https_listeners = [
     {
-      port            = 443
-      certificate_arn = var.certificate_arn == "" ? module.acm.this_acm_certificate_arn : var.certificate_arn
+      target_group_index = 0
+      port               = 443
+      protocol           = "HTTPS"
+      certificate_arn    = var.certificate_arn == "" ? module.acm.this_acm_certificate_arn : var.certificate_arn
     },
   ]
 
-  https_listeners_count = 1
-
   http_tcp_listeners = [
     {
-      port     = 80
-      protocol = "HTTP"
+      port        = 80
+      protocol    = "HTTP"
+      action_type = "redirect"
+      redirect = {
+        port        = 443
+        protocol    = "HTTPS"
+        status_code = "HTTP_301"
+      }
     },
   ]
 
-  http_tcp_listeners_count = 1
-
   target_groups = [
     {
       name                 = var.name
@@ -205,31 +212,9 @@ module "alb" {
     },
   ]
 
-  target_groups_count = 1
-
   tags = local.tags
 }
 
-resource "aws_lb_listener_rule" "redirect_http_to_https" {
-  listener_arn = module.alb.http_tcp_listener_arns[0]
-
-  action {
-    type = "redirect"
-
-    redirect {
-      port        = "443"
-      protocol    = "HTTPS"
-      status_code = "HTTP_301"
-    }
-  }
-
-  condition {
-    path_pattern {
-      values = ["*"]
-    }
-  }
-}
-
 ###################
 # Security groups
 ###################
@@ -311,8 +296,8 @@ resource "aws_route53_record" "atlantis" {
   type    = "A"
 
   alias {
-    name                   = module.alb.dns_name
-    zone_id                = module.alb.load_balancer_zone_id
+    name                   = module.alb.this_lb_dns_name
+    zone_id                = module.alb.this_lb_zone_id
     evaluate_target_health = true
   }
 }
@@ -537,4 +522,3 @@ resource "aws_cloudwatch_log_group" "atlantis" {
 
   tags = local.tags
 }
-
diff --git a/outputs.tf b/outputs.tf
@@ -30,7 +30,7 @@ output "webhook_secret" {
 
 output "alb_dns_name" {
   description = "Dns name of alb"
-  value       = module.alb.dns_name
+  value       = module.alb.this_lb_dns_name
 }
 
 output "ecs_task_definition" {

diff --git a/variables.tf b/variables.tf
@@ -4,6 +4,12 @@ variable "name" {
   default     = "atlantis"
 }
 
+variable "internal" {
+  description = "Whether the load balancer is internal or external"
+  type        = bool
+  default     = false
+}
+
 variable "tags" {
   description = "A map of tags to use on all resources"
   type        = map(string)