skyscrapers · ringods · Dec 20, 2017 · Dec 18, 2017 · Dec 19, 2017 · Dec 19, 2017
diff --git a/README.md b/README.md
diff --git a/alb/main.tf b/alb/main.tf
@@ -1,5 +1,6 @@
 # Create a new load balancer
-resource "aws_alb" "alb" {
+resource "aws_lb" "alb" {
+  load_balancer_type         = "application"
   name                       = "${var.project}-${var.environment}-${var.name}-alb"
   internal                   = "${var.internal}"
   subnets                    = ["${var.subnets}"]
@@ -13,60 +14,3 @@ resource "aws_alb" "alb" {
       "Project", "${var.project}"))
   }"
 }
-
-resource "aws_alb_target_group" "default" {
-  count = "${var.default_target_group_arn == "" ? 1 : 0}"
-
-  # target group name can't be longer than 32 chars, and terraform autogenerated name is 26 characters long
-  # so `name_prefix` can't be longer than 6 characters. Resource is tagged in any case for a clear identification in AWS
-  name_prefix = "def-"
-
-  port                 = "${var.target_port}"
-  protocol             = "${var.target_protocol}"
-  vpc_id               = "${var.vpc_id}"
-  deregistration_delay = "${var.target_deregistration_delay}"
-  stickiness           = ["${var.target_stickiness}"]
-
-  health_check {
-    interval            = "${var.target_health_interval}"
-    path                = "${var.target_health_path}"
-    timeout             = "${var.target_health_timeout}"
-    healthy_threshold   = "${var.target_health_healthy_threshold}"
-    unhealthy_threshold = "${var.target_health_unhealthy_threshold}"
-    matcher             = "${var.target_health_matcher}"
-    protocol            = "${var.target_health_protocol}"
-  }
-
-  tags = "${merge("${var.tags}",
-    map("Name", "${var.project}-${var.environment}-${var.name}-default",
-      "Environment", "${var.environment}",
-      "Project", "${var.project}"))
-  }"
-}
-
-resource "aws_alb_listener" "http" {
-  count             = "${var.enable_http_listener}"
-  load_balancer_arn = "${aws_alb.alb.arn}"
-  port              = "${var.http_port}"
-  protocol          = "HTTP"
-
-  default_action {
-    # Using join with resource.* as workaround for https://github.com/hashicorp/hil/issues/50
-    target_group_arn = "${var.default_target_group_arn == "" ? join(" ", aws_alb_target_group.default.*.arn) : var.default_target_group_arn}"
-    type             = "forward"
-  }
-}
-
-resource "aws_alb_listener" "https" {
-  count             = "${var.enable_https_listener}"
-  load_balancer_arn = "${aws_alb.alb.arn}"
-  port              = "${var.https_port}"
-  protocol          = "HTTPS"
-  certificate_arn   = "${var.https_certificate_arn}"
-
-  default_action {
-    # Using join with resource.* as workaround for https://github.com/hashicorp/hil/issues/50
-    target_group_arn = "${var.default_target_group_arn == "" ? join(" ", aws_alb_target_group.default.*.arn) : var.default_target_group_arn}"
-    type             = "forward"
-  }
-}
diff --git a/alb/outputs.tf b/alb/outputs.tf
@@ -1,44 +1,29 @@
 output "id" {
   description = "ID of the ALB"
-  value       = "${aws_alb.alb.id}"
+  value       = "${aws_lb.alb.id}"
 }
 
 output "arn" {
   description = "ARN of the ALB"
-  value       = "${aws_alb.alb.arn}"
+  value       = "${aws_lb.alb.arn}"
 }
 
 output "name" {
   description = "Name of the ALB"
-  value       = "${aws_alb.alb.name}"
+  value       = "${aws_lb.alb.name}"
 }
 
 output "dns_name" {
   description = "DNS name of the ALB"
-  value       = "${aws_alb.alb.dns_name}"
+  value       = "${aws_lb.alb.dns_name}"
 }
 
 output "zone_id" {
   description = "DNS zone ID of the ALB"
-  value       = "${aws_alb.alb.zone_id}"
+  value       = "${aws_lb.alb.zone_id}"
 }
 
