Merge pull request #249 from mdr-engineering/feature/dw_MSOCI-1872_HEC-on-443

Port 443 for non-ack ALB

base/splunk_servers/indexer_cluster/elb-without-ack.tf

@@ -62,7 +62,7 @@ resource "aws_lb" "hec" {
 }
 
 resource "aws_lb_listener" "hec_443" {
-  count             = local.is_moose ? 1 : 0
+  count             = anytrue([ local.is_moose, var.hec_listen_443 ]) ? 1 : 0
   load_balancer_arn = aws_lb.hec.arn
   port              = 443
   protocol          = "HTTPS"

base/splunk_servers/indexer_cluster/security-group-elbs.tf

@@ -22,7 +22,7 @@ resource "aws_security_group" "hec_elb_security_group" {
 
 ## Ingress
 resource "aws_security_group_rule" "hec-https-in" {
-  count             = local.is_moose ? 1 : 0
+  count             = anytrue([ local.is_moose, var.hec_listen_443 ]) ? 1 : 0
   description       = "HEC port - HTTPS for moose only"
   type              = "ingress"
   from_port         = 443

base/splunk_servers/indexer_cluster/vars.tf

@@ -26,6 +26,12 @@ variable "splunk_asg_sizes" {
   type = list(number)
 }
 
+variable "hec_listen_443" {
+  description = "Should HEC LB (also) listen on :443.  8088 always listens"
+  default = false
+  type = bool
+}
+
 variable "splunk_data_sources" {
   description = "List of CIDRs of additional data sources that should be allowed through the firewall"
   type = list(string)