locals {
tags = {
+ "Name" = "${var.application_name}"
"Environment" = "${var.application_name}"
}
}
]
- classic_elb_settings = [
+ elb_settings = [
{
- namespace = "aws:elb:loadbalancer"
- name = "CrossZone"
- value = var.environment_loadbalancer_crosszone
- },
- {
- namespace = "aws:elb:loadbalancer"
- name = "SecurityGroups"
- value = join(",", sort(var.environment_loadbalancer_security_groups))
- },
- {
- namespace = "aws:elb:loadbalancer"
- name = "ManagedSecurityGroup"
- value = var.environment_loadbalancer_managed_security_group
- },
- {
- namespace = "aws:elb:listener"
- name = "ListenerProtocol"
- value = "HTTP"
+ namespace = "aws:ec2:vpc"
+ name = "ELBSubnets"
+ value = join(",", [aws_subnet.subnet_a.id, aws_subnet.subnet_b.id])
},
{
- namespace = "aws:elb:listener"
- name = "InstancePort"
+ namespace = "aws:elasticbeanstalk:environment:process:default"
+ name = "Port"
value = var.environment_process_default_port
},
{
- namespace = "aws:elb:listener"
- name = "ListenerEnabled"
- value = var.default_listener_enabled || var.environment_loadbalancer_ssl_certificate_id == "" ? "true" : "false"
- },
- {
- namespace = "aws:elb:listener:443"
- name = "ListenerProtocol"
- value = "HTTPS"
- },
- {
- namespace = "aws:elb:listener:443"
- name = "InstancePort"
- value = var.environment_process_default_port
+ namespace = "aws:elasticbeanstalk:environment:process:default"
+ name = "Protocol"
+ value = var.environment_loadbalancer_type == "network" ? "TCP" : "HTTP"
},
{
- namespace = "aws:elb:listener:443"
- name = "SSLCertificateId"
- value = var.environment_loadbalancer_ssl_certificate_id
+ namespace = "aws:ec2:vpc"
+ name = "ELBScheme"
+ value = var.environment_type == "LoadBalanced" ? var.elb_scheme : ""
},
{
- namespace = "aws:elb:listener:443"
- name = "ListenerEnabled"
- value = var.environment_loadbalancer_ssl_certificate_id == "" ? "false" : "true"
+ namespace = "aws:elasticbeanstalk:environment:process:default"
+ name = "HealthCheckInterval"
+ value = var.environment_process_default_healthcheck_interval
},
{
- namespace = "aws:elb:policies"
- name = "ConnectionSettingIdleTimeout"
- value = var.loadbalancer_connection_settings_idle_timeout
+ namespace = "aws:elasticbeanstalk:environment:process:default"
+ name = "HealthyThresholdCount"
+ value = var.environment_process_default_healthy_threshold_count
},
{
- namespace = "aws:elb:policies"
- name = "ConnectionDrainingEnabled"
- value = "true"
+ namespace = "aws:elasticbeanstalk:environment:process:default"
+ name = "UnhealthyThresholdCount"
+ value = var.environment_process_default_unhealthy_threshold_count
}
]
- nlb_settings = [
+ generic_alb_settings = [
{
- namespace = "aws:elbv2:listener:default"
- name = "ListenerEnabled"
- value = var.default_listener_enabled
+ namespace = "aws:elbv2:loadbalancer"
+ name = "SecurityGroups"
+ value = join(",", sort(var.environment_loadbalancer_security_groups))
}
]
- beanstalk_elb_settings = [
+ alb_settings = [
{
- namespace = "aws:ec2:vpc"
- name = "ELBSubnets"
- value = aws_subnet.subnet.id
+ namespace = "aws:elbv2:listener:default"
+ name = "ListenerEnabled"
+ value = var.default_listener_enabled || var.environment_loadbalancer_ssl_certificate_id == "" ? "true" : "false"
},
{
- namespace = "aws:elasticbeanstalk:environment:process:default"
- name = "Port"
- value = var.environment_process_default_port
+ namespace = "aws:elbv2:loadbalancer"
+ name = "ManagedSecurityGroup"
+ value = var.environment_loadbalancer_managed_security_group
},
{
- namespace = "aws:elasticbeanstalk:environment:process:default"
+ namespace = "aws:elbv2:listener:443"
+ name = "ListenerEnabled"
+ value = var.environment_loadbalancer_ssl_certificate_id == "" ? "false" : "true"
+ },
+ {
+ namespace = "aws:elbv2:listener:443"
