| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364 |
- #----------------------------------------------------------------------------
- # EXTERNAL LB
- #----------------------------------------------------------------------------
- resource "aws_lb" "external" {
- name_prefix = substr("${var.name}-ext-lb", 0, 6)
- security_groups = [ aws_security_group.lb_server_external.id ]
- internal = false
- subnets = var.public_subnets
- load_balancer_type = "application"
- access_logs {
- bucket = "xdr-elb-${ var.environment }"
- enabled = true
- }
- tags = merge(var.tags, { Name = "${var.name}-lb-external-${var.environment}" })
- }
- # Create a new target group
- resource "aws_lb_target_group" "external" {
- name_prefix = substr("${var.name}-ext-lb", 0, 6)
- port = var.target_port
- protocol = var.target_protocol
- #deregistration_delay = "${local.lb_deregistration_delay}"
- vpc_id = var.vpc_id
- health_check {
- protocol = local.healthcheck_protocol
- port = local.healthcheck_port
- path = var.healthcheck_path
- matcher = var.healthcheck_matcher
- timeout = "4"
- interval = "5"
- }
- stickiness {
- type = "lb_cookie"
- enabled = var.stickiness
- }
- tags = merge(var.tags, { Name = "${var.name}-lb-external-${var.environment}" })
- }
- resource "aws_lb_target_group_attachment" "external" {
- for_each = var.target_ids
- target_group_arn = aws_lb_target_group.external.arn
- target_id = each.value
- port = var.target_port
- }
- # Create a new alb listener
- resource "aws_lb_listener" "https_external" {
- load_balancer_arn = aws_lb.external.arn
- port = var.listener_port
- protocol = "HTTPS"
- ssl_policy = "ELBSecurityPolicy-FS-1-2-Res-2019-08" # PFS, TLS1.2, most "restrictive" policy (took awhile to find that)
- certificate_arn = aws_acm_certificate.cert_public.arn
- default_action {
- target_group_arn = aws_lb_target_group.external.arn
- type = "forward"
- }
- }
|
