| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145 |
- module "public_dns_record" {
- source = "../../submodules/dns/public_ALIAS_record"
- name = "github.${var.dns_info["public"]["zone"]}"
- target_dns_name = aws_elb.external.dns_name
- target_zone_id = aws_elb.external.zone_id
- dns_info = var.dns_info
- providers = {
- aws.mdr-common-services-commercial = aws.mdr-common-services-commercial
- }
- }
- module "public_dns_record_wildcard" {
- source = "../../submodules/dns/public_ALIAS_record"
- name = "*.github.${var.dns_info["public"]["zone"]}"
- target_dns_name = aws_elb.external.dns_name
- target_zone_id = aws_elb.external.zone_id
- dns_info = var.dns_info
- providers = {
- aws.mdr-common-services-commercial = aws.mdr-common-services-commercial
- }
- }
- # If ever this gets converted to an ALB, consider adding the waf module.
- resource "aws_elb" "external" {
- name_prefix = "gheext"
- subnets = var.public_subnets
- security_groups = [ aws_security_group.ghe_elb_external.id ]
- listener {
- instance_port = 443
- instance_protocol = "HTTPS"
- lb_port = 443
- lb_protocol = "HTTPS"
- ssl_certificate_id = aws_acm_certificate.cert_public.arn
- }
- listener {
- instance_port = 80
- instance_protocol = "HTTP"
- lb_port = 80
- lb_protocol = "HTTP"
- }
- listener {
- instance_port = 23
- instance_protocol = "TCP"
- lb_port = 22
- lb_protocol = "TCP"
- }
- health_check {
- healthy_threshold = 2
- unhealthy_threshold = 2
- timeout = 3
- target = "HTTPS:443/status"
- interval = 30
- }
- }
- resource "aws_proxy_protocol_policy" "external_proxy_protocol" {
- load_balancer = aws_elb.external.name
- instance_ports = [ "23", "444" ]
- }
- # Create a new load balancer attachment
- resource "aws_elb_attachment" "external_attachment" {
- count = var.instance_count
- elb = aws_elb.external.id
- instance = aws_instance.ghe[count.index].id
- }
- #--------------------------------------------------------------
- # Internal ELB
- #--------------------------------------------------------------
- resource "aws_route53_record" "github_internal" {
- zone_id = var.dns_info["private"]["zone_id"]
- name = "github.${var.dns_info["private"]["zone"]}"
- type = "CNAME"
- records = [aws_elb.internal.dns_name]
- ttl = "60"
- provider = aws.c2
- }
- resource "aws_route53_record" "github_internal_wildcard" {
- zone_id = var.dns_info["private"]["zone_id"]
- name = "*.github.${var.dns_info["private"]["zone"]}"
- type = "CNAME"
- records = [aws_elb.internal.dns_name]
- ttl = "60"
- provider = aws.c2
- }
- resource "aws_elb" "internal" {
- name_prefix = "gheint"
- internal = true
- subnets = var.private_subnets
- security_groups = [ aws_security_group.ghe_elb_internal.id ]
- listener {
- instance_port = 443
- instance_protocol = "HTTPS"
- lb_port = 443
- lb_protocol = "HTTPS"
- ssl_certificate_id = aws_acm_certificate.cert.arn
- }
- listener {
- instance_port = 8444
- instance_protocol = "TCP"
- lb_port = 8443
- lb_protocol = "TCP"
- }
- listener {
- instance_port = 23
- instance_protocol = "TCP"
- lb_port = 22
- lb_protocol = "TCP"
- }
- health_check {
- healthy_threshold = 2
- unhealthy_threshold = 2
- timeout = 3
- target = "HTTPS:443/status"
- interval = 30
- }
- }
- resource "aws_proxy_protocol_policy" "internal_proxy_protocol" {
- load_balancer = aws_elb.internal.name
- instance_ports = [ "23", "444", "8444"]
- }
- # Create a new load balancer attachment
- resource "aws_elb_attachment" "internal_attachment" {
- count = var.instance_count
- elb = aws_elb.internal.id
- instance = aws_instance.ghe[count.index].id
- }
|
