diff --git a/README.md b/README.md index 278d148..1b346af 100644 --- a/README.md +++ b/README.md @@ -46,7 +46,7 @@ In addition you have the option to create or not : | Name | Version | |------|---------| -| terraform | >= 0.13 | +| terraform | >= 1.3 | | aws | >= 4.0.0 | ## Providers @@ -67,6 +67,7 @@ In addition you have the option to create or not : | alarm\_prefix | String prefix for cloudwatch alarms. (Optional) | `string` | `"alarm"` | no | | alarm\_sns\_topics | Alarm topics to create and alert on ECS service metrics. Leaving empty disables all alarms. | `list` | `[]` | no | | alb\_arn | ALB ARN created by ECS cluster module | `any` | n/a | yes | +| alb\_custom\_rules | Custom loadbalance listener rule to be added with this application target group | 
list(object({
    name        = optional(string)
    paths       = optional(list(string), [])
    hostnames   = optional(list(string), [])
    source_ips  = optional(list(string), [])
    http_header = optional(list(string), [])
    priority    = optional(number)
  }))
| `[]` | no | | alb\_dns\_name | ALB DNS Name | `string` | `""` | no | | alb\_listener\_https\_arn | ALB HTTPS Listener created by ECS cluster module | `any` | n/a | yes | | alb\_name | ALB name - Required if it is an internal one | `string` | `""` | no | diff --git a/_variables.tf b/_variables.tf index a9b130c..dd3ad6e 100644 --- a/_variables.tf +++ b/_variables.tf @@ -507,4 +507,17 @@ variable "readonlyrootfilesystem" { type = bool default = false description = "Enable ready only access to root File ssystem." -} \ No newline at end of file +} + +variable "alb_custom_rules" { + type = list(object({ + name = optional(string) + paths = optional(list(string), []) + hostnames = optional(list(string), []) + source_ips = optional(list(string), []) + http_header = optional(list(string), []) + priority = optional(number) + })) + default = [] + description = "Custom loadbalance listener rule to be added with this application target group" +} diff --git a/alb-listener-custom-rules.tf b/alb-listener-custom-rules.tf new file mode 100644 index 0000000..083d9e4 --- /dev/null +++ b/alb-listener-custom-rules.tf @@ -0,0 +1,58 @@ +resource "aws_lb_listener_rule" "custom" { + + for_each = { for rule in try(var.alb_custom_rules, []) : rule.name => rule } + + + tags = merge({ "Name" = each.value.name }, var.tags, { "Terraform" = true }) + listener_arn = var.alb_listener_https_arn + + action { + type = "forward" + target_group_arn = aws_lb_target_group.green.arn + } + + dynamic "condition" { + for_each = try(length(each.value.paths), 0) > 0 ? [each.value.paths] : [] + content { + path_pattern { values = toset(condition.value) } + } + } + + dynamic "condition" { + for_each = try(length(each.value.hostnames), 0) > 0 ? [each.value.hostnames] : [] + content { + host_header { values = toset(condition.value) } + } + } + + dynamic "condition" { + for_each = try(length(each.value.source_ips), 0) > 0 ? [each.value.source_ips] : [] + content { + source_ip { values = toset(condition.value) } + } + } + + dynamic "condition" { + for_each = try(each.value.http_header, []) + content { + http_header { + http_header_name = condition.value.name + values = condition.value.values + } + } + } + + lifecycle { + ignore_changes = [action[0].target_group_arn] + replace_triggered_by = [aws_lb_target_group.green] + } + + priority = try( + aws_lb_listener_rule.path_redirects[length(aws_lb_listener_rule.path_redirects) - 1].priority + 1, + try( + aws_lb_listener_rule.green_auth_oidc[0].priority + 1, each.value.priority != 0 ? each.value.priority : null + ) + ) + + +} diff --git a/versions.tf b/versions.tf index 136708a..8fbb854 100644 --- a/versions.tf +++ b/versions.tf @@ -1,9 +1,9 @@ terraform { - required_version = ">= 0.13" + required_version = ">= 1.3" required_providers { aws = { source = "hashicorp/aws" version = ">= 4.0.0" } } -} \ No newline at end of file +}