From 597a65ae45fa6ea8fd63496b4dbb5cf1892b5640 Mon Sep 17 00:00:00 2001 From: nimrodgab Date: Tue, 30 Jan 2024 13:00:50 +0200 Subject: [PATCH 1/3] Added logic in qs-autoscale to use hc tcp 8117 when gw version below R81 for NLB --- terraform/aws/modules/common/load_balancer/main.tf | 4 ++-- .../aws/modules/common/load_balancer/variables.tf | 11 +++++++++++ terraform/aws/qs-autoscale/README.md | 1 + terraform/aws/qs-autoscale/locals.tf | 2 ++ terraform/aws/qs-autoscale/main.tf | 2 ++ 5 files changed, 18 insertions(+), 2 deletions(-) diff --git a/terraform/aws/modules/common/load_balancer/main.tf b/terraform/aws/modules/common/load_balancer/main.tf index 3a9d8a6b..18b3b753 100755 --- a/terraform/aws/modules/common/load_balancer/main.tf +++ b/terraform/aws/modules/common/load_balancer/main.tf @@ -19,8 +19,8 @@ resource "aws_lb_target_group" "lb_target_group" { protocol = var.load_balancer_protocol port = var.target_group_port health_check { - port = var.load_balancers_type != "gateway" && var.load_balancers_type != "Network Load Balancer" ? null : 8117 - protocol = var.load_balancers_type != "gateway" && var.load_balancers_type != "Network Load Balancer" ? null : "TCP" + port = var.load_balancers_type != "gateway" ? var.health_check_port : 8117 + protocol = var.load_balancers_type != "gateway" ? var.health_check_protocol : "TCP" } } resource "aws_lb_listener" "lb_listener" { diff --git a/terraform/aws/modules/common/load_balancer/variables.tf b/terraform/aws/modules/common/load_balancer/variables.tf index d2ea6103..e47d9d35 100755 --- a/terraform/aws/modules/common/load_balancer/variables.tf +++ b/terraform/aws/modules/common/load_balancer/variables.tf @@ -50,3 +50,14 @@ variable "cross_zone_load_balancing"{ default = false description = "Select 'true' to enable cross-az load balancing. NOTE! this may cause a spike in cross-az charges." } + +variable "health_check_port" { + description = "The health check port" + type = number + default = null +} +variable "health_check_protocol" { + description = "The health check protocol" + type = string + default = null +} \ No newline at end of file diff --git a/terraform/aws/qs-autoscale/README.md b/terraform/aws/qs-autoscale/README.md index eeba4c45..8c193f12 100755 --- a/terraform/aws/qs-autoscale/README.md +++ b/terraform/aws/qs-autoscale/README.md @@ -224,6 +224,7 @@ In order to check the template version, please refer to [sk116585](https://suppo | 20231012 | Update AWS Terraform provider version to 5.20.1 | | 20231022 | Fixed template to populate x-chkp-tags correctly | | 20231127 | Add support for parameter admin shell | +| 20240130 | Added logic to use hc tcp 8117 when gw version below R81 for NLB | ## License diff --git a/terraform/aws/qs-autoscale/locals.tf b/terraform/aws/qs-autoscale/locals.tf index 89c0da15..291ad271 100755 --- a/terraform/aws/qs-autoscale/locals.tf +++ b/terraform/aws/qs-autoscale/locals.tf @@ -66,4 +66,6 @@ locals { encrypted_protocol_condition = (local.alb_condition && var.load_balancer_protocol == "HTTPS") || (local.nlb_condition && var.load_balancer_protocol == "TLS") ? true : false deploy_management_condition = var.management_deploy == true deploy_servers_condition = var.servers_deploy == true + r81_below_gw_versions = ["R80.40-BYOL", "R80.40-PAYG-NGTP", "R80.40-PAYG-NGTX", "R81-BYOL", "R81-PAYG-NGTP", "R81-PAYG-NGTX"] + is_gw_version_r81_below = contains(local.r81_below_gw_versions, var.gateway_version) } \ No newline at end of file diff --git a/terraform/aws/qs-autoscale/main.tf b/terraform/aws/qs-autoscale/main.tf index c63cbfb3..4dedce81 100755 --- a/terraform/aws/qs-autoscale/main.tf +++ b/terraform/aws/qs-autoscale/main.tf @@ -37,6 +37,8 @@ module "external_load_balancer" { target_group_port = local.encrypted_protocol_condition ? 