Signed-off-by: pmikus <peter.mikus@protonmail.ch>
Change-Id: I315d91e68ed3f626b399cf1bb237859f7cadc9ff
+ "Name" = "${var.application_name}"
"Environment" = "${var.application_name}"
}
"Environment" = "${var.application_name}"
}
- classic_elb_settings = [
- namespace = "aws:elb:loadbalancer"
- name = "CrossZone"
- value = var.environment_loadbalancer_crosszone
- },
- {
- namespace = "aws:elb:loadbalancer"
- name = "SecurityGroups"
- value = join(",", sort(var.environment_loadbalancer_security_groups))
- },
- {
- namespace = "aws:elb:loadbalancer"
- name = "ManagedSecurityGroup"
- value = var.environment_loadbalancer_managed_security_group
- },
- {
- namespace = "aws:elb:listener"
- name = "ListenerProtocol"
- value = "HTTP"
+ namespace = "aws:ec2:vpc"
+ name = "ELBSubnets"
+ value = join(",", [aws_subnet.subnet_a.id, aws_subnet.subnet_b.id])
- namespace = "aws:elb:listener"
- name = "InstancePort"
+ namespace = "aws:elasticbeanstalk:environment:process:default"
+ name = "Port"
value = var.environment_process_default_port
},
{
value = var.environment_process_default_port
},
{
- namespace = "aws:elb:listener"
- name = "ListenerEnabled"
- value = var.default_listener_enabled || var.environment_loadbalancer_ssl_certificate_id == "" ? "true" : "false"
- },
- {
- namespace = "aws:elb:listener:443"
- name = "ListenerProtocol"
- value = "HTTPS"
- },
- {
- namespace = "aws:elb:listener:443"
- name = "InstancePort"
- value = var.environment_process_default_port
+ namespace = "aws:elasticbeanstalk:environment:process:default"
+ name = "Protocol"
+ value = var.environment_loadbalancer_type == "network" ? "TCP" : "HTTP"
- namespace = "aws:elb:listener:443"
- name = "SSLCertificateId"
- value = var.environment_loadbalancer_ssl_certificate_id
+ namespace = "aws:ec2:vpc"
+ name = "ELBScheme"
+ value = var.environment_type == "LoadBalanced" ? var.elb_scheme : ""
- namespace = "aws:elb:listener:443"
- name = "ListenerEnabled"
- value = var.environment_loadbalancer_ssl_certificate_id == "" ? "false" : "true"
+ namespace = "aws:elasticbeanstalk:environment:process:default"
+ name = "HealthCheckInterval"
+ value = var.environment_process_default_healthcheck_interval
- namespace = "aws:elb:policies"
- name = "ConnectionSettingIdleTimeout"
- value = var.loadbalancer_connection_settings_idle_timeout
+ namespace = "aws:elasticbeanstalk:environment:process:default"
+ name = "HealthyThresholdCount"
+ value = var.environment_process_default_healthy_threshold_count
- namespace = "aws:elb:policies"
- name = "ConnectionDrainingEnabled"
- value = "true"
+ namespace = "aws:elasticbeanstalk:environment:process:default"
+ name = "UnhealthyThresholdCount"
+ value = var.environment_process_default_unhealthy_threshold_count
+ generic_alb_settings = [
- namespace = "aws:elbv2:listener:default"
- name = "ListenerEnabled"
- value = var.default_listener_enabled
+ namespace = "aws:elbv2:loadbalancer"
+ name = "SecurityGroups"
