diff --git a/README.md b/README.md index fcd3cd88..51081eac 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,7 @@ to bootstrap our infrastructure. Be sure to read the internal developer documentation ("cg-provision") for non-public information about using this repository. + ## Layout ### Terraform diff --git a/terraform/modules/cloudfoundry/elb_apps.tf b/terraform/modules/cloudfoundry/elb_apps.tf index 918d3a1b..0b664136 100644 --- a/terraform/modules/cloudfoundry/elb_apps.tf +++ b/terraform/modules/cloudfoundry/elb_apps.tf @@ -30,6 +30,24 @@ resource "aws_lb_target_group" "cf_apps_target_https" { } } +resource "aws_lb_target_group" "cf_gr_apps_target_https" { + name = "${var.stack_description}-cf-gr-apps-https" + port = 10443 + protocol = "HTTPS" + vpc_id = var.vpc_id + + health_check { + healthy_threshold = 2 + interval = 5 + port = 8443 + timeout = 4 + unhealthy_threshold = 3 + matcher = 200 + protocol = "HTTPS" + path = "/health" + } +} + resource "aws_lb_listener" "cf_apps" { load_balancer_arn = aws_lb.cf_apps.arn port = "443" @@ -70,6 +88,24 @@ resource "aws_lb_target_group" "cf_logstash_target_https" { } } +resource "aws_lb_target_group" "cf_gr_logstash_target_https" { + name = "${var.stack_description}-cf-gr-logstash-https" + port = 10443 + protocol = "HTTPS" + vpc_id = var.vpc_id + + health_check { + healthy_threshold = 2 + interval = 5 + port = 8443 + timeout = 4 + unhealthy_threshold = 3 + matcher = 200 + protocol = "HTTPS" + path = "/health" + } +} + resource "aws_lb_listener_rule" "logstash_listener_rule" { listener_arn = aws_lb_listener.cf_apps.arn diff --git a/terraform/modules/cloudfoundry/elb_main.tf b/terraform/modules/cloudfoundry/elb_main.tf index a0a0f5dd..523736c7 100644 --- a/terraform/modules/cloudfoundry/elb_main.tf +++ b/terraform/modules/cloudfoundry/elb_main.tf @@ -14,6 +14,24 @@ resource "aws_lb" "cf" { } } +resource "aws_lb_target_group" "cf_gr_target_https" { + name = "${var.stack_description}-cf-gr-https" + port = 10443 + protocol = "HTTPS" + vpc_id = var.vpc_id + + health_check { + healthy_threshold = 2 + interval = 5 + port = 8443 + timeout = 4 + unhealthy_threshold = 3 + matcher = 200 + protocol = "HTTPS" + path = "/health" + } +} + resource "aws_lb_target_group" "cf_target_https" { name = "${var.stack_description}-cf-https" port = 443 diff --git a/terraform/modules/cloudfoundry/elb_uaa.tf b/terraform/modules/cloudfoundry/elb_uaa.tf index 95d60387..5a7f1163 100644 --- a/terraform/modules/cloudfoundry/elb_uaa.tf +++ b/terraform/modules/cloudfoundry/elb_uaa.tf @@ -14,6 +14,24 @@ resource "aws_lb" "cf_uaa" { } } +resource "aws_lb_target_group" "cf_gr_uaa_target" { + name = "${var.stack_description}-cf-gr-uaa" + port = 10443 + protocol = "HTTPS" + vpc_id = var.vpc_id + + health_check { + healthy_threshold = 2 + interval = 5 + port = 8443 + timeout = 4 + unhealthy_threshold = 3 + matcher = 200 + protocol = "HTTPS" + path = "/health" + } +} + resource "aws_lb_target_group" "cf_uaa_target" { name = "${var.stack_description}-cf-uaa" port = 443 diff --git a/terraform/modules/cloudfoundry/outputs.tf b/terraform/modules/cloudfoundry/outputs.tf index b2c4cfb0..be18c933 100644 --- a/terraform/modules/cloudfoundry/outputs.tf +++ b/terraform/modules/cloudfoundry/outputs.tf @@ -30,6 +30,22 @@ output "logstash_lb_target_https_group" { value = aws_lb_target_group.cf_logstash_target_https.name } +output "lb_gr_target_https_group" { + value = aws_lb_target_group.cf_gr_target_https.name +} + +output "apps_lb_gr_target_https_group" { + value = aws_lb_target_group.cf_gr_apps_target_https.name +} + +output "uaa_lb_gr_target_https_group" { + value = aws_lb_target_group.cf_gr_uaa_target.name +} + +output "logstash_gr_lb_target_https_group" { + value = aws_lb_target_group.cf_gr_logstash_target_https.name +} + output "uaa_lb_name" { value = aws_lb.cf_uaa.name } diff --git a/terraform/modules/external_domain_broker_loadbalancer_group/outputs.tf b/terraform/modules/external_domain_broker_loadbalancer_group/outputs.tf index 63f1b9c1..e85b5b80 100644 --- a/terraform/modules/external_domain_broker_loadbalancer_group/outputs.tf +++ b/terraform/modules/external_domain_broker_loadbalancer_group/outputs.tf @@ -13,3 +13,11 @@ output "domains_lbgroup_listener_arns" { output "domains_lbgroup_target_group_logstash_https_names" { value = aws_lb_target_group.domains_lbgroup_logstash_https.