Port 443 for non-ack ALB

Adds a variable to support non-ack ALB listening on :443 as well as
:8088.  I did not put this on the ack ELB on purpose.

My hope is a future refinement to add AWS WAF to the ALB so that scanning and
such is blocked by the WAF.

Should be tagged v2.1.1

base/splunk_servers/indexer_cluster/elb-without-ack.tf

@@ -62,7 +62,7 @@ resource "aws_lb" "hec" {
 }
 
 resource "aws_lb_listener" "hec_443" {
-  count             = local.is_moose ? 1 : 0
+  count             = anytrue([ local.is_moose, var.hec_listen_443 ]) ? 1 : 0
   load_balancer_arn = aws_lb.hec.arn
   port              = 443
   protocol          = "HTTPS"

base/splunk_servers/indexer_cluster/vars.tf

@@ -26,6 +26,12 @@ variable "splunk_asg_sizes" {
   type = list(number)
 }
 
+variable "hec_listen_443" {
+  description = "Should HEC LB (also) listen on :443.  8088 always listens"
+  default = false
+  type = bool
+}
+
 variable "splunk_data_sources" {
   description = "List of CIDRs of additional data sources that should be allowed through the firewall"
   type = list(string)