From 4dd59af3d61719493b4f33f89f5fba17471ff8ae Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Thu, 2 Nov 2023 13:28:22 -0400 Subject: [PATCH] feat: Add support for traffic source attachment (#248) --- .pre-commit-config.yaml | 2 +- README.md | 4 ++ examples/complete/README.md | 3 +- examples/complete/main.tf | 86 ++++++++++++++++++++++--------------- main.tf | 15 +++++++ variables.tf | 22 ++++++++++ 6 files changed, 94 insertions(+), 38 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 15d3d3e..145baf9 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.83.4 + rev: v1.83.5 hooks: - id: terraform_fmt - id: terraform_validate diff --git a/README.md b/README.md index 8673bc6..0058fa1 100644 --- a/README.md +++ b/README.md @@ -250,6 +250,7 @@ No modules. | [aws_autoscaling_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_group) | resource | | [aws_autoscaling_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_policy) | resource | | [aws_autoscaling_schedule.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_schedule) | resource | +| [aws_autoscaling_traffic_source_attachment.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_traffic_source_attachment) | resource | | [aws_iam_instance_profile.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_instance_profile) | resource | | [aws_iam_role.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | | [aws_iam_role_policy_attachment.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | @@ -272,6 +273,7 @@ No modules. | [create\_launch\_template](#input\_create\_launch\_template) | Determines whether to create launch template or not | `bool` | `true` | no | | [create\_scaling\_policy](#input\_create\_scaling\_policy) | Determines whether to create target scaling policy schedule or not | `bool` | `true` | no | | [create\_schedule](#input\_create\_schedule) | Determines whether to create autoscaling group schedule or not | `bool` | `true` | no | +| [create\_traffic\_source\_attachment](#input\_create\_traffic\_source\_attachment) | Determines whether to create autoscaling group traffic source attachment | `bool` | `false` | no | | [credit\_specification](#input\_credit\_specification) | Customize the credit specification of the instance | `map(string)` | `{}` | no | | [default\_cooldown](#input\_default\_cooldown) | The amount of time, in seconds, after a scaling activity completes before another scaling activity can start | `number` | `null` | no | | [default\_instance\_warmup](#input\_default\_instance\_warmup) | Amount of time, in seconds, until a newly launched instance can contribute to the Amazon CloudWatch metrics. This delay lets an instance finish initializing before Amazon EC2 Auto Scaling aggregates instance metrics, resulting in more reliable usage data. Set this value equal to the amount of time that it takes for resource consumption to become stable after an instance reaches the InService state. | `number` | `null` | no | @@ -344,6 +346,8 @@ No modules. | [tags](#input\_tags) | A map of tags to assign to resources | `map(string)` | `{}` | no | | [target\_group\_arns](#input\_target\_group\_arns) | A set of `aws_alb_target_group` ARNs, for use with Application or Network Load Balancing | `list(string)` | `[]` | no | | [termination\_policies](#input\_termination\_policies) | A list of policies to decide how the instances in the Auto Scaling Group should be terminated. The allowed values are `OldestInstance`, `NewestInstance`, `OldestLaunchConfiguration`, `ClosestToNextInstanceHour`, `OldestLaunchTemplate`, `AllocationStrategy`, `Default` | `list(string)` | `[]` | no | +| [traffic\_source\_identifier](#input\_traffic\_source\_identifier) | Identifies the traffic source. For Application Load Balancers, Gateway Load Balancers, Network Load Balancers, and VPC Lattice, this will be the Amazon Resource Name (ARN) for a target group in this account and Region. For Classic Load Balancers, this will be the name of the Classic Load Balancer in this account and Region | `string` | `""` | no | +| [traffic\_source\_type](#input\_traffic\_source\_type) | Provides additional context for the value of identifier. The following lists the valid values: `elb` if `identifier` is the name of a Classic Load Balancer. `elbv2` if `identifier` is the ARN of an Application Load Balancer, Gateway Load Balancer, or Network Load Balancer target group. `vpc-lattice` if `identifier` is the ARN of a VPC Lattice target group | `string` | `"elbv2"` | no | | [update\_default\_version](#input\_update\_default\_version) | Whether to update Default Version each update. Conflicts with `default_version` | `string` | `null` | no | | [use\_mixed\_instances\_policy](#input\_use\_mixed\_instances\_policy) | Determines whether to use a mixed instances policy in the autoscaling group or not | `bool` | `false` | no | | [use\_name\_prefix](#input\_use\_name\_prefix) | Determines whether to use `name` as is or create a unique name beginning with the `name` as the prefix | `bool` | `true` | no | diff --git a/examples/complete/README.md b/examples/complete/README.md index 1eb3217..3d78940 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -42,8 +42,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Source | Version | |------|--------|---------| -| [alb](#module\_alb) | terraform-aws-modules/alb/aws | ~> 8.0 | -| [alb\_http\_sg](#module\_alb\_http\_sg) | terraform-aws-modules/security-group/aws//modules/http-80 | ~> 5.0 | +| [alb](#module\_alb) | terraform-aws-modules/alb/aws | ~> 9.0 | | [asg\_sg](#module\_asg\_sg) | terraform-aws-modules/security-group/aws | ~> 5.0 | | [complete](#module\_complete) | ../../ | n/a | | [default](#module\_default) | ../../ | n/a | diff --git a/examples/complete/main.tf b/examples/complete/main.tf index d3884af..6d6c7b2 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -46,6 +46,11 @@ module "complete" { vpc_zone_identifier = module.vpc.private_subnets service_linked_role_arn = aws_iam_service_linked_role.autoscaling.arn + # Traffic source attachment + create_traffic_source_attachment = true + traffic_source_identifier = module.alb.target_groups["ex_asg"].arn + traffic_source_type = "elbv2" + initial_lifecycle_hooks = [ { name = "ExampleStartupLifeCycleHook" @@ -104,8 +109,6 @@ module "complete" { # # Security group is set on the ENIs below # security_groups = [module.asg_sg.security_group_id] - target_group_arns = module.alb.target_group_arns - block_device_mappings = [ { # Root volume @@ -268,7 +271,7 @@ module "complete" { target_tracking_configuration = { predefined_metric_specification = { predefined_metric_type = "ALBRequestCountPerTarget" - resource_label = "${module.alb.lb_arn_suffix}/${module.alb.target_group_arn_suffixes[0]}" + resource_label = "${module.alb.arn_suffix}/${module.alb.target_groups["ex_asg"].arn_suffix}" } target_value = 800 } @@ -822,7 +825,7 @@ module "asg_sg" { computed_ingress_with_source_security_group_id = [ { rule = "http-80-tcp" - source_security_group_id = module.alb_http_sg.security_group_id + source_security_group_id = module.alb.security_group_id } ] number_of_computed_ingress_with_source_security_group_id = 1 @@ -881,45 +884,58 @@ resource "aws_iam_role" "ssm" { }) } -module "alb_http_sg" { - source = "terraform-aws-modules/security-group/aws//modules/http-80" - version = "~> 5.0" - - name = "${local.name}-alb-http" - vpc_id = module.vpc.vpc_id - description = "Security group for ${local.name}" - - ingress_cidr_blocks = ["0.0.0.0/0"] - - tags = local.tags -} - module "alb" { source = "terraform-aws-modules/alb/aws" - version = "~> 8.0" + version = "~> 9.0" name = local.name - vpc_id = module.vpc.vpc_id - subnets = module.vpc.public_subnets - security_groups = [module.alb_http_sg.security_group_id] + vpc_id = module.vpc.vpc_id + subnets = module.vpc.public_subnets - http_tcp_listeners = [ - { - port = 80 - protocol = "HTTP" - target_group_index = 0 + # For example only + enable_deletion_protection = false + + # Security Group + security_group_ingress_rules = { + all_http = { + from_port = 80 + to_port = 80 + ip_protocol = "tcp" + cidr_ipv4 = "0.0.0.0/0" } - ] + } + security_group_egress_rules = { + all = { + ip_protocol = "-1" + cidr_ipv4 = module.vpc.vpc_cidr_block + } + } - target_groups = [ - { - name = local.name - backend_protocol = "HTTP" - backend_port = 80 - target_type = "instance" - }, - ] + listeners = { + ex_http = { + port = 80 + protocol = "HTTP" + + forward = { + target_group_key = "ex_asg" + } + } + } + + target_groups = { + ex_asg = { + backend_protocol = "HTTP" + backend_port = 80 + target_type = "instance" + deregistration_delay = 5 + load_balancing_cross_zone_enabled = true + + # There's nothing to attach here in this definition. + # The attachment happens in the ASG module above + create_attachment = false + } + } tags = local.tags } diff --git a/main.tf b/main.tf index 2f83f64..496294c 100644 --- a/main.tf +++ b/main.tf @@ -873,6 +873,21 @@ resource "aws_autoscaling_group" "idc" { } } +################################################################################ +# Autoscaling group traffic source attachment +################################################################################ + +resource "aws_autoscaling_traffic_source_attachment" "this" { + count = local.create && var.create_traffic_source_attachment ? 1 : 0 + + autoscaling_group_name = var.ignore_desired_capacity_changes ? aws_autoscaling_group.idc[0].id : aws_autoscaling_group.this[0].id + + traffic_source { + identifier = var.traffic_source_identifier + type = var.traffic_source_type + } +} + ################################################################################ # Autoscaling group schedule ################################################################################ diff --git a/variables.tf b/variables.tf index 87e3873..f31d5fe 100644 --- a/variables.tf +++ b/variables.tf @@ -461,6 +461,28 @@ variable "tag_specifications" { default = [] } +################################################################################ +# Autoscaling group traffic source attachment +################################################################################ + +variable "create_traffic_source_attachment" { + description = "Determines whether to create autoscaling group traffic source attachment" + type = bool + default = false +} + +variable "traffic_source_identifier" { + description = "Identifies the traffic source. For Application Load Balancers, Gateway Load Balancers, Network Load Balancers, and VPC Lattice, this will be the Amazon Resource Name (ARN) for a target group in this account and Region. For Classic Load Balancers, this will be the name of the Classic Load Balancer in this account and Region" + type = string + default = "" +} + +variable "traffic_source_type" { + description = "Provides additional context for the value of identifier. The following lists the valid values: `elb` if `identifier` is the name of a Classic Load Balancer. `elbv2` if `identifier` is the ARN of an Application Load Balancer, Gateway Load Balancer, or Network Load Balancer target group. `vpc-lattice` if `identifier` is the ARN of a VPC Lattice target group" + type = string + default = "elbv2" +} + ################################################################################ # Autoscaling group schedule ################################################################################