 output "sg_id" {
   description = "ID of the ALB security group"
   value       = "${aws_security_group.sg_alb.id}"
 }
-
-output "http_listener_id" {
-  description = "ID of the ALB HTTP listener"
-  value       = "${aws_alb_listener.https.id}"
-}
-
-output "https_listener_id" {
-  description = "ID of the ALB HTTPS listener"
-  value       = "${aws_alb_listener.https.id}"
-}
-
-output "target_group_arn" {
-  description = "ID of the default target group"
-  value       = "${aws_alb_target_group.default.arn}"
-}
diff --git a/alb/sg.tf b/alb/sg.tf
@@ -9,33 +9,3 @@ resource "aws_security_group" "sg_alb" {
       "Project", "${var.project}"))
   }"
 }
-
-resource "aws_security_group_rule" "sg_alb_http_ingress" {
-  count             = "${var.enable_http_listener}"
-  security_group_id = "${aws_security_group.sg_alb.id}"
-  type              = "ingress"
-  from_port         = "${var.http_port}"
-  to_port           = "${var.http_port}"
-  protocol          = "tcp"
-  cidr_blocks       = "${var.source_subnet_cidrs}"
-}
-
-resource "aws_security_group_rule" "sg_alb_https_ingress" {
-  count             = "${var.enable_https_listener}"
-  security_group_id = "${aws_security_group.sg_alb.id}"
-  type              = "ingress"
-  from_port         = "${var.https_port}"
-  to_port           = "${var.https_port}"
-  protocol          = "tcp"
-  cidr_blocks       = "${var.source_subnet_cidrs}"
-}
-
-resource "aws_security_group_rule" "sg_alb_target_egress" {
-  count                    = "${var.target_security_groups_count}"
-  security_group_id        = "${aws_security_group.sg_alb.id}"
-  type                     = "egress"
-  from_port                = "${var.target_port}"
-  to_port                  = "${var.target_port}"
-  protocol                 = "tcp"
-  source_security_group_id = "${var.target_security_groups[count.index]}"
-}
diff --git a/alb/variables.tf b/alb/variables.tf
@@ -40,104 +40,3 @@ variable "tags" {
   type        = "map"
   default     = {}
 }
-
-variable "enable_http_listener" {
-  description = "Bool(optional, false): Whether to enable the HTTP listener"
-  default     = false
-}
-
-variable "http_port" {
-  description = "Int(optional, 80): HTTP port the ALB is listening to"
-  default     = 80
-}
-
-variable "enable_https_listener" {
-  description = "Bool(optional, true): Whether to enable the HTTPS listener"
-  default     = true
-}
-
-variable "https_port" {
-  description = "Int(optional, 443): HTTPS port the ALB is listening to"
-  default     = 443
-}
-
-variable "https_certificate_arn" {
-  description = "String(required): IAM ARN of the SSL certificate for the HTTPS listener"
-  default     = ""
-}
-
-variable "default_target_group_arn" {
-  description = "String(optional, \"\"): Default target group ARN to add to the HTTP listener. Creates a default target group if not set"
-  default     = ""
-}
-
-variable "target_port" {
-  description = "Int(optional, 80): The port of which targets receive traffic"
-  default     = 80
-}
-
-variable "target_protocol" {
-  description = "String(optional, \"HTTP\"): The protocol to sue for routing traffic to the targets"
-  default     = "HTTP"
-}
-
-variable "target_deregistration_delay" {
-  description = "Int(optional, 30): The time in seconds before deregistering the target"
-  default     = 30
-}
-
-variable "target_stickiness" {
-  description = "List(optional, []): An ALB target_group stickiness block"
-  type        = "list"
-  default     = []
-}
-
-variable "target_health_interval" {
-  description = "Int(optional, 30): Time in seconds between target health checks"
-  default     = 30
-}
-
-variable "target_health_path" {
-  description = "String(optional, \"/\"): Path for the health check request"
-  default     = "/"
-}
-
-variable "target_health_timeout" {
-  description = "Int(optional, 5): Time in seconds to wait for a successful health check response"
-  default     = 5
-}
-
-variable "target_health_healthy_threshold" {
