#------------------------------------------------------------------------------ # An external ALB for the indexers for HEC #------------------------------------------------------------------------------ ######################### # DNS Entry resource "aws_route53_record" "hec" { name = "${var.prefix}-hec" type = "CNAME" zone_id = var.dns_info["legacy_public"]["zone_id"] ttl = "600" records = [ aws_lb.hec.dns_name ] provider = aws.legacy } #resource "aws_route53_record" "hec_public_internal" { # name = "${var.prefix}-hec" # type = "CNAME" # zone_id = var.dns_info["legacy_public_internal"]["zone_id"] # ttl = "600" # records = [ aws_lb.hec.dns_name ] # # provider = aws.legacy #} output hec-without-ack-fqdn { value = aws_route53_record.hec.fqdn } resource "aws_route53_record" "iratemoses" { count = local.is_moose ? 1 : 0 name = "iratemoses" type = "CNAME" zone_id = var.dns_info["legacy_public"]["zone_id"] ttl = "600" records = [ aws_lb.hec.dns_name ] provider = aws.legacy } #resource "aws_route53_record" "iratemoses_public_internal" { # count = local.is_moose ? 1 : 0 # name = "iratemoses" # type = "CNAME" # zone_id = var.dns_info["legacy_public_internal"]["zone_id"] # ttl = "600" # records = [ aws_lb.hec.dns_name ] # # provider = aws.legacy #} resource "aws_route53_record" "iratemoses_public" { count = local.is_moose ? 1 : 0 name = "iratemoses" type = "CNAME" zone_id = var.dns_info["public"]["zone_id"] ttl = "600" records = [ aws_lb.hec.dns_name ] provider = aws.mdr-common-services-commercial } output hec-without-ack-iratemoses-fqdn { value = local.is_moose ? aws_route53_record.iratemoses[0].fqdn : "" } output hec-without-ack-records { value = aws_lb.hec.dns_name } ######################### # Certificate resource "aws_acm_certificate" "hec_cert" { domain_name = "${var.prefix}-hec.${var.dns_info["legacy_public"]["zone"]}" validation_method = "DNS" lifecycle { create_before_destroy = true } subject_alternative_names = local.is_moose ? [ "iratemoses.${var.dns_info["legacy_public"]["zone"]}" ] : [ ] tags = merge(var.standard_tags, var.tags) } resource "aws_acm_certificate_validation" "hec_cert_validation" { certificate_arn = aws_acm_certificate.hec_cert.arn validation_record_fqdns = [for record in aws_route53_record.hec_cert_validation: record.fqdn] } resource "aws_route53_record" "hec_cert_validation" { provider = aws.legacy for_each = { for dvo in aws_acm_certificate.hec_cert.domain_validation_options : dvo.domain_name => { name = dvo.resource_record_name record = dvo.resource_record_value type = dvo.resource_record_type } } allow_overwrite = true name = each.value.name records = [each.value.record] ttl = 60 type = each.value.type zone_id = var.dns_info["legacy_public"]["zone_id"] } ######################### # ELB resource "aws_lb" "hec" { tags = merge(var.standard_tags, var.tags) name = "${var.prefix}-legacy-hec" load_balancer_type = "application" security_groups = [ data.aws_security_group.hec_elb_security_group.id ] subnets = var.public_subnets internal = false } resource "aws_lb_listener" "hec_443" { count = local.is_moose ? 1 : 0 load_balancer_arn = aws_lb.hec.arn port = 443 protocol = "HTTPS" ssl_policy = "ELBSecurityPolicy-TLS-1-2-2017-01" certificate_arn = aws_acm_certificate.hec_cert.arn default_action { type = "forward" target_group_arn = aws_lb_target_group.hec_8088.arn } } resource "aws_lb_listener" "hec_8088" { load_balancer_arn = aws_lb.hec.arn port = 8088 protocol = "HTTPS" ssl_policy = "ELBSecurityPolicy-TLS-1-2-2017-01" certificate_arn = aws_acm_certificate.hec_cert.arn default_action { type = "forward" target_group_arn = aws_lb_target_group.hec_8088.arn } } resource "aws_lb_target_group" "hec_8088" { name = "${var.prefix}-legacy-hec-targets" port = 8088 protocol = "HTTPS" target_type = "instance" vpc_id = var.vpc_id health_check { path = "/services/collector/health/1.0" protocol = "HTTPS" } } # Attach the instnaces to the ELB resource "aws_autoscaling_attachment" "hec_asg_attachments" { for_each = toset( var.elb_attachments ) alb_target_group_arn = aws_lb_target_group.hec_8088.arn autoscaling_group_name = each.key }