X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=fdio.infra.terraform%2Fterraform-aws-elastic-beanstalk-environment%2Fmain.tf;h=44373ed4deedbca116300edcd33d1630baf00a5d;hb=a4ccb8a9e56e9e3b4db9dd13851f908196ee32a7;hp=fa33b13133fc8489b3f17cf32e2532e8dd249ccf;hpb=e31069553a47428fa4ec1920fe6519bba8a876d2;p=csit.git

diff --git a/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/main.tf b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/main.tf
index fa33b13133..44373ed4de 100644
--- a/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/main.tf
+++ b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/main.tf
@@ -1,5 +1,6 @@
 locals {
   tags = {
+    "Name"        = "${var.application_name}"
     "Environment" = "${var.application_name}"
   }
 
@@ -12,119 +13,108 @@ locals {
     }
   ]
 
-  classic_elb_settings = [
+  elb_settings = [
     {
-      namespace = "aws:elb:loadbalancer"
-      name      = "CrossZone"
-      value     = var.environment_loadbalancer_crosszone
-    },
-    {
-      namespace = "aws:elb:loadbalancer"
-      name      = "SecurityGroups"
-      value     = join(",", sort(var.environment_loadbalancer_security_groups))
-    },
-    {
-      namespace = "aws:elb:loadbalancer"
-      name      = "ManagedSecurityGroup"
-      value     = var.environment_loadbalancer_managed_security_group
-    },
-    {
-      namespace = "aws:elb:listener"
-      name      = "ListenerProtocol"
-      value     = "HTTP"
+      namespace = "aws:ec2:vpc"
+      name      = "ELBSubnets"
+      value     = join(",", [aws_subnet.subnet_a.id, aws_subnet.subnet_b.id])
     },
     {
-      namespace = "aws:elb:listener"
-      name      = "InstancePort"
+      namespace = "aws:elasticbeanstalk:environment:process:default"
+      name      = "Port"
       value     = var.environment_process_default_port
     },
     {
-      namespace = "aws:elb:listener"
-      name      = "ListenerEnabled"
-      value     = var.default_listener_enabled || var.environment_loadbalancer_ssl_certificate_id == "" ? "true" : "false"
-    },
-    {
-      namespace = "aws:elb:listener:443"
-      name      = "ListenerProtocol"
-      value     = "HTTPS"
-    },
-    {
-      namespace = "aws:elb:listener:443"
-      name      = "InstancePort"
-      value     = var.environment_process_default_port
+      namespace = "aws:elasticbeanstalk:environment:process:default"
+      name      = "Protocol"
+      value     = var.environment_loadbalancer_type == "network" ? "TCP" : "HTTP"
     },
     {
-      namespace = "aws:elb:listener:443"
-      name      = "SSLCertificateId"
-      value     = var.environment_loadbalancer_ssl_certificate_id
+      namespace = "aws:ec2:vpc"
+      name      = "ELBScheme"
+      value     = var.environment_type == "LoadBalanced" ? var.elb_scheme : ""
     },
     {
-      namespace = "aws:elb:listener:443"
-      name      = "ListenerEnabled"
-      value     = var.environment_loadbalancer_ssl_certificate_id == "" ? "false" : "true"
+      namespace = "aws:elasticbeanstalk:environment:process:default"
+      name      = "HealthCheckInterval"
+      value     = var.environment_process_default_healthcheck_interval
     },
     {
-      namespace = "aws:elb:policies"
-      name      = "ConnectionSettingIdleTimeout"
-      value     = var.loadbalancer_connection_settings_idle_timeout
+      namespace = "aws:elasticbeanstalk:environment:process:default"
+      name      = "HealthyThresholdCount"
+      value     = var.environment_process_default_healthy_threshold_count
     },
     {
-      namespace = "aws:elb:policies"
-      name      = "ConnectionDrainingEnabled"
-      value     = "true"
+      namespace = "aws:elasticbeanstalk:environment:process:default"
+      name      = "UnhealthyThresholdCount"
+      value     = var.environment_process_default_unhealthy_threshold_count
     }
   ]
 
-  nlb_settings = [
+  generic_alb_settings = [
     {
-      namespace = "aws:elbv2:listener:default"
-      name      = "ListenerEnabled"
-      value     = var.default_listener_enabled
+      namespace = "aws:elbv2:loadbalancer"
+      name      = "SecurityGroups"
+      value     = join(",", sort(var.environment_loadbalancer_security_groups))
     }
   ]
 