-  description = "Int(optional, 5): The number of consecutive health checks successes before considering a target healthy"
-  default     = 5
-}
-
-variable "target_health_unhealthy_threshold" {
-  description = "Int(optional, 2): The number of consecutive health check failures before considering a target unhealthy"
-  default     = 2
-}
-
-variable "target_health_matcher" {
-  description = "Int(optional, 200): The HTTP codes to use when checking for a successful response from a target"
-  default     = 200
-}
-
-variable "target_security_groups" {
-  description = "List(required): Security groups of the ALB target instances"
-  type        = "list"
-}
-
-variable "target_security_groups_count" {
-  description = "Int(required): Number of security groups of the ALB target instances"
-}
-
-variable "source_subnet_cidrs" {
-  description = "List(optional, [\"0.0.0.0/0\"]): Subnet CIDR blocks from where the ALB will receive traffic"
-  type        = "list"
-  default     = ["0.0.0.0/0"]
-}
-
-variable "target_health_protocol" {
-  default     = "HTTP"
-  description = "Protocol to use for the healthcheck"
-}
diff --git a/alb_listener/main.tf b/alb_listener/main.tf
@@ -0,0 +1,42 @@
+resource "aws_lb_target_group" "default" {
+  count = "${var.default_target_group_arn == "" ? 1 : 0}"
+
+  # target group name can't be longer than 32 chars, and terraform autogenerated name is 26 characters long
+  # so `name_prefix` can't be longer than 6 characters. Resource is tagged in any case for a clear identification in AWS
+  name_prefix = "${var.name_prefix}"
+
+  port                 = "${var.target_port}"
+  protocol             = "${var.target_protocol}"
+  vpc_id               = "${var.vpc_id}"
+  deregistration_delay = "${var.target_deregistration_delay}"
+  stickiness           = ["${var.target_stickiness}"]
+
+  health_check {
+    interval            = "${var.target_health_interval}"
+    path                = "${var.target_health_path}"
+    timeout             = "${var.target_health_timeout}"
+    healthy_threshold   = "${var.target_health_healthy_threshold}"
+    unhealthy_threshold = "${var.target_health_unhealthy_threshold}"
+    matcher             = "${var.target_health_matcher}"
+    protocol            = "${var.target_health_protocol}"
+  }
+
+  tags = "${merge("${var.tags}",
+    map("Name", "${var.project}-${var.environment}-${var.name_prefix}-target-group",
+      "Environment", "${var.environment}",
+      "Project", "${var.project}"))
+  }"
+}
+
+resource "aws_lb_listener" "listener" {
+  load_balancer_arn = "${var.alb_arn}"
+  port              = "${var.ingress_port == -1 ? (var.https_certificate_arn == "" ? 80 : 443) : var.ingress_port }"
+  protocol          = "${var.https_certificate_arn == "" ? "HTTP" : "HTTPS"}"
+  certificate_arn   = "${var.https_certificate_arn}"
+
+  default_action {
+    # Using join with resource.* as workaround for https://github.com/hashicorp/hil/issues/50
+    target_group_arn = "${var.default_target_group_arn == "" ? join(" ", aws_lb_target_group.default.*.arn) : var.default_target_group_arn}"
+    type             = "forward"
+  }
+}
diff --git a/alb_listener/outputs.tf b/alb_listener/outputs.tf
@@ -0,0 +1,9 @@
+output "listener_id" {
+  description = "ID of the ALB HTTP/HTTPS listener"
+  value       = "${aws_lb_listener.listener.id}"
+}
+
+output "target_group_arn" {
+  description = "ID of the default target group"
+  value       = "${join(" ", aws_lb_target_group.default.*.arn)}"
+}
diff --git a/alb_listener/sg.tf b/alb_listener/sg.tf
@@ -0,0 +1,8 @@
+resource "aws_security_group_rule" "sg_alb_ingress" {
+  security_group_id = "${var.alb_sg_id}"
+  type              = "ingress"
+  from_port         = "${var.ingress_port == -1 ? (var.https_certificate_arn == "" ? 80 : 443) : var.ingress_port }"
+  to_port           = "${var.ingress_port == -1 ? (var.https_certificate_arn == "" ? 80 : 443) : var.ingress_port }"
+  protocol          = "tcp"
+  cidr_blocks       = "${var.source_subnet_cidrs}"
+}