xdr-terraform-modules/base/teleport-single-instance/nlb.tf

resource "aws_lb" "nlb" {
  name               = "${var.instance_name}-nlb"
  internal           = false
  load_balancer_type = "network"
  # Not supported for NLB
  #security_groups    = [aws_security_group.nlb-sg.id]
  # Note, changing subnets results in recreation of the resource
  subnets            = var.subnets
  enable_cross_zone_load_balancing = true

  access_logs {
    bucket  = "xdr-elb-${ var.environment }"
    enabled = true
  }

  tags = merge(var.standard_tags, var.tags)
}

#########################
# Listeners
resource "aws_lb_listener" "nlb-listener-3023" {
  load_balancer_arn = aws_lb.nlb.arn
  port              = "3023"
  protocol          = "TCP"

  default_action {
    type             = "forward"
    target_group_arn = aws_lb_target_group.nlb-target-3023.arn
  }
}

resource "aws_lb_listener" "nlb-listener-3024" {
  load_balancer_arn = aws_lb.nlb.arn
  port              = "3024"
  protocol          = "TCP"

  default_action {
    type             = "forward"
    target_group_arn = aws_lb_target_group.nlb-target-3024.arn
  }
}

resource "aws_lb_listener" "nlb-listener-443" {
  load_balancer_arn = aws_lb.nlb.arn
  port              = "443"
  protocol          = "TCP"

  default_action {
    type             = "forward"
    target_group_arn = aws_lb_target_group.nlb-target-3024.arn
  }
}

resource "aws_lb_listener" "nlb-listener-3026" {
  load_balancer_arn = aws_lb.nlb.arn
  port              = "3026"
  protocol          = "TCP"

  default_action {
    type             = "forward"
    target_group_arn = aws_lb_target_group.nlb-target-3026.arn
  }
}


#########################
# Targets
resource "aws_lb_target_group" "nlb-target-3023" {
  name     = "${var.instance_name}-nlb-target-3023"
  port     = 3023
  protocol = "TCP"
  target_type = "instance"
  vpc_id   = var.vpc_id
  tags = merge(var.standard_tags, var.tags)
}

resource "aws_lb_target_group_attachment" "nlb-target-3023-instance" {
  target_group_arn = aws_lb_target_group.nlb-target-3023.arn
  target_id        = aws_instance.instance.id
  port             = 3023
}

resource "aws_lb_target_group" "nlb-target-3024" {
  name     = "${var.instance_name}-nlb-target-3024"
  port     = 3024
  protocol = "TCP"
  target_type = "instance"
  vpc_id   = var.vpc_id
  tags = merge(var.standard_tags, var.tags)
}

resource "aws_lb_target_group_attachment" "nlb-target-3024-instance" {
  target_group_arn = aws_lb_target_group.nlb-target-3024.arn
  target_id        = aws_instance.instance.id
  port             = 3024
}

resource "aws_lb_target_group" "nlb-target-3026" {
  name     = "${var.instance_name}-nlb-target-3026"
  port     = 3026
  protocol = "TCP"
  target_type = "instance"
  vpc_id   = var.vpc_id
  tags = merge(var.standard_tags, var.tags)
}

resource "aws_lb_target_group_attachment" "nlb-target-3026-instance" {
  target_group_arn = aws_lb_target_group.nlb-target-3026.arn
  target_id        = aws_instance.instance.id
  port             = 3026
}

#########################
# DNS Entry
module "public_dns_record_for_nlb" {
  source = "../../submodules/dns/public_ALIAS_record"

  name = "${var.instance_name}-nlb"
  target_dns_name = aws_lb.nlb.dns_name
  target_zone_id  = aws_lb.nlb.zone_id
  dns_info = var.dns_info

  providers = {
    aws.mdr-common-services-commercial = aws.mdr-common-services-commercial
  }
}