+ value = join(",", sort(var.environment_loadbalancer_security_groups))
- beanstalk_elb_settings = [
- namespace = "aws:ec2:vpc"
- name = "ELBSubnets"
- value = aws_subnet.subnet.id
+ namespace = "aws:elbv2:listener:default"
+ name = "ListenerEnabled"
+ value = var.default_listener_enabled || var.environment_loadbalancer_ssl_certificate_id == "" ? "true" : "false"
- namespace = "aws:elasticbeanstalk:environment:process:default"
- name = "Port"
- value = var.environment_process_default_port
+ namespace = "aws:elbv2:loadbalancer"
+ name = "ManagedSecurityGroup"
+ value = var.environment_loadbalancer_managed_security_group
- namespace = "aws:elasticbeanstalk:environment:process:default"
+ namespace = "aws:elbv2:listener:443"
+ name = "ListenerEnabled"
+ value = var.environment_loadbalancer_ssl_certificate_id == "" ? "false" : "true"
+ },
+ {
+ namespace = "aws:elbv2:listener:443"
- value = var.environment_loadbalancer_type == "network" ? "TCP" : "HTTP"
- namespace = "aws:ec2:vpc"
- name = "ELBScheme"
- value = var.environment_type == "LoadBalanced" ? var.elb_scheme : ""
+ namespace = "aws:elbv2:listener:443"
+ name = "SSLCertificateArns"
+ value = var.environment_loadbalancer_ssl_certificate_id
},
{
namespace = "aws:elasticbeanstalk:environment:process:default"
},
{
namespace = "aws:elasticbeanstalk:environment:process:default"
- name = "HealthCheckInterval"
- value = var.environment_process_default_healthcheck_interval
+ name = "HealthCheckPath"
+ value = var.application_healthcheck_url
},
{
namespace = "aws:elasticbeanstalk:environment:process:default"
},
{
namespace = "aws:elasticbeanstalk:environment:process:default"
- name = "HealthyThresholdCount"
- value = var.environment_process_default_healthy_threshold_count
+ name = "MatcherHTTPCode"
+ value = join(",", sort(var.default_matcher_http_code))
},
{
namespace = "aws:elasticbeanstalk:environment:process:default"
},
{
namespace = "aws:elasticbeanstalk:environment:process:default"
- name = "UnhealthyThresholdCount"
- value = var.environment_process_default_unhealthy_threshold_count
+ name = "HealthCheckTimeout"
+ value = var.default_health_check_timeout
+ }
+ ]
+
+ nlb_settings = [
+ {
+ namespace = "aws:elbv2:listener:default"
+ name = "ListenerEnabled"
+ value = var.default_listener_enabled
- elb_settings_nlb = var.environment_loadbalancer_type == "network" ? concat(local.nlb_settings, local.generic_elb_settings, local.beanstalk_elb_settings) : []
- elb_setting_classic = var.environment_loadbalancer_type == "classic" ? concat(local.classic_elb_settings, local.generic_elb_settings, local.beanstalk_elb_settings) : []
+
+ settings_nlb = var.environment_loadbalancer_type == "network" ? concat(local.nlb_settings, local.generic_elb_settings, local.elb_settings) : []
+ settings_alb = var.environment_loadbalancer_type == "application" ? concat(local.generic_alb_settings, local.alb_settings, local.generic_elb_settings, local.elb_settings) : []
