* Load balancer components are now built dynamically for each domain

+ Increased health_check intervals + HTTPS default action is now a blank 400 page + Generating listener rules for beta proxy based on bucket names/domains Using domain filters for this basically * Dynamically attaching listener certificates
2023-03-10 21:37:35 -08:00 · 2023-03-10 21:37:35 -08:00 · 87a549bc1f
commit 87a549bc1f
parent ffe5ffe831
1 changed files with 36 additions and 11 deletions
--- a/infra/load-balancer.tf
+++ b/infra/load-balancer.tf
@ -20,14 +20,15 @@ resource "aws_lb" "alpha" {
 ## ECS services manage themselves when it comes to registering to the
 ## target group so we only need to provide the pool
 #####################################################################
-resource "aws_lb_target_group" "shockrah_xyz" {
-  name = "${var.athens_prefix}-shockrah-xyz"
+resource "aws_lb_target_group" "nginx" {
+  for_each = toset(local.buckets)
+  name = "${var.athens_prefix}-${replace(each.value, ".", "-")}"
  port = var.nginx_port
  protocol = "HTTP"
  target_type = "ip"
  vpc_id = aws_vpc.athens_vpc.id
  health_check {
-    interval = 60
+    interval = 120
  }
 }

@ -47,22 +48,46 @@ resource "aws_lb_listener" "http" {
 }

 resource "aws_lb_listener" "https" {
-    load_balancer_arn = aws_lb.alpha.arn
-    port            = 443
-    protocol        = "HTTPS"
-    ssl_policy      = "ELBSecurityPolicy-2016-08"
+  load_balancer_arn = aws_lb.alpha.arn
+  port            = 443
+  protocol        = "HTTPS"
+  ssl_policy      = "ELBSecurityPolicy-2016-08"

-    certificate_arn = aws_acm_certificate_validation.shockrah_xyz.certificate_arn
-    default_action {
-      type = "forward"
-      target_group_arn = aws_lb_target_group.shockrah_xyz.arn
+  certificate_arn = aws_acm_certificate_validation.shockrah_xyz.certificate_arn
+  default_action {
+    type = "fixed-response"
+    fixed_response {
+      content_type = "text/plain"
+      message_body = "Literally how"
+      status_code  = "400"
    }
+  }
 }

+resource "aws_lb_listener_rule" "beta" {
+  for_each = {
+    for index, record in local.buckets:
+      index => record
+  }
+  listener_arn = aws_lb_listener.https.arn
+  priority = 100 + each.key
+  action {
+      type = "forward"
+      target_group_arn = aws_lb_target_group.nginx[each.value].arn
+  }
+  condition {
+    host_header {
+      values = [ each.value ]
+    }
+  }
+}
+
+
 # Certificate attachment for project athens
 ###########################################
 # Additional certificate for the .net
 resource "aws_lb_listener_certificate" "alpha_project_athens_cert" {
+  for_each = toset(local.buckets)
  listener_arn    = aws_lb_listener.https.arn
  certificate_arn = aws_acm_certificate_validation.project_athens_xyz.certificate_arn
 }