name = "Protocol"
- value = var.environment_loadbalancer_type == "network" ? "TCP" : "HTTP"
+ value = "HTTPS"
},
{
- namespace = "aws:ec2:vpc"
- name = "ELBScheme"
- value = var.environment_type == "LoadBalanced" ? var.elb_scheme : ""
+ namespace = "aws:elbv2:listener:443"
+ name = "SSLCertificateArns"
+ value = var.environment_loadbalancer_ssl_certificate_id
},
{
namespace = "aws:elasticbeanstalk:environment:process:default"
- name = "HealthCheckInterval"
- value = var.environment_process_default_healthcheck_interval
+ name = "HealthCheckPath"
+ value = var.application_healthcheck_url
},
{
namespace = "aws:elasticbeanstalk:environment:process:default"
- name = "HealthyThresholdCount"
- value = var.environment_process_default_healthy_threshold_count
+ name = "MatcherHTTPCode"
+ value = join(",", sort(var.default_matcher_http_code))
},
{
namespace = "aws:elasticbeanstalk:environment:process:default"
- name = "UnhealthyThresholdCount"
- value = var.environment_process_default_unhealthy_threshold_count
+ name = "HealthCheckTimeout"
+ value = var.default_health_check_timeout
+ }
+ ]
+
+ nlb_settings = [
+ {
+ namespace = "aws:elbv2:listener:default"
+ name = "ListenerEnabled"
+ value = var.default_listener_enabled
}
]
- elb_settings_nlb = var.environment_loadbalancer_type == "network" ? concat(local.nlb_settings, local.generic_elb_settings, local.beanstalk_elb_settings) : []
- elb_setting_classic = var.environment_loadbalancer_type == "classic" ? concat(local.classic_elb_settings, local.generic_elb_settings, local.beanstalk_elb_settings) : []
+
+ settings_nlb = var.environment_loadbalancer_type == "network" ? concat(local.nlb_settings, local.generic_elb_settings, local.elb_settings) : []
+ settings_alb = var.environment_loadbalancer_type == "application" ? concat(local.generic_alb_settings, local.alb_settings, local.generic_elb_settings, local.elb_settings) : []
# Full set of LoadBlanacer settings.
- elb_settings = var.environment_tier == "WebServer" ? concat(local.elb_settings_nlb, local.elb_setting_classic) : []
+ elb = var.environment_tier == "WebServer" ? concat(local.settings_nlb, local.settings_alb) : []
}
# Create elastic beanstalk VPC
}
# Create elastic beanstalk Subnets
-resource "aws_subnet" "subnet" {
+resource "aws_subnet" "subnet_a" {
depends_on = [
aws_vpc.vpc
]
- availability_zone = var.subnet_availability_zone
+ availability_zone = var.subnet_a_availability_zone
assign_ipv6_address_on_creation = true
- cidr_block = aws_vpc.vpc.cidr_block
+ cidr_block = var.subnet_a_cidr_block
ipv6_cidr_block = cidrsubnet(aws_vpc.vpc.ipv6_cidr_block, 8, 1)
map_public_ip_on_launch = true
vpc_id = aws_vpc.vpc.id
tags = local.tags
}
+resource "aws_subnet" "subnet_b" {
+ depends_on = [
+ aws_vpc.vpc
+ ]
+ availability_zone = var.subnet_b_availability_zone
+ assign_ipv6_address_on_creation = true
+ cidr_block = var.subnet_b_cidr_block
+ ipv6_cidr_block = cidrsubnet(aws_vpc.vpc.ipv6_cidr_block, 8, 2)
+ map_public_ip_on_launch = true
+ vpc_id = aws_vpc.vpc.id
+ tags = local.tags
+}
+
resource "aws_internet_gateway" "internet_gateway" {
depends_on = [
aws_vpc.vpc
resource "aws_elastic_beanstalk_environment" "environment" {
depends_on = [
aws_vpc.vpc,
- aws_subnet.subnet,
+ aws_subnet.subnet_a,
+ aws_subnet.subnet_b,
aws_ssm_activation.ec2
]
application = var.environment_application
setting {
namespace = "aws:ec2:vpc"
name = "Subnets"
- value = aws_subnet.subnet.id
+ value = join(",", [aws_subnet.subnet_a.id, aws_subnet.subnet_b.id])
}
setting {
}
dynamic "setting" {
- for_each = local.elb_settings
+ for_each = local.elb
content {
namespace = setting.value["namespace"]
name = setting.value["name"]
variable "vpc_cidr_block" {
description = "The CIDR block for the association."
