Merge pull request #56 from DNXLabs/feature/custom_listener_rules

Feature/custom listener rules

README.md

@@ -46,7 +46,7 @@ In addition you have the option to create or not :
 
 | Name | Version |
 |------|---------|
-| terraform | >= 0.13 |
+| terraform | >= 1.3 |
 | aws | >= 4.0.0 |
 
 ## Providers
@@ -67,6 +67,7 @@ In addition you have the option to create or not :
 | alarm\_prefix | String prefix for cloudwatch alarms. (Optional) | `string` | `"alarm"` | no |
 | alarm\_sns\_topics | Alarm topics to create and alert on ECS service metrics. Leaving empty disables all alarms. | `list` | `[]` | no |
 | alb\_arn | ALB ARN created by ECS cluster module | `any` | n/a | yes |
+| alb\_custom\_rules | Custom loadbalance listener rule to be added with this application target group | <pre>list(object({<br>    name        = optional(string)<br>    paths       = optional(list(string), [])<br>    hostnames   = optional(list(string), [])<br>    source_ips  = optional(list(string), [])<br>    http_header = optional(list(string), [])<br>    priority    = optional(number)<br>  }))</pre> | `[]` | no |
 | alb\_dns\_name | ALB DNS Name | `string` | `""` | no |
 | alb\_listener\_https\_arn | ALB HTTPS Listener created by ECS cluster module | `any` | n/a | yes |
 | alb\_name | ALB name - Required if it is an internal one | `string` | `""` | no |

_variables.tf

@@ -507,4 +507,17 @@ variable "readonlyrootfilesystem" {
   type        = bool
   default     = false
   description = "Enable ready only access to root File ssystem."
-}
+}
+
+variable "alb_custom_rules" {
+  type = list(object({
+    name        = optional(string)
+    paths       = optional(list(string), [])
+    hostnames   = optional(list(string), [])
+    source_ips  = optional(list(string), [])
+    http_header = optional(list(string), [])
+    priority    = optional(number)
+  }))
+  default     = []
+  description = "Custom loadbalance listener rule to be added with this application target group"
+}

alb-listener-custom-rules.tf

@@ -0,0 +1,58 @@
+resource "aws_lb_listener_rule" "custom" {
+
+  for_each = { for rule in try(var.alb_custom_rules, []) : rule.name => rule }
+
+
+  tags         = merge({ "Name" = each.value.name }, var.tags, { "Terraform" = true })
+  listener_arn = var.alb_listener_https_arn
+
+  action {
+    type             = "forward"
+    target_group_arn = aws_lb_target_group.green.arn
+  }
+
+  dynamic "condition" {
+    for_each = try(length(each.value.paths), 0) > 0 ? [each.value.paths] : []
+    content {
+      path_pattern { values = toset(condition.value) }
+    }
+  }
+
+  dynamic "condition" {
+    for_each = try(length(each.value.hostnames), 0) > 0 ? [each.value.hostnames] : []
+    content {
+      host_header { values = toset(condition.value) }
+    }
+  }
+
+  dynamic "condition" {
+    for_each = try(length(each.value.source_ips), 0) > 0 ? [each.value.source_ips] : []
+    content {
+      source_ip { values = toset(condition.value) }
+    }
+  }
+
+  dynamic "condition" {
+    for_each = try(each.value.http_header, [])
+    content {
+      http_header {
+        http_header_name = condition.value.name
+        values           = condition.value.values
+      }
+    }
+  }
+
+  lifecycle {
+    ignore_changes       = [action[0].target_group_arn]
+    replace_triggered_by = [aws_lb_target_group.green]
+  }
+
+  priority = try(
+    aws_lb_listener_rule.path_redirects[length(aws_lb_listener_rule.path_redirects) - 1].priority + 1,
+    try(
+      aws_lb_listener_rule.green_auth_oidc[0].priority + 1, each.value.priority != 0 ? each.value.priority : null
+    )
+  )
+
+
+}

versions.tf

@@ -1,9 +1,9 @@
 terraform {
-  required_version = ">= 0.13"
+  required_version = ">= 1.3"
   required_providers {
     aws = {
       source  = "hashicorp/aws"
       version = ">= 4.0.0"
     }
   }
-}
+}