From f96f6569cfdaefe2b0c1eaad12bbb01a73cb27be Mon Sep 17 00:00:00 2001 From: shockrah Date: Mon, 2 Jan 2023 18:36:48 -0800 Subject: [PATCH] Cert with load balancer listener --- infra/cert.tf | 11 +++++++++++ infra/load-balancer.tf | 9 ++++++--- 2 files changed, 17 insertions(+), 3 deletions(-) create mode 100644 infra/cert.tf diff --git a/infra/cert.tf b/infra/cert.tf new file mode 100644 index 0000000..9dc1afb --- /dev/null +++ b/infra/cert.tf @@ -0,0 +1,11 @@ +# Here is the TLS cert that we create for the alpha cluster + +resource "aws_acm_certificate" "sample" { + domain_name = "sample.project-athens.xyz" + validation_method = "DNS" +} + +resource "aws_acm_certificate_validation" "sample" { + certificate_arn = aws_acm_certificate.sample.arn + validation_record_fqdns = [ aws_route53_record.project-athens-record["2"].fqdn ] +} diff --git a/infra/load-balancer.tf b/infra/load-balancer.tf index 3d382d2..f0b92b0 100644 --- a/infra/load-balancer.tf +++ b/infra/load-balancer.tf @@ -25,10 +25,13 @@ resource "aws_lb_target_group" "alpha_cluster" { vpc_id = aws_vpc.athens_vpc.id } -resource "aws_lb_listener" "http" { +resource "aws_lb_listener" "https" { load_balancer_arn = aws_lb.alpha.arn - port = 80 - protocol = "HTTP" + port = 443 + protocol = "HTTPS" + ssl_policy = "ELBSecurityPolicy-2016-08" + + certificate_arn = aws_acm_certificate_validation.sample.certificate_arn default_action { type = "forward" target_group_arn = aws_lb_target_group.alpha_cluster.arn