* Load balancer components are now built dynamically for each domain

+ Increased health_check intervals
+ HTTPS default action is now a blank 400 page
+ Generating listener rules for beta proxy based on bucket names/domains
Using domain filters for this basically
* Dynamically attaching listener certificates
This commit is contained in:
shockrah 2023-03-10 21:37:35 -08:00
parent ffe5ffe831
commit 87a549bc1f

View File

@ -20,14 +20,15 @@ resource "aws_lb" "alpha" {
## ECS services manage themselves when it comes to registering to the ## ECS services manage themselves when it comes to registering to the
## target group so we only need to provide the pool ## target group so we only need to provide the pool
##################################################################### #####################################################################
resource "aws_lb_target_group" "shockrah_xyz" { resource "aws_lb_target_group" "nginx" {
name = "${var.athens_prefix}-shockrah-xyz" for_each = toset(local.buckets)
name = "${var.athens_prefix}-${replace(each.value, ".", "-")}"
port = var.nginx_port port = var.nginx_port
protocol = "HTTP" protocol = "HTTP"
target_type = "ip" target_type = "ip"
vpc_id = aws_vpc.athens_vpc.id vpc_id = aws_vpc.athens_vpc.id
health_check { health_check {
interval = 60 interval = 120
} }
} }
@ -54,15 +55,39 @@ resource "aws_lb_listener" "https" {
certificate_arn = aws_acm_certificate_validation.shockrah_xyz.certificate_arn certificate_arn = aws_acm_certificate_validation.shockrah_xyz.certificate_arn
default_action { default_action {
type = "fixed-response"
fixed_response {
content_type = "text/plain"
message_body = "Literally how"
status_code = "400"
}
}
}
resource "aws_lb_listener_rule" "beta" {
for_each = {
for index, record in local.buckets:
index => record
}
listener_arn = aws_lb_listener.https.arn
priority = 100 + each.key
action {
type = "forward" type = "forward"
target_group_arn = aws_lb_target_group.shockrah_xyz.arn target_group_arn = aws_lb_target_group.nginx[each.value].arn
}
condition {
host_header {
values = [ each.value ]
} }
} }
}
# Certificate attachment for project athens # Certificate attachment for project athens
########################################### ###########################################
# Additional certificate for the .net # Additional certificate for the .net
resource "aws_lb_listener_certificate" "alpha_project_athens_cert" { resource "aws_lb_listener_certificate" "alpha_project_athens_cert" {
for_each = toset(local.buckets)
listener_arn = aws_lb_listener.https.arn listener_arn = aws_lb_listener.https.arn
certificate_arn = aws_acm_certificate_validation.project_athens_xyz.certificate_arn certificate_arn = aws_acm_certificate_validation.project_athens_xyz.certificate_arn
} }