#------------------------------------------------------------------------------ # An external NLB for the indexers for splunk-2-splunk #------------------------------------------------------------------------------ resource "aws_eip" "nlb" { count = "3" # Could be local.nlb_endpoint_count, but I'd rather reserve all 3 vpc = true tags = merge(local.standard_tags, var.tags, { "Name" : "${var.prefix}-nlb" }) } module "public_dns_record_nlb" { source = "../../../submodules/dns/public_A_record" name = "${var.prefix}-splunk-indexers" ip_addresses = aws_eip.nlb.*.public_ip dns_info = var.dns_info providers = { aws.mdr-common-services-commercial = aws.mdr-common-services-commercial } } resource "aws_lb" "nlb" { tags = merge(local.standard_tags, var.tags, { "Name" : "${var.prefix}-splunk-indexers-nlb" }) name = "${var.prefix}-splunk-indexers-nlb" internal = false # tfsec:ignore:aws-elb-alb-not-public load_balancer_type = "network" #subnets = data.terraform_remote_state.infra.public_subnets enable_cross_zone_load_balancing = true dynamic "subnet_mapping" { # create a subnet endpoint for each subnet where there's an asg group for_each = [for n in local.splunk_asg_sizes : "yes" if n > 0] content { subnet_id = element(var.public_subnets, subnet_mapping.key) # subnet_mapping.key is the index of the list allocation_id = element(aws_eip.nlb.*.id, subnet_mapping.key) } } access_logs { bucket = "xdr-elb-${var.environment}" enabled = true } } resource "aws_lb_target_group" "nlb_targets" { name = "${var.prefix}-nlb-targets" port = 9998 protocol = "TCP" vpc_id = var.vpc_id } resource "aws_autoscaling_attachment" "nlb_asg_attachments" { for_each = toset([module.indexer0.asg_name[0], module.indexer1.asg_name[0], module.indexer2.asg_name[0]]) lb_target_group_arn = aws_lb_target_group.nlb_targets.arn autoscaling_group_name = each.key } resource "aws_lb_listener" "nlb_targets" { load_balancer_arn = aws_lb.nlb.arn port = 9998 protocol = "TCP" default_action { target_group_arn = aws_lb_target_group.nlb_targets.arn type = "forward" } }