feat: added ability to disable https listener and replace with http l…

…istener

README.md

@@ -89,7 +89,6 @@ Terraform module which creates a traefik ecs task
 | <a name="input_port_health"></a> [port\_health](#input\_port\_health) | Define the health port | `number` | `8090` | no |
 | <a name="input_port_metadata"></a> [port\_metadata](#input\_port\_metadata) | Define the metadata port | `number` | `8070` | no |
 | <a name="input_port_metrics"></a> [port\_metrics](#input\_port\_metrics) | Define the prometheus metrics port | `number` | `9100` | no |
-| <a name="input_port_traefik"></a> [port\_traefik](#input\_port\_traefik) | Define the traefik port | `number` | `9000` | no |
 | <a name="input_prometheus_metrics_enabled"></a> [prometheus\_metrics\_enabled](#input\_prometheus\_metrics\_enabled) | A boolean to enable/disable traefik prometheus metrics. Default is true | `bool` | `true` | no |
 | <a name="input_regex_replace_chars"></a> [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.<br>Characters matching the regex will be removed from the ID elements.<br>If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
 | <a name="input_stage"></a> [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |

main.tf

@@ -103,22 +103,36 @@ module "nlb" {
       port     = var.port_health
       protocol = "TCP"
     },
-    {
-      forward = {
-        target_group_key = 3
-      }
-      port            = 443
-      protocol        = "TLS"
-      certificate_arn = var.https_listeners_certificate_arn
-    },
-    ], var.prometheus_metrics_enabled ? [
-    {
-      forward = {
-        target_group_key = 4
-      }
-      port     = var.port_metrics
-      protocol = "TCP"
-    },
+    ],
+    var.https_listeners_certificate_arn != null ?
+    [
+      {
+        forward = {
+          target_group_key = 3
+        }
+        port            = 443
+        protocol        = "TLS"
+        certificate_arn = var.https_listeners_certificate_arn
+      },
+    ] : [
+      {
+        forward = {
+          target_group_key = 3
+        }
+        port            = 80
+        protocol        = "TCP"
+        certificate_arn = null
+      },
+    ],
+    var.prometheus_metrics_enabled ?
+    [
+      {
+        forward = {
+          target_group_key = 4
+        }
+        port     = var.port_metrics
+        protocol = "TCP"
+      },
     ] : []
   )
 
@@ -166,26 +180,28 @@ module "container_definition" {
       hostPort      = 0
       protocol      = "tcp"
     },
-    {
-      containerPort = var.port_traefik
-      hostPort      = 0
-      protocol      = "tcp"
-    },
     {
       containerPort = 8000
       hostPort      = 0
       protocol      = "tcp"
     },
-    {
-      containerPort = 8443
-      hostPort      = 0
-      protocol      = "tcp"
-    },
-    ], var.prometheus_metrics_enabled ? [{
-      containerPort = var.port_metrics
-      hostPort      = 0
-      protocol      = "tcp"
-    }] : []
+    ],
+    var.https_listeners_certificate_arn != null ?
+    [
+      {
+        containerPort = 8443
+        hostPort      = 0
+        protocol      = "tcp"
+      }
+    ] : [],
+    var.prometheus_metrics_enabled ?
+    [
+      {
+        containerPort = var.port_metrics
+        hostPort      = 0
+        protocol      = "tcp"
+      }
+    ] : []
   )
 
