-
Notifications
You must be signed in to change notification settings - Fork 25
/
elb_apps.tf
139 lines (119 loc) · 3.41 KB
/
elb_apps.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
resource "aws_lb" "cf_apps" {
name = "${var.stack_description}-cloudfoundry-apps"
subnets = var.elb_subnets
security_groups = var.elb_security_groups
ip_address_type = "dualstack"
idle_timeout = 3600
enable_deletion_protection = true
access_logs {
bucket = var.log_bucket_name
prefix = var.stack_description
enabled = true
}
}
resource "aws_lb_target_group" "cf_apps_target_https" {
name = "${var.stack_description}-cf-apps-https"
port = 443
protocol = "HTTPS"
vpc_id = var.vpc_id
health_check {
healthy_threshold = 2
interval = 5
port = 81
timeout = 4
unhealthy_threshold = 3
matcher = 200
}
}
resource "aws_lb_target_group" "cf_gr_apps_target_https" {
name = "${var.stack_description}-cf-gr-apps-https"
port = 10443
protocol = "HTTPS"
vpc_id = var.vpc_id
health_check {
healthy_threshold = 2
interval = 5
port = 8443
timeout = 4
unhealthy_threshold = 3
matcher = 200
protocol = "HTTPS"
path = "/health"
}
}
resource "aws_lb_listener" "cf_apps" {
load_balancer_arn = aws_lb.cf_apps.arn
port = "443"
protocol = "HTTPS"
ssl_policy = "ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06"
certificate_arn = var.elb_apps_cert_id
default_action {
target_group_arn = aws_lb_target_group.cf_apps_target_https.arn
type = "forward"
}
}
resource "aws_lb_listener" "cf_apps_http" {
load_balancer_arn = aws_lb.cf_apps.arn
port = "80"
protocol = "HTTP"
default_action {
target_group_arn = aws_lb_target_group.cf_apps_target_https.arn
type = "forward"
}
}
resource "aws_lb_target_group" "cf_logstash_target_https" {
name = "${var.stack_description}-cf-logstash-https"
port = 443
protocol = "HTTPS"
vpc_id = var.vpc_id
health_check {
healthy_threshold = 2
interval = 5
port = 81
timeout = 4
unhealthy_threshold = 3
matcher = 200
}
}
resource "aws_lb_target_group" "cf_gr_logstash_target_https" {
name = "${var.stack_description}-cf-gr-logstash-https"
port = 10443
protocol = "HTTPS"
vpc_id = var.vpc_id
health_check {
healthy_threshold = 2
interval = 5
port = 8443
timeout = 4
unhealthy_threshold = 3
matcher = 200
protocol = "HTTPS"
path = "/health"
}
}
resource "aws_lb_listener_rule" "logstash_listener_rule" {
listener_arn = aws_lb_listener.cf_apps.arn
action {
type = "forward"
target_group_arn = aws_lb_target_group.cf_logstash_target_https.arn
}
condition {
host_header {
values = [var.waf_hostname_0]
}
}
}
resource "aws_lb_listener_certificate" "pages" {
for_each = var.pages_cert_ids
listener_arn = aws_lb_listener.cf_apps.arn
certificate_arn = each.key
}
resource "aws_lb_listener_certificate" "pages_wildcard" {
for_each = var.pages_wildcard_cert_ids
listener_arn = aws_lb_listener.cf_apps.arn
certificate_arn = each.key
}
resource "aws_wafv2_web_acl_association" "cf_apps_waf_core" {
resource_arn = aws_lb.cf_apps.arn
web_acl_arn = aws_wafv2_web_acl.cf_uaa_waf_core.arn
}