-
Notifications
You must be signed in to change notification settings - Fork 0
/
load-balancer.tf
76 lines (65 loc) · 2.08 KB
/
load-balancer.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
resource "aws_alb_listener" "listener" {
load_balancer_arn = var.alb_arn
port = local.web_port
protocol = "HTTPS"
ssl_policy = "ELBSecurityPolicy-2016-08"
certificate_arn = aws_acm_certificate.for_webserver.arn
default_action {
type = "fixed-response"
fixed_response {
content_type = "text/plain"
message_body = "The mailhog is out hunting for truffles."
status_code = "502"
}
}
}
# So TF knows when to re-generate the target group name
resource "random_id" "target_group_id" {
keepers = {
vpc_id = var.vpc_id
}
byte_length = 4
}
# Group of targets (EC2s, Lambdas, Containers, etc) traffic is sent to based on rules
resource "aws_alb_target_group" "webserver" {
name = "${local.full_name_slug}-${random_id.target_group_id.hex}"
port = local.web_port
protocol = "HTTP"
deregistration_delay = 90
vpc_id = var.vpc_id
target_type = "ip"
health_check {
healthy_threshold = 3
unhealthy_threshold = 3
timeout = 5
interval = 60
path = "/"
matcher = 200
}
lifecycle {
create_before_destroy = true
}
}
resource "aws_alb_listener_rule" "to_ecs" {
listener_arn = aws_alb_listener.listener.arn
action {
type = "authenticate-oidc"
authenticate_oidc {
client_id = var.oidc_client_id
client_secret = var.oidc_secret
authorization_endpoint = "https://login.microsoftonline.com/7d76d361-8277-4708-a477-64e8366cd1bc/oauth2/v2.0/authorize"
issuer = "https://login.microsoftonline.com/7d76d361-8277-4708-a477-64e8366cd1bc/v2.0"
token_endpoint = "https://login.microsoftonline.com/7d76d361-8277-4708-a477-64e8366cd1bc/oauth2/v2.0/token"
user_info_endpoint = "https://graph.microsoft.com/oidc/userinfo"
}
}
action {
type = "forward"
target_group_arn = aws_alb_target_group.webserver.arn
}
condition {
host_header {
values = [var.hostname]
}
}
}