# Full set of LoadBlanacer settings.
# Full set of LoadBlanacer settings.
- elb_settings = var.environment_tier == "WebServer" ? concat(local.elb_settings_nlb, local.elb_setting_classic) : []
+ elb = var.environment_tier == "WebServer" ? concat(local.settings_nlb, local.settings_alb) : []
}
# Create elastic beanstalk VPC
}
# Create elastic beanstalk VPC
}
# Create elastic beanstalk Subnets
}
# Create elastic beanstalk Subnets
-resource "aws_subnet" "subnet" {
+resource "aws_subnet" "subnet_a" {
depends_on = [
aws_vpc.vpc
]
depends_on = [
aws_vpc.vpc
]
- availability_zone = var.subnet_availability_zone
+ availability_zone = var.subnet_a_availability_zone
assign_ipv6_address_on_creation = true
assign_ipv6_address_on_creation = true
- cidr_block = aws_vpc.vpc.cidr_block
+ cidr_block = var.subnet_a_cidr_block
ipv6_cidr_block = cidrsubnet(aws_vpc.vpc.ipv6_cidr_block, 8, 1)
map_public_ip_on_launch = true
vpc_id = aws_vpc.vpc.id
tags = local.tags
}
ipv6_cidr_block = cidrsubnet(aws_vpc.vpc.ipv6_cidr_block, 8, 1)
map_public_ip_on_launch = true
vpc_id = aws_vpc.vpc.id
tags = local.tags
}
+resource "aws_subnet" "subnet_b" {
+ depends_on = [
+ aws_vpc.vpc
+ ]
+ availability_zone = var.subnet_b_availability_zone
+ assign_ipv6_address_on_creation = true
+ cidr_block = var.subnet_b_cidr_block
+ ipv6_cidr_block = cidrsubnet(aws_vpc.vpc.ipv6_cidr_block, 8, 2)
+ map_public_ip_on_launch = true
+ vpc_id = aws_vpc.vpc.id
+ tags = local.tags
+}
+
resource "aws_internet_gateway" "internet_gateway" {
depends_on = [
aws_vpc.vpc
resource "aws_internet_gateway" "internet_gateway" {
depends_on = [
aws_vpc.vpc
resource "aws_elastic_beanstalk_environment" "environment" {
depends_on = [
aws_vpc.vpc,
resource "aws_elastic_beanstalk_environment" "environment" {
depends_on = [
aws_vpc.vpc,
+ aws_subnet.subnet_a,
+ aws_subnet.subnet_b,
aws_ssm_activation.ec2
]
application = var.environment_application
aws_ssm_activation.ec2
]
application = var.environment_application
setting {
namespace = "aws:ec2:vpc"
name = "Subnets"
setting {
namespace = "aws:ec2:vpc"
name = "Subnets"
- value = aws_subnet.subnet.id
+ value = join(",", [aws_subnet.subnet_a.id, aws_subnet.subnet_b.id])
- for_each = local.elb_settings
content {
namespace = setting.value["namespace"]
name = setting.value["name"]
content {
namespace = setting.value["namespace"]
name = setting.value["name"]
variable "vpc_cidr_block" {
description = "The CIDR block for the association."
type = string
variable "vpc_cidr_block" {
description = "The CIDR block for the association."
type = string
- default = "192.168.0.0/24"
+ default = "10.0.0.0/16"
}
variable "vpc_enable_dns_hostnames" {
}
variable "vpc_enable_dns_hostnames" {
}
# Variables for elastic beanstalk Subnet
}
# Variables for elastic beanstalk Subnet
-variable "subnet_availability_zone" {
- description = "AWS availability zone"
+variable "subnet_a_availability_zone" {
+ description = "AZ for the subnet."
type = string
default = "us-east-1a"
}
type = string
default = "us-east-1a"
}
+variable "subnet_a_cidr_block" {
+ description = "The IPv4 CIDR block for the subnet."
+ type = string
+ default = "10.0.0.0/20"
+}
+
+variable "subnet_b_availability_zone" {
+ description = "AZ for the subnet."
+ type = string
+ default = "us-east-1b"
+}
+
+variable "subnet_b_cidr_block" {
+ description = "The IPv4 CIDR block for the subnet."
+ type = string
+ default = "10.0.16.0/20"
+}
+
# Variables for elastic beanstalk Application
variable "environment_application" {
description = "The name of the application, must be unique within account."
# Variables for elastic beanstalk Application
variable "environment_application" {
description = "The name of the application, must be unique within account."
-variable "environment_loadbalancer_crosszone" {
- description = "Configure the classic load balancer to route traffic evenly across all instances in all Availability Zones rather than only within each zone."
