Merge pull request #431 from mdr-engineering/feature/ftd_MSOCI-1988_FixNLBHealthCHeck

Fixes issue where NLB healthcheck shows 'unhealthy'

base/github/elb.tf

@@ -37,12 +37,12 @@ module "elb" {
     "AWSManagedRulesUnixRuleSet"            = false # Irrelevant, module is disabled
   }
 
-  #excluded_rules_AWSManagedRulesCommonRuleSet = [ "SizeRestrictions_BODY" ]
+  excluded_rules_AWSManagedRulesCommonRuleSet = ["SizeRestrictions_BODY"]
   #excluded_rules_AWSManagedRulesAmazonIpReputationList = []
   #excluded_rules_AWSManagedRulesKnownBadInputsRuleSet = []
-  #excluded_rules_AWSManagedRulesSQLiRuleSet = []
-  #excluded_rules_AWSManagedRulesLinuxRuleSet = []
-  #excluded_rules_AWSManagedRulesUnixRuleSet = []
+  #excluded_rules_AWSManagedRulesSQLiRuleSet = [] # Module disabled
+  #excluded_rules_AWSManagedRulesLinuxRuleSet = [] # Module disabled
+  #excluded_rules_AWSManagedRulesUnixRuleSet = [] # Module disabled
 
   # Excluded Rulesets
   # There are too many hostnames, so we have to disable some

base/github/hostnames.tf

@@ -17,6 +17,6 @@ locals {
     "npm.github.${var.dns_info["public"]["zone"]}",
     "rubygems.github.${var.dns_info["public"]["zone"]}",
     "maven.github.${var.dns_info["public"]["zone"]}",
-    "nuget.github.${var.dns_info["public"]["zone"]}",
+    "nuget.github.${var.dns_info["public"]["zone"]}", # Not a typo. It is "nuget" not "nugget"
   ]
 }

base/splunk_servers/indexer_cluster/nlb-for-hec.tf

@@ -21,14 +21,17 @@ resource "aws_eip" "hec_static" {
   count = 2
   vpc   = true
 
-  tags = merge(var.standard_tags, var.tags)
+  lifecycle {
+    prevent_destroy = true # Even if everything else goes away, we want to keep these.
+  }
+
+  tags = merge(var.standard_tags, var.tags, { "Name" : "${var.prefix}-hec-static" })
 }
 
 #########################
 # ELB
 resource "aws_lb" "hec_static" {
-  tags               = merge(var.standard_tags, var.tags)
-  name               = "${var.prefix}-hec-static"
+  name_prefix        = substr("${var.prefix}-hec-static", 0, 6)
   load_balancer_type = "network"
   internal           = false # tfsec:ignore:aws-elb-alb-not-public LB is intentionally public
 
@@ -48,6 +51,8 @@ resource "aws_lb" "hec_static" {
   #  bucket  = "xdr-elb-${ var.environment }"
   #  enabled = true
   #}
+
+  tags = merge(var.standard_tags, var.tags, { "Name" : "${var.prefix}-hec-static" })
 }
 
 #resource "aws_lb_listener" "front_end" {
@@ -72,6 +77,9 @@ resource "aws_lb_listener" "hec_static_443" {
     type             = "forward"
     target_group_arn = aws_lb_target_group.hec_static_8088.arn
   }
+  lifecycle {
+    create_before_destroy = true
+  }
 }
 
 resource "aws_lb_listener" "hec_static_8088" {
@@ -82,19 +90,30 @@ resource "aws_lb_listener" "hec_static_8088" {
     type             = "forward"
     target_group_arn = aws_lb_target_group.hec_static_8088.arn
   }
+  lifecycle {
+    create_before_destroy = true
+  }
 }
 
 resource "aws_lb_target_group" "hec_static_8088" {
-  name        = "${var.prefix}-hec-static-targets"
+  name_prefix = substr("${var.prefix}-hec-static-targets", 0, 6)
   port        = 8088
   protocol    = "TCP"
   target_type = "alb"
   vpc_id      = var.vpc_id
 
-  #  health_chec_static {
-  #    path     = "/services/collector/health/1.0"
-  #    protocol = "HTTPS"
-  #  }
+  health_check {
+    port     = 8088
+    protocol = "HTTPS"
+    path     = "/services/collector/health/1.0"
+    interval = "10"
+  }
+
+  lifecycle {
+    create_before_destroy = true
+  }
+
+  tags = merge(var.standard_tags, var.tags, { "Name" : "${var.prefix}-hec-static" })
 }
 
 resource "aws_lb_target_group_attachment" "hec_static" {

submodules/load_balancer/static_nlb_to_alb/nlb.tf

@@ -35,6 +35,10 @@ resource "aws_lb" "static" {
     enabled = true
   }
 
+  lifecycle {
+    create_before_destroy = true
+  }
+
   tags = merge(var.tags, { Name = "${var.name}-nlb-external-${var.environment}" })
 }
 
@@ -47,6 +51,10 @@ resource "aws_lb_listener" "static" {
     target_group_arn = aws_lb_target_group.static.arn
   }
 
+  lifecycle {
+    create_before_destroy = true
+  }
+
   tags = merge(var.tags, { Name = "${var.name}-nlb-external-${var.environment}" })
 }
 
@@ -57,6 +65,17 @@ resource "aws_lb_target_group" "static" {
   target_type = "alb"
   vpc_id      = var.vpc_id
 
+  health_check {
+    protocol = "HTTPS"
+    port     = var.listener_port
+    path     = var.healthcheck_path
+    interval = "10"
+  }
+
+  lifecycle {
+    create_before_destroy = true
+  }
+
   tags = merge(var.tags, { Name = "${var.name}-nlb-external-${var.environment}" })
 }
 
@@ -90,6 +109,10 @@ resource "aws_lb_target_group" "static-redirect" {
   target_type = "alb"
   vpc_id      = var.vpc_id
 
+  lifecycle {
+    create_before_destroy = true
+  }
+
   tags = merge(var.tags, { Name = "${var.name}-nlb-external-${var.environment}" })
 }