type = string
- default = "192.168.0.0/24"
+ default = "10.0.0.0/16"
}
variable "vpc_enable_dns_hostnames" {
}
# Variables for elastic beanstalk Subnet
-variable "subnet_availability_zone" {
- description = "AWS availability zone"
+variable "subnet_a_availability_zone" {
+ description = "AZ for the subnet."
type = string
default = "us-east-1a"
}
+variable "subnet_a_cidr_block" {
+ description = "The IPv4 CIDR block for the subnet."
+ type = string
+ default = "10.0.0.0/20"
+}
+
+variable "subnet_b_availability_zone" {
+ description = "AZ for the subnet."
+ type = string
+ default = "us-east-1b"
+}
+
+variable "subnet_b_cidr_block" {
+ description = "The IPv4 CIDR block for the subnet."
+ type = string
+ default = "10.0.16.0/20"
+}
+
# Variables for elastic beanstalk Application
variable "environment_application" {
description = "The name of the application, must be unique within account."
default = "classic"
}
-variable "environment_loadbalancer_crosszone" {
- description = "Configure the classic load balancer to route traffic evenly across all instances in all Availability Zones rather than only within each zone."
- type = bool
- default = true
-}
-
variable "environment_loadbalancer_security_groups" {
description = "Load balancer security groups"
type = list(string)
description = "Load Balancer SSL certificate ARN. The certificate must be present in AWS Certificate Manager"
}
-variable "loadbalancer_connection_settings_idle_timeout" {
- description = "Classic load balancer only: Number of seconds that the load balancer waits for any data to be sent or received over the connection. If no data has been sent or received after this time period elapses, the load balancer closes the connection."
- type = number
- default = 60
-}
-
# aws:elasticbeanstalk:environment:process:default
variable "environment_process_default_healthcheck_interval" {
description = "The interval of time, in seconds, that Elastic Load Balancing checks the health of the Amazon EC2 instances of your application."
variable "application_healthcheck_url" {
description = "The path where health check requests are sent to."
type = string
- default = "HTTP:5000/"
+ default = "/"
+}
+
+variable "environment_listener_ssl_policy" {
+ description = "Specify a security policy to apply to the listener. This option is only applicable to environments with an application load balancer."
+ type = string
+ default = ""
+}
+
+variable "default_matcher_http_code" {
+ description = "List of HTTP codes that indicate that an instance is healthy. Note that this option is only applicable to environments with a network or application load balancer."
+ type = list(string)
+ default = ["200"]
+}
+
+variable "default_health_check_timeout" {
+ description = "The amount of time, in seconds, to wait for a response during a health check. Note that this option is only applicable to environments with an application load balancer"
+ type = number
+ default = 5
}
# aws:elasticbeanstalk:command
Code Review / csit.git / commitdiff