-
Notifications
You must be signed in to change notification settings - Fork 5
/
alb-main.tf
99 lines (88 loc) · 2.74 KB
/
alb-main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
module "alb" {
source = "terraform-aws-modules/alb/aws"
version = "~> 8.0"
create_lb = var.create_lb
name = var.cluster_name
load_balancer_type = "application"
vpc_id = module.vpc.vpc_id
subnets = module.vpc.public_subnets
security_groups = [module.vpc.default_security_group_id]
security_group_rules = {
ingress_all_http = {
type = "ingress"
from_port = 80
to_port = 80
protocol = "tcp"
description = "Allow HTTP traffic"
cidr_blocks = ["0.0.0.0/0"]
}
egress_all = {
type = "egress"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
target_groups = [
{
name_prefix = substr(var.cluster_name, 0, 6)
backend_protocol = "HTTP"
backend_port = 8080
target_type = "instance"
targets = [
for i, ui_id in module.skywalking.ui_instance_ids : {
target_id = ui_id
port = 8080
}
]
health_check = {
enabled = true
interval = 30
path = "/internal/l7check"
port = "traffic-port"
healthy_threshold = 3
unhealthy_threshold = 3
timeout = 6
protocol = "HTTP"
matcher = "200"
}
}
]
http_tcp_listeners = [
{
port = 80
protocol = "HTTP"
target_group_index = 0
}
]
tags = var.extra_tags
}
resource "aws_security_group" "alb-skywalking-ui" {
count = var.create_lb ? 1 : 0
name = "alb-skywalking-ui"
description = "Security group for ALB to access SkyWalking UI"
vpc_id = module.vpc.vpc_id
ingress {
from_port = 8080
to_port = 8080
protocol = "tcp"
description = "Allow access from ALB to SkyWalking UI"
security_groups = [module.alb.security_group_id]
}
}