AFS
/
xdr-terraform-modules


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108
							#------------------------------------------------------------------------------
# Splunk2Splunk Requires an NLB
#------------------------------------------------------------------------------
resource "aws_eip" "alsi_splunk_nlb" {
  count = local.alsi_splunk_nlb ? 2 : 0

  vpc  = true
  tags = merge(local.standard_tags, var.tags, { "Name" : "${var.prefix}-alsi-splunk" })
}

resource "aws_lb" "alsi_splunk_nlb" {
  count              = local.alsi_splunk_nlb ? 1 : 0
  tags               = merge(local.standard_tags, var.tags, { "Name" : "${var.prefix}-alsi-splunk" })
  name               = "${var.prefix}-alsi-splunk-nlb"
  internal           = false # tfsec:ignore:aws-elb-alb-not-public The NLB requires Internet exposure
  load_balancer_type = "network"
  #subnets            = data.terraform_remote_state.infra.subnets
  enable_cross_zone_load_balancing = true

  subnet_mapping {
    subnet_id     = element(var.subnets, 0)
    allocation_id = element(aws_eip.alsi_splunk_nlb.*.id, 0)
  }

  subnet_mapping {
    subnet_id     = element(var.subnets, 1)
    allocation_id = element(aws_eip.alsi_splunk_nlb.*.id, 1)
  }

  access_logs {
    bucket  = "xdr-elb-${var.environment}"
    enabled = true
  }
}

resource "aws_lb_target_group" "nlb_targets_9997" {
  count    = local.alsi_splunk_nlb ? 1 : 0
  name     = "${var.prefix}-alsi-splunk-nlb-9997"
  port     = 9997
  protocol = "TCP"
  vpc_id   = var.vpc_id
}

resource "aws_lb_listener" "nlb_targets_9997" {
  count             = local.alsi_splunk_nlb ? 1 : 0
  load_balancer_arn = aws_lb.alsi_splunk_nlb[count.index].arn
  port              = 9997
  protocol          = "TCP"

  default_action {
    target_group_arn = aws_lb_target_group.nlb_targets_9997[count.index].arn
    type             = "forward"
  }
}

resource "aws_lb_target_group_attachment" "alsi_nlb_target_9997_instance" {
  count            = local.alsi_splunk_nlb ? local.alsi_workers : 0
  target_group_arn = aws_lb_target_group.nlb_targets_9997[0].arn
  target_id        = aws_instance.worker[count.index].id
  port             = 9997
}

resource "aws_lb_target_group" "nlb_targets_9998" {
  count    = local.alsi_splunk_nlb ? 1 : 0
  name     = "${var.prefix}-alsi-splunk-nlb-9998"
  port     = 9998
  protocol = "TCP"
  vpc_id   = var.vpc_id
}

resource "aws_lb_listener" "nlb_targets_9998" {
  count             = local.alsi_splunk_nlb ? 1 : 0
  load_balancer_arn = aws_lb.alsi_splunk_nlb[count.index].arn
  port              = 9998
  protocol          = "TCP"

  default_action {
    target_group_arn = aws_lb_target_group.nlb_targets_9998[count.index].arn
    type             = "forward"
  }
}

resource "aws_lb_target_group_attachment" "alsi_nlb_target_9998_instance" {
  count            = local.alsi_splunk_nlb ? local.alsi_workers : 0
  target_group_arn = aws_lb_target_group.nlb_targets_9998[0].arn
  target_id        = aws_instance.worker[count.index].id
  port             = 9998
}

#########################
# Security Groups

# no security groups for NLB, access is controlled on the worker itself

#########################
# DNS Entry
module "public_dns_record_alsi_nlb" {
  count  = local.alsi_splunk_nlb ? 1 : 0
  source = "../../../submodules/dns/public_A_record"

  name         = "${var.prefix}-alsi-splunk"
  ip_addresses = aws_eip.alsi_splunk_nlb.*.public_ip
  dns_info     = var.dns_info

  providers = {
    aws.mdr-common-services-commercial = aws.mdr-common-services-commercial
  }
}