-  beanstalk_elb_settings = [
+  alb_settings = [
     {
-      namespace = "aws:ec2:vpc"
-      name      = "ELBSubnets"
-      value     = aws_subnet.subnet.id
+      namespace = "aws:elbv2:listener:default"
+      name      = "ListenerEnabled"
+      value     = var.default_listener_enabled || var.environment_loadbalancer_ssl_certificate_id == "" ? "true" : "false"
     },
     {
-      namespace = "aws:elasticbeanstalk:environment:process:default"
-      name      = "Port"
-      value     = var.environment_process_default_port
+      namespace = "aws:elbv2:loadbalancer"
+      name      = "ManagedSecurityGroup"
+      value     = var.environment_loadbalancer_managed_security_group
     },
     {
-      namespace = "aws:elasticbeanstalk:environment:process:default"
+      namespace = "aws:elbv2:listener:443"
+      name      = "ListenerEnabled"
+      value     = var.environment_loadbalancer_ssl_certificate_id == "" ? "false" : "true"
+    },
+    {
+      namespace = "aws:elbv2:listener:443"
       name      = "Protocol"
-      value     = var.environment_loadbalancer_type == "network" ? "TCP" : "HTTP"
+      value     = "HTTPS"
     },
     {
-      namespace = "aws:ec2:vpc"
-      name      = "ELBScheme"
-      value     = var.environment_type == "LoadBalanced" ? var.elb_scheme : ""
+      namespace = "aws:elbv2:listener:443"
+      name      = "SSLCertificateArns"
+      value     = var.environment_loadbalancer_ssl_certificate_id
     },
     {
       namespace = "aws:elasticbeanstalk:environment:process:default"
-      name      = "HealthCheckInterval"
-      value     = var.environment_process_default_healthcheck_interval
+      name      = "HealthCheckPath"
+      value     = var.application_healthcheck_url
     },
     {
       namespace = "aws:elasticbeanstalk:environment:process:default"
-      name      = "HealthyThresholdCount"
-      value     = var.environment_process_default_healthy_threshold_count
+      name      = "MatcherHTTPCode"
+      value     = join(",", sort(var.default_matcher_http_code))
     },
     {
       namespace = "aws:elasticbeanstalk:environment:process:default"
-      name      = "UnhealthyThresholdCount"
-      value     = var.environment_process_default_unhealthy_threshold_count
+      name      = "HealthCheckTimeout"
+      value     = var.default_health_check_timeout
+    }
+  ]
+
+  nlb_settings = [
+    {
+      namespace = "aws:elbv2:listener:default"
+      name      = "ListenerEnabled"
+      value     = var.default_listener_enabled
     }
   ]
-  elb_settings_nlb    = var.environment_loadbalancer_type == "network" ? concat(local.nlb_settings, local.generic_elb_settings, local.beanstalk_elb_settings) : []
-  elb_setting_classic = var.environment_loadbalancer_type == "classic" ? concat(local.classic_elb_settings, local.generic_elb_settings, local.beanstalk_elb_settings) : []
+
+  settings_nlb = var.environment_loadbalancer_type == "network" ? concat(local.nlb_settings, local.generic_elb_settings, local.elb_settings) : []
+  settings_alb = var.environment_loadbalancer_type == "application" ? concat(local.generic_alb_settings, local.alb_settings, local.generic_elb_settings, local.elb_settings) : []
 
   # Full set of LoadBlanacer settings.
-  elb_settings = var.environment_tier == "WebServer" ? concat(local.elb_settings_nlb, local.elb_setting_classic) : []
+  elb = var.environment_tier == "WebServer" ? concat(local.settings_nlb, local.settings_alb) : []
 }
 
 # Create elastic beanstalk VPC
@@ -138,19 +128,32 @@ resource "aws_vpc" "vpc" {
 }
 
 # Create elastic beanstalk Subnets
-resource "aws_subnet" "subnet" {
+resource "aws_subnet" "subnet_a" {
   depends_on = [
     aws_vpc.vpc
   ]
-  availability_zone               = var.subnet_availability_zone
+  availability_zone               = var.subnet_a_availability_zone
   assign_ipv6_address_on_creation = true
-  cidr_block                      = aws_vpc.vpc.cidr_block
+  cidr_block                      = var.subnet_a_cidr_block
   ipv6_cidr_block                 = cidrsubnet(aws_vpc.vpc.ipv6_cidr_block, 8, 1)
   map_public_ip_on_launch         = true
   vpc_id                          = aws_vpc.vpc.id
   tags                            = local.tags
 }
 
+resource "aws_subnet" "subnet_b" {
+  depends_on = [
+    aws_vpc.vpc
+  ]
+  availability_zone               = var.subnet_b_availability_zone
+  assign_ipv6_address_on_creation = true
+  cidr_block                      = var.subnet_b_cidr_block
+  ipv6_cidr_block                 = cidrsubnet(aws_vpc.vpc.ipv6_cidr_block, 8, 2)
+  map_public_ip_on_launch         = true
+  vpc_id                          = aws_vpc.vpc.id
+  tags                            = local.tags
+}
+
 resource "aws_internet_gateway" "internet_gateway" {
   depends_on = [
     aws_vpc.vpc
@@ -430,7 +433,8 @@ resource "aws_iam_role_policy" "default" {
 resource "aws_elastic_beanstalk_environment" "environment" {
   depends_on = [
     aws_vpc.vpc,
-    aws_subnet.subnet,
+    aws_subnet.subnet_a,
+    aws_subnet.subnet_b,
     aws_ssm_activation.ec2
   ]
   application            = var.environment_application
@@ -459,7 +463,7 @@ resource "aws_elastic_beanstalk_environment" "environment" {
   setting {
     namespace = "aws:ec2:vpc"
     name      = "Subnets"
-    value     = aws_subnet.subnet.id
+    value     = join(",", [aws_subnet.subnet_a.id, aws_subnet.subnet_b.id])
   }
 
   setting {
@@ -488,7 +492,7 @@ resource "aws_elastic_beanstalk_environment" "environment" {
   }
 
   dynamic "setting" {
-    for_each = local.elb_settings
+    for_each = local.elb
     content {
       namespace = setting.value["namespace"]
       name      = setting.value["name"]