- type = bool
- default = true
-}
-
variable "environment_loadbalancer_security_groups" {
description = "Load balancer security groups"
type = list(string)
variable "environment_loadbalancer_security_groups" {
description = "Load balancer security groups"
type = list(string)
description = "Load Balancer SSL certificate ARN. The certificate must be present in AWS Certificate Manager"
}
description = "Load Balancer SSL certificate ARN. The certificate must be present in AWS Certificate Manager"
}
-variable "loadbalancer_connection_settings_idle_timeout" {
- description = "Classic load balancer only: Number of seconds that the load balancer waits for any data to be sent or received over the connection. If no data has been sent or received after this time period elapses, the load balancer closes the connection."
- type = number
- default = 60
-}
-
# aws:elasticbeanstalk:environment:process:default
variable "environment_process_default_healthcheck_interval" {
description = "The interval of time, in seconds, that Elastic Load Balancing checks the health of the Amazon EC2 instances of your application."
# aws:elasticbeanstalk:environment:process:default
variable "environment_process_default_healthcheck_interval" {
description = "The interval of time, in seconds, that Elastic Load Balancing checks the health of the Amazon EC2 instances of your application."
variable "application_healthcheck_url" {
description = "The path where health check requests are sent to."
type = string
variable "application_healthcheck_url" {
description = "The path where health check requests are sent to."
type = string
+ default = "/"
+}
+
+variable "environment_listener_ssl_policy" {
+ description = "Specify a security policy to apply to the listener. This option is only applicable to environments with an application load balancer."
+ type = string
+ default = ""
+}
+
+variable "default_matcher_http_code" {
+ description = "List of HTTP codes that indicate that an instance is healthy. Note that this option is only applicable to environments with a network or application load balancer."
+ type = list(string)
+ default = ["200"]
+}
+
+variable "default_health_check_timeout" {
+ description = "The amount of time, in seconds, to wait for a response during a health check. Note that this option is only applicable to environments with an application load balancer"
+ type = number
+ default = 5
}
# aws:elasticbeanstalk:command
}
# aws:elasticbeanstalk:command
source = "../terraform-aws-elastic-beanstalk-environment"
# vpc
source = "../terraform-aws-elastic-beanstalk-environment"
# vpc
- vpc_cidr_block = "192.168.0.0/24"
+ vpc_cidr_block = "10.0.0.0/16"
vpc_enable_dns_hostnames = true
vpc_enable_dns_support = true
vpc_instance_tenancy = "default"
# subnet
vpc_enable_dns_hostnames = true
vpc_enable_dns_support = true
vpc_instance_tenancy = "default"
# subnet
- subnet_availability_zone = "eu-central-1a"
+ subnet_a_availability_zone = "eu-central-1a"
+ subnet_a_cidr_block = "10.0.0.0/20"
+ subnet_b_availability_zone = "eu-central-1b"
+ subnet_b_cidr_block = "10.0.16.0/20"
# environment
environment_application = module.elastic_beanstalk_application.application_name
# environment
environment_application = module.elastic_beanstalk_application.application_name
environment_version_label = ""
# aws:ec2:instances
environment_version_label = ""
# aws:ec2:instances
- instances_instance_types = "t3a.large"
+ instances_instance_types = "t3a.2xlarge"
# aws:ec2:vpc
associate_public_ip_address = true
# aws:ec2:vpc
associate_public_ip_address = true
default_listener_enabled = true
# aws:elasticbeanstalk:environment
default_listener_enabled = true
# aws:elasticbeanstalk:environment
- environment_loadbalancer_type = "classic"
+ environment_loadbalancer_type = "application"
environment_loadbalancer_ssl_certificate_id = "arn:aws:acm:eu-central-1:407116685360:certificate/737ad419-36f1-460d-919a-9110b0aac26a"
# aws:elasticbeanstalk:environment:process:default
environment_loadbalancer_ssl_certificate_id = "arn:aws:acm:eu-central-1:407116685360:certificate/737ad419-36f1-460d-919a-9110b0aac26a"
# aws:elasticbeanstalk:environment:process:default
Code Review / csit.git / commitdiff