   docker_labels = {
@@ -198,21 +214,20 @@ module "container_definition" {
     "--entrypoints.gateway.address=:${var.port_gateway}/tcp",
     "--entrypoints.health.address=:${var.port_health}/tcp",
     "--entrypoints.metadata.address=:${var.port_metadata}/tcp",
-    "--entrypoints.traefik.address=:${var.port_traefik}/tcp",
-    "--entrypoints.websecure.address=:8443/tcp",
     "--entrypoints.web.address=:8000/tcp",
     "--ping=true",
     "--api.insecure=true",
     "--providers.ecs",
     "--providers.ecs.region=${module.this.aws_region}",
-    "--providers.ecs.autodiscoverclusters=true",
+    "--providers.ecs.clusters=${split("/", var.ecs_cluster_arn)[1]}",
     "--providers.ecs.exposedbydefault=false",
     "--providers.ecs.defaultrule=Host(`{{ index .Labels \"Application\"}}.{{ index .Labels \"Domain\"}}`)",
     ], var.prometheus_metrics_enabled ? [
     "--metrics.prometheus=${var.prometheus_metrics_enabled}",
     "--entryPoints.metrics.address=:${var.port_metrics}",
     "--metrics.prometheus.entryPoint=metrics",
-    ] : []
+    ] : [],
+    var.https_listeners_certificate_arn != null ? ["--entrypoints.websecure.address=:8443/tcp"] : []
   )
 
   log_configuration = {
@@ -284,7 +299,7 @@ module "service_task" {
       target_group_arn = module.nlb.target_groups[3].arn
       container_name   = module.ecs_label.id
       elb_name         = null
-      container_port   = 8443
+      container_port   = var.https_listeners_certificate_arn != null ? 8443 : 8000
     },
     ],
     var.prometheus_metrics_enabled ? [

variables.tf

@@ -4,24 +4,18 @@ variable "additional_vpc_id" {
   default     = []
 }
 
-variable "container_cpu" {
-  type        = number
-  description = "The number of cpu units to reserve for the container. This is optional for tasks using Fargate launch type and the total amount of container_cpu of all containers in a task will need to be lower than the task-level cpu value"
-  default     = 512
-}
-
-variable "container_memory" {
-  type        = number
-  description = "The amount of memory (in MiB) to allow the container to use. This is a hard limit, if the container attempts to exceed the container_memory, the container is killed. This field is optional for Fargate launch type and the total amount of container_memory of all containers in a task will need to be lower than the task memory value"
-  default     = 256
-}
-
 variable "cloudwatch_log_group_enabled" {
   type        = bool
   description = "A boolean to disable cloudwatch log group creation"
   default     = true
 }
 
+variable "container_cpu" {
+  type        = number
+  description = "The number of cpu units to reserve for the container. This is optional for tasks using Fargate launch type and the total amount of container_cpu of all containers in a task will need to be lower than the task-level cpu value"
+  default     = 512
+}
+
 variable "container_image_tag" {
   type        = string
   description = "The image tag used to start the container. Images in the Docker Hub registry available by default"
@@ -34,6 +28,12 @@ variable "container_image_url" {
   default     = "traefik"
 }
 
+variable "container_memory" {
+  type        = number
+  description = "The amount of memory (in MiB) to allow the container to use. This is a hard limit, if the container attempts to exceed the container_memory, the container is killed. This field is optional for Fargate launch type and the total amount of container_memory of all containers in a task will need to be lower than the task memory value"
+  default     = 256
+}
+
 variable "deployment_maximum_percent" {
   type        = number
   description = "The upper limit of the number of tasks (as a percentage of `desired_count`) that can be running in a service during a deployment"
@@ -68,12 +68,6 @@ variable "ecs_service_role_enabled" {
   default     = false
 }
 
-variable "prometheus_metrics_enabled" {
-  type        = bool
-  description = "A boolean to enable/disable traefik prometheus metrics. Default is true"
-  default     = true
-}
-
 variable "https_listeners_certificate_arn" {
   type        = string
   description = "ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS"
@@ -157,10 +151,10 @@ variable "port_metrics" {
   default     = 9100
 }
 
-variable "port_traefik" {
-  type        = number
-  description = "Define the traefik port"
-  default     = 9000
+variable "prometheus_metrics_enabled" {
+  type        = bool
+  description = "A boolean to enable/disable traefik prometheus metrics. Default is true"
+  default     = true
 }
 
 variable "subnets" {