diff --git a/terraform/aws/modules/common/load_balancer/main.tf b/terraform/aws/modules/common/load_balancer/main.tf index 3a9d8a6b..18b3b753 100755 --- a/terraform/aws/modules/common/load_balancer/main.tf +++ b/terraform/aws/modules/common/load_balancer/main.tf @@ -19,8 +19,8 @@ resource "aws_lb_target_group" "lb_target_group" { protocol = var.load_balancer_protocol port = var.target_group_port health_check { - port = var.load_balancers_type != "gateway" && var.load_balancers_type != "Network Load Balancer" ? null : 8117 - protocol = var.load_balancers_type != "gateway" && var.load_balancers_type != "Network Load Balancer" ? null : "TCP" + port = var.load_balancers_type != "gateway" ? var.health_check_port : 8117 + protocol = var.load_balancers_type != "gateway" ? var.health_check_protocol : "TCP" } } resource "aws_lb_listener" "lb_listener" { diff --git a/terraform/aws/modules/common/load_balancer/variables.tf b/terraform/aws/modules/common/load_balancer/variables.tf index d2ea6103..7cc6464e 100755 --- a/terraform/aws/modules/common/load_balancer/variables.tf +++ b/terraform/aws/modules/common/load_balancer/variables.tf @@ -50,3 +50,13 @@ variable "cross_zone_load_balancing"{ default = false description = "Select 'true' to enable cross-az load balancing. NOTE! this may cause a spike in cross-az charges." } +variable "health_check_port" { + description = "The health check port" + type = number + default = null +} +variable "health_check_protocol" { + description = "The health check protocol" + type = string + default = null +} diff --git a/terraform/aws/qs-autoscale/README.md b/terraform/aws/qs-autoscale/README.md index eeba4c45..1d633d19 100755 --- a/terraform/aws/qs-autoscale/README.md +++ b/terraform/aws/qs-autoscale/README.md @@ -211,19 +211,20 @@ secret_key = "my-secret-key" ## Revision History In order to check the template version, please refer to [sk116585](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk116585) -| Template Version | Description | -|------------------|--------------------------------------------------------------------------------| -| 20210309 | First release of Check Point Quick Start Auto Scaling Terraform module for AWS | -| 20210329 | Stability fixes | -| 20220606 | New instance type support | -| 20221123 | R81.20 version support | -| 20221226 | Support ASG Launch Template instead of Launch Configuration | -| 20230806 | Add support for c6in instance type | -| 20230829 | Change default Check Point version to R81.20 | -| 20230923 | Add support for C5d instance type | -| 20231012 | Update AWS Terraform provider version to 5.20.1 | -| 20231022 | Fixed template to populate x-chkp-tags correctly | -| 20231127 | Add support for parameter admin shell | +| Template Version | Description | +|------------------|-------------------------------------------------------------------------------------------------------------------------------------| +| 20210309 | First release of Check Point Quick Start Auto Scaling Terraform module for AWS | +| 20210329 | Stability fixes | +| 20220606 | New instance type support | +| 20221123 | R81.20 version support | +| 20221226 | Support ASG Launch Template instead of Launch Configuration | +| 20230806 | Add support for c6in instance type | +| 20230829 | Change default Check Point version to R81.20 | +| 20230923 | Add support for C5d instance type | +| 20231012 | Update AWS Terraform provider version to 5.20.1 | +| 20231022 | Fixed template to populate x-chkp-tags correctly | +| 20231127 | Add support for parameter admin shell | +| 20240130 | Network Load Balancer Health Check configuration change for higher than R81 version. New Health Check Port is 8117 and Protocol TCP | ## License diff --git a/terraform/aws/qs-autoscale/locals.tf b/terraform/aws/qs-autoscale/locals.tf index 89c0da15..291ad271 100755 --- a/terraform/aws/qs-autoscale/locals.tf +++ b/terraform/aws/qs-autoscale/locals.tf @@ -66,4 +66,6 @@ locals { encrypted_protocol_condition = (local.alb_condition && var.load_balancer_protocol == "HTTPS") || (local.nlb_condition && var.load_balancer_protocol == "TLS") ? true : false deploy_management_condition = var.management_deploy == true deploy_servers_condition = var.servers_deploy == true + r81_below_gw_versions = ["R80.40-BYOL", "R80.40-PAYG-NGTP", "R80.40-PAYG-NGTX", "R81-BYOL", "R81-PAYG-NGTP", "R81-PAYG-NGTX"] + is_gw_version_r81_below = contains(local.r81_below_gw_versions, var.gateway_version) } \ No newline at end of file diff --git a/terraform/aws/qs-autoscale/main.tf b/terraform/aws/qs-autoscale/main.tf index c63cbfb3..4dedce81 100755 --- a/terraform/aws/qs-autoscale/main.tf +++ b/terraform/aws/qs-autoscale/main.tf @@ -37,6 +37,8 @@ module "external_load_balancer" { target_group_port = local.encrypted_protocol_condition ? 9443 : 9080 listener_port = local.provided_port_condition ? var.service_port : local.encrypted_protocol_condition ? "443" : "80" certificate_arn = local.encrypted_protocol_condition ? var.certificate : "" + health_check_port = var.load_balancers_type == "Network Load Balancer" && !local.is_gw_version_r81_below ? 8117 : null + health_check_protocol = var.load_balancers_type == "Network Load Balancer" && !local.is_gw_version_r81_below ? "TCP" : null } module "autoscale" {