9443 : 9080 listener_port = local.provided_port_condition ? var.service_port : local.encrypted_protocol_condition ? "443" : "80" certificate_arn = local.encrypted_protocol_condition ? var.certificate : "" + health_check_port = var.load_balancers_type == "Network Load Balancer" && !local.is_gw_version_r81_below ? 8117 : null + health_check_protocol = var.load_balancers_type == "Network Load Balancer" && !local.is_gw_version_r81_below ? "TCP" : null } module "autoscale" { From 50de01677ae51549941bfac9e2f882a71b15070d Mon Sep 17 00:00:00 2001 From: chkp-nimrodgab <126168909+chkp-nimrodgab@users.noreply.github.com> Date: Tue, 30 Jan 2024 13:06:12 +0200 Subject: [PATCH 2/3] Update variables.tf --- terraform/aws/modules/common/load_balancer/variables.tf | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/terraform/aws/modules/common/load_balancer/variables.tf b/terraform/aws/modules/common/load_balancer/variables.tf index e47d9d35..7cc6464e 100755 --- a/terraform/aws/modules/common/load_balancer/variables.tf +++ b/terraform/aws/modules/common/load_balancer/variables.tf @@ -50,7 +50,6 @@ variable "cross_zone_load_balancing"{ default = false description = "Select 'true' to enable cross-az load balancing. NOTE! this may cause a spike in cross-az charges." } - variable "health_check_port" { description = "The health check port" type = number @@ -60,4 +59,4 @@ variable "health_check_protocol" { description = "The health check protocol" type = string default = null -} \ No newline at end of file +} From f765487d404e3126746f5e36c7ba33230073d2a0 Mon Sep 17 00:00:00 2001 From: nimrodgab Date: Tue, 30 Jan 2024 13:11:03 +0200 Subject: [PATCH 3/3] Updated README.md --- terraform/aws/qs-autoscale/README.md | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/terraform/aws/qs-autoscale/README.md b/terraform/aws/qs-autoscale/README.md index 8c193f12..1d633d19 100755 --- a/terraform/aws/qs-autoscale/README.md +++ b/terraform/aws/qs-autoscale/README.md @@ -211,20 +211,20 @@ secret_key = "my-secret-key" ## Revision History In order to check the template version, please refer to [sk116585](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk116585) -| Template Version | Description | -|------------------|--------------------------------------------------------------------------------| -| 20210309 | First release of Check Point Quick Start Auto Scaling Terraform module for AWS | -| 20210329 | Stability fixes | -| 20220606 | New instance type support | -| 20221123 | R81.20 version support | -| 20221226 | Support ASG Launch Template instead of Launch Configuration | -| 20230806 | Add support for c6in instance type | -| 20230829 | Change default Check Point version to R81.20 | -| 20230923 | Add support for C5d instance type | -| 20231012 | Update AWS Terraform provider version to 5.20.1 | -| 20231022 | Fixed template to populate x-chkp-tags correctly | -| 20231127 | Add support for parameter admin shell | -| 20240130 | Added logic to use hc tcp 8117 when gw version below R81 for NLB | +| Template Version | Description | +|------------------|-------------------------------------------------------------------------------------------------------------------------------------| +| 20210309 | First release of Check Point Quick Start Auto Scaling Terraform module for AWS | +| 20210329 | Stability fixes | +| 20220606 | New instance type support | +| 20221123 | R81.20 version support | +| 20221226 | Support ASG Launch Template instead of Launch Configuration | +| 20230806 | Add support for c6in instance type | +| 20230829 | Change default Check Point version to R81.20 | +| 20230923 | Add support for C5d instance type | +| 20231012 | Update AWS Terraform provider version to 5.20.1 | +| 20231022 | Fixed template to populate x-chkp-tags correctly | +| 20231127 | Add support for parameter admin shell | +| 20240130 | Network Load Balancer Health Check configuration change for higher than R81 version. New Health Check Port is 8117 and Protocol TCP | ## License