| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142 | #----------------------------------------------------------------------------# EXTERNAL LB#----------------------------------------------------------------------------resource "aws_alb" "jira_server_external" {  name               = "jira-server-alb-external-${var.environment}"  security_groups    = [ aws_security_group.jira_server_alb_server_external.id ]  internal           = false   subnets            = var.public_subnets  load_balancer_type = "application"  access_logs {    bucket  = "xdr-elb-${ var.environment }"    enabled = true  }  idle_timeout = 1200  tags = merge(var.standard_tags, var.tags, { Name = "jira-server-alb-external-${var.environment}" })}# Create a new target groupresource "aws_alb_target_group" "jira_server_external" {  name                 = "jira-server-alb-targets"  port                 = 8080  protocol             = "HTTP"  vpc_id               = var.vpc_id  health_check {    protocol = "HTTP"    port     = "8080"    path     = "/"    matcher  = "200,302"    timeout  = "4"    interval = "5"    unhealthy_threshold = 2    healthy_threshold   = 2  }  #stickiness {  #  type    = "lb_cookie"  #  enabled = false   #}  tags = merge(var.standard_tags, var.tags)}resource "aws_lb_target_group_attachment" "jira_server_external" {  target_group_arn = aws_alb_target_group.jira_server_external.arn  target_id        = aws_instance.jira-server-instance.id  port             = 8080}# Create a new alb listenerresource "aws_alb_listener" "jira_server_https_external" {  load_balancer_arn = aws_alb.jira_server_external.arn  port              = "443"  protocol          = "HTTPS"  ssl_policy        = "ELBSecurityPolicy-FS-1-2-Res-2019-08" # PFS, TLS1.2, most "restrictive" policy (took awhile to find that)  certificate_arn   = aws_acm_certificate.cert_public.arn  default_action {    target_group_arn = aws_alb_target_group.jira_server_external.arn    type             = "forward"  }}resource "aws_lb_listener" "jira_server_listener_http" {  load_balancer_arn = aws_alb.jira_server_external.arn  port              = "80"  protocol          = "HTTP"  default_action {    type             = "redirect"    redirect {      port        = "443"      protocol    = "HTTPS"      status_code = "HTTP_301"    }  }}# ########################## # DNS Entrymodule "public_dns_record" {  source = "../../../submodules/dns/public_ALIAS_record"  name = "jira"  target_dns_name = aws_alb.jira_server_external.dns_name  target_zone_id  = aws_alb.jira_server_external.zone_id  dns_info = var.dns_info  providers = {    aws.mdr-common-services-commercial = aws.mdr-common-services-commercial  }}#----------------------------------------------------------------------------# ALB Security Group#----------------------------------------------------------------------------resource "aws_security_group" "jira_server_alb_server_external" {  vpc_id      = var.vpc_id  name        = "jira-server-alb-sg-external"  description = "ALB for JIRA"  tags = merge(var.standard_tags, var.tags)}#----------------------------------------------------------------------------# INGRESS#----------------------------------------------------------------------------resource "aws_security_group_rule" "http_from_internet" {  description = "HTTP inbound from Internet"  type = "ingress"  from_port = "80"  to_port = "80"  protocol = "tcp"  cidr_blocks = [ "0.0.0.0/0" ]  security_group_id = aws_security_group.jira_server_alb_server_external.id}resource "aws_security_group_rule" "https_from_internet" {  description = "HTTPS inbound from Internet"  type = "ingress"  from_port = "443"  to_port = "443"  protocol = "tcp"  cidr_blocks = [ "0.0.0.0/0" ]  security_group_id = aws_security_group.jira_server_alb_server_external.id}#----------------------------------------------------------------------------# EGRESS#----------------------------------------------------------------------------resource "aws_security_group_rule" "jira_alb_to_server" {  description = "Jira to the Server"  type = "egress"  from_port = "8080"  to_port = "8080"  protocol = "tcp"  source_security_group_id = aws_security_group.jira_server.id  security_group_id = aws_security_group.jira_server_alb_server_external.id}
 |