shockrah/infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

* Load balancer components are now built dynamically for each domain

Browse Source 
+ Increased health_check intervals
+ HTTPS default action is now a blank 400 page
+ Generating listener rules for beta proxy based on bucket names/domains
Using domain filters for this basically
* Dynamically attaching listener certificates
This commit is contained in:
shockrah 2023-03-10 21:37:35 -08:00
parent ffe5ffe831
commit 87a549bc1f
1 changed files with 36 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
infra/load-balancer.tf
View File

@ -20,14 +20,15 @@ resource "aws_lb" "alpha" {
## ECS services manage themselves when it comes to registering to the ## ECS services manage themselves when it comes to registering to the
## target group so we only need to provide the pool ## target group so we only need to provide the pool
##################################################################### #####################################################################
resource "aws_lb_target_group" "shockrah_xyz" { resource "aws_lb_target_group" "nginx" {
name = "${var.athens_prefix}-shockrah-xyz" for_each = toset(local.buckets)
name = "${var.athens_prefix}-${replace(each.value, ".", "-")}"
port = var.nginx_port port = var.nginx_port
protocol = "HTTP" protocol = "HTTP"
target_type = "ip" target_type = "ip"
vpc_id = aws_vpc.athens_vpc.id vpc_id = aws_vpc.athens_vpc.id
health_check { health_check {
interval = 60 interval = 120
} }
} }
@ -47,22 +48,46 @@ resource "aws_lb_listener" "http" {
} }
resource "aws_lb_listener" "https" { resource "aws_lb_listener" "https" {
load_balancer_arn = aws_lb.alpha.arn load_balancer_arn = aws_lb.alpha.arn
port = 443 port = 443
protocol = "HTTPS" protocol = "HTTPS"
ssl_policy = "ELBSecurityPolicy-2016-08" ssl_policy = "ELBSecurityPolicy-2016-08"
certificate_arn = aws_acm_certificate_validation.shockrah_xyz.certificate_arn certificate_arn = aws_acm_certificate_validation.shockrah_xyz.certificate_arn
default_action { default_action {
type = "forward" type = "fixed-response"
target_group_arn = aws_lb_target_group.shockrah_xyz.arn fixed_response {
content_type = "text/plain"
message_body = "Literally how"
status_code = "400"
} }
}
} }
resource "aws_lb_listener_rule" "beta" {
for_each = {
for index, record in local.buckets:
index => record
}
listener_arn = aws_lb_listener.https.arn
priority = 100 + each.key
action {
type = "forward"
target_group_arn = aws_lb_target_group.nginx[each.value].arn
}
condition {
host_header {
values = [ each.value ]
}
}
}
# Certificate attachment for project athens # Certificate attachment for project athens
########################################### ###########################################
# Additional certificate for the .net # Additional certificate for the .net
resource "aws_lb_listener_certificate" "alpha_project_athens_cert" { resource "aws_lb_listener_certificate" "alpha_project_athens_cert" {
for_each = toset(local.buckets)
listener_arn = aws_lb_listener.https.arn listener_arn = aws_lb_listener.https.arn
certificate_arn = aws_acm_certificate_validation.project_athens_xyz.certificate_arn certificate_arn = aws_acm_certificate_validation.project_athens_xyz.certificate_arn
} }