From 87a549bc1f10be63b30a33331e01ad80fec5d3eb Mon Sep 17 00:00:00 2001
From: shockrah <dev@shockrah.xyz>
Date: Fri, 10 Mar 2023 21:37:35 -0800
Subject: [PATCH] * Load balancer components are now built dynamically for each
 domain + Increased health_check intervals + HTTPS default action is now a
 blank 400 page + Generating listener rules for beta proxy based on bucket
 names/domains Using domain filters for this basically * Dynamically attaching
 listener certificates

---
 infra/load-balancer.tf | 47 ++++++++++++++++++++++++++++++++----------
 1 file changed, 36 insertions(+), 11 deletions(-)

diff --git a/infra/load-balancer.tf b/infra/load-balancer.tf
index 5375e99..21956c9 100644
--- a/infra/load-balancer.tf
+++ b/infra/load-balancer.tf
@@ -20,14 +20,15 @@ resource "aws_lb" "alpha" {
 ## ECS services manage themselves when it comes to registering to the
 ## target group so we only need to provide the pool
 #####################################################################
-resource "aws_lb_target_group" "shockrah_xyz" {
-  name = "${var.athens_prefix}-shockrah-xyz"
+resource "aws_lb_target_group" "nginx" {
+  for_each = toset(local.buckets)
+  name = "${var.athens_prefix}-${replace(each.value, ".", "-")}"
   port = var.nginx_port
   protocol = "HTTP"
   target_type = "ip"
   vpc_id = aws_vpc.athens_vpc.id
   health_check {
-    interval = 60
+    interval = 120
   }
 }
 
@@ -47,22 +48,46 @@ resource "aws_lb_listener" "http" {
 }
 
 resource "aws_lb_listener" "https" {
-    load_balancer_arn = aws_lb.alpha.arn
-    port            = 443
-    protocol        = "HTTPS"
-    ssl_policy      = "ELBSecurityPolicy-2016-08"
+  load_balancer_arn = aws_lb.alpha.arn
+  port            = 443
+  protocol        = "HTTPS"
+  ssl_policy      = "ELBSecurityPolicy-2016-08"
 
-    certificate_arn = aws_acm_certificate_validation.shockrah_xyz.certificate_arn
-    default_action {
-      type = "forward"
-      target_group_arn = aws_lb_target_group.shockrah_xyz.arn
+  certificate_arn = aws_acm_certificate_validation.shockrah_xyz.certificate_arn
+  default_action {
+    type = "fixed-response"
+    fixed_response {
+      content_type = "text/plain"
+      message_body = "Literally how"
+      status_code  = "400"
     }
+  }
 }
 
+resource "aws_lb_listener_rule" "beta" {
+  for_each = {
+    for index, record in local.buckets:
+      index => record
+  }
+  listener_arn = aws_lb_listener.https.arn
+  priority = 100 + each.key
+  action {
+      type = "forward"
+      target_group_arn = aws_lb_target_group.nginx[each.value].arn
+  }
+  condition {
+    host_header {
+      values = [ each.value ]
+    }
+  }
+}
+
+
 # Certificate attachment for project athens
 ###########################################
 # Additional certificate for the .net
 resource "aws_lb_listener_certificate" "alpha_project_athens_cert" {
+  for_each = toset(local.buckets)
   listener_arn    = aws_lb_listener.https.arn
   certificate_arn = aws_acm_certificate_validation.project_athens_xyz.certificate_arn
 }