Merge pull request #135 from mdr-engineering/feature/ftd_MSOCI-1625_MigrateMooseToGC

Adds iratemoses as a DNS alias for the legacy load balancers

base/splunk_servers/legacy_hec/elb-without-ack-internal.tf

@@ -0,0 +1,76 @@
+#------------------------------------------------------------------------------
+# An external ALB for the indexers for HEC
+#------------------------------------------------------------------------------
+
+#########################
+# DNS Entry
+resource "aws_route53_record" "hec_internal" {
+  name = "iratemoses"
+  type = "CNAME"
+  zone_id = var.dns_info["legacy_private"]["zone_id"]
+  ttl = "600"
+  records = [ aws_lb.hec_internal.dns_name ]
+
+  provider = aws.legacy
+}
+
+#########################
+# Certificate
+
+# We use the public one
+
+#########################
+# ELB
+resource "aws_lb" "hec_internal" {
+  tags               = merge(var.standard_tags, var.tags)
+  name               = "iratemoses"
+  load_balancer_type = "application"
+  security_groups    = [ data.aws_security_group.hec_internal_elb_security_group.id ]
+  subnets            = var.private_subnets
+  internal           = true
+}
+
+resource "aws_lb_listener" "hec_internal_443" {
+  count             = local.is_moose ? 1 : 0
+  load_balancer_arn = aws_lb.hec.arn
+  port              = 443
+  protocol          = "HTTPS"
+  ssl_policy        = "ELBSecurityPolicy-TLS-1-2-2017-01"
+  certificate_arn   = aws_acm_certificate.hec_cert.arn
+  default_action {
+    type = "forward"
+    target_group_arn = aws_lb_target_group.hec_internal_8088.arn
+  }
+}
+
+resource "aws_lb_listener" "hec_internal_8088" {
+  load_balancer_arn = aws_lb.hec.arn
+  port              = 8088
+  protocol          = "HTTPS"
+  ssl_policy        = "ELBSecurityPolicy-TLS-1-2-2017-01"
+  certificate_arn   = aws_acm_certificate.hec_cert.arn
+  default_action {
+    type = "forward"
+    target_group_arn = aws_lb_target_group.hec_internal_8088.arn
+  }
+}
+
+resource "aws_lb_target_group" "hec_internal_8088" {
+  name         = "${var.prefix}-legacy-hec-targets"
+  port         = 8088
+  protocol     = "HTTPS"
+  target_type  = "instance"
+  vpc_id       = var.vpc_id
+
+  health_check {
+    path     = "/services/collector/health/1.0"
+    protocol = "HTTPS"
+  }
+}
+
+# Attach the instnaces to the ELB
+resource "aws_autoscaling_attachment" "hec_internal_asg_attachments" {
+  for_each = toset( var.elb_attachments )
+  alb_target_group_arn = aws_lb_target_group.hec_internal_8088.arn
+  autoscaling_group_name = each.key
+}

base/splunk_servers/legacy_hec/elb-without-ack.tf

@@ -9,7 +9,17 @@ resource "aws_route53_record" "hec" {
   type = "CNAME"
   zone_id = var.dns_info["legacy_public"]["zone_id"]
   ttl = "600"
-  records = [ aws_elb.hec_classiclb.dns_name ]
+  records = [ aws_lb.hec.dns_name ]
+
+  provider = aws.legacy
+}
+
+resource "aws_route53_record" "iratemoses" {
+  name = "iratemoses"
+  type = "CNAME"
+  zone_id = var.dns_info["legacy_public"]["zone_id"]
+  ttl = "600"
+  records = [ aws_lb.hec.dns_name ]
 
   provider = aws.legacy
 }
@@ -20,6 +30,10 @@ resource "aws_acm_certificate" "hec_cert" {
   domain_name       = "${var.prefix}-hec.${var.dns_info["legacy_public"]["zone"]}"
   validation_method = "DNS"
 
+  subject_alternative_names = [
+    "iratemoses.${var.dns_info["legacy_public"]["zone"]}",
+  ]
+
   tags = merge(var.standard_tags, var.tags)
 }
 

base/splunk_servers/legacy_hec/security-group-elbs.tf

@@ -2,3 +2,8 @@ data "aws_security_group" "hec_elb_security_group" {
   name   = "hec_elb_security_group"
   vpc_id = var.vpc_id
 }
+
+data "aws_security_group" "hec_internal_elb_security_group" {
+  name   = "hec_pvt_elb_security_group"
+  vpc_id = var.vpc_id
+}

base/splunk_servers/legacy_hec/vars.tf

@@ -15,6 +15,10 @@ variable "public_subnets" {
   type = list(string)
 }
 
+variable "private_subnets" {
+  type = list(string)
+}
+
 variable "vpc_id" {
   type = string
 }