*.name } + +output "domains_lbgroup_target_group_gr_apps_https_names" { + value = aws_lb_target_group.domains_lbgroup_gr_apps_https.*.name +} + +output "domains_lbgroup_target_group_gr_logstash_https_names" { + value = aws_lb_target_group.domains_lbgroup_gr_logstash_https.*.name +} diff --git a/terraform/modules/external_domain_broker_loadbalancer_group/resources.tf b/terraform/modules/external_domain_broker_loadbalancer_group/resources.tf index 6a0a236a..9c0b3687 100644 --- a/terraform/modules/external_domain_broker_loadbalancer_group/resources.tf +++ b/terraform/modules/external_domain_broker_loadbalancer_group/resources.tf @@ -103,6 +103,46 @@ resource "aws_lb_target_group" "domains_lbgroup_logstash_https" { } } +resource "aws_lb_target_group" "domains_lbgroup_gr_apps_https" { + count = var.domains_lbgroup_count + + name = "${var.stack_description}-dlbg-gr-apps-https-${count.index}" + port = 10443 + protocol = "HTTPS" + vpc_id = var.vpc_id + + health_check { + healthy_threshold = 2 + interval = 5 + port = 8443 + timeout = 4 + unhealthy_threshold = 3 + matcher = 200 + protocol = "HTTPS" + path = "/health" + } +} + +resource "aws_lb_target_group" "domains_lbgroup_gr_logstash_https" { + count = var.domains_lbgroup_count + + name = "${var.stack_description}-dlbg-gr-logstash-${count.index}" + port = 10443 + protocol = "HTTPS" + vpc_id = var.vpc_id + + health_check { + healthy_threshold = 2 + interval = 5 + port = 8443 + timeout = 4 + unhealthy_threshold = 3 + matcher = 200 + protocol = "HTTPS" + path = "/health" + } +} + resource "aws_wafv2_web_acl_association" "domain_waf" { count = var.domains_lbgroup_count diff --git a/terraform/stacks/main/domains_broker.tf b/terraform/stacks/main/domains_broker.tf index e605830d..ec11984b 100644 --- a/terraform/stacks/main/domains_broker.tf +++ b/terraform/stacks/main/domains_broker.tf @@ -237,6 +237,46 @@ resource "aws_lb_target_group" "domains_broker_logstash_https" { } } +resource "aws_lb_target_group" "domains_broker_gr_apps_https" { + count = var.domains_broker_alb_count + + name = "${var.stack_description}-domains-gapps-https${count.index}" + port = 10443 + protocol = "HTTPS" + vpc_id = module.stack.vpc_id + + health_check { + healthy_threshold = 2 + interval = 5 + port = 8443 + timeout = 4 + unhealthy_threshold = 3 + matcher = 200 + protocol = "HTTPS" + path = "/health" + } +} + +resource "aws_lb_target_group" "domains_broker_gr_logstash_https" { + count = var.domains_broker_alb_count + + name = "${var.stack_description}-domains-glogstash-${count.index}" + port = 10443 + protocol = "HTTPS" + vpc_id = module.stack.vpc_id + + health_check { + healthy_threshold = 2 + interval = 5 + port = 8443 + timeout = 4 + unhealthy_threshold = 3 + matcher = 200 + protocol = "HTTPS" + path = "/health" + } +} + resource "aws_lb_target_group" "domains_broker_challenge" { count = var.domains_broker_alb_count diff --git a/terraform/stacks/main/outputs.tf b/terraform/stacks/main/outputs.tf index 8d09b5d4..ab4bb182 100644 --- a/terraform/stacks/main/outputs.tf +++ b/terraform/stacks/main/outputs.tf @@ -204,8 +204,12 @@ output "cf_router_target_groups" { value = flatten(concat( [module.cf.lb_target_https_group], [module.cf.apps_lb_target_https_group], + [module.cf.lb_gr_target_https_group], + [module.cf.apps_lb_gr_target_https_group], module.dedicated_loadbalancer_group.domains_lbgroup_target_group_apps_https_names, + module.dedicated_loadbalancer_group.domains_lbgroup_target_group_gr_apps_https_names, aws_lb_target_group.domains_broker_apps_https.*.name, + aws_lb_target_group.domains_broker_gr_apps_https.*.name, aws_lb_target_group.domains_broker_challenge.*.name, )) } @@ -219,18 +223,37 @@ output "cf_apps_target_group" { value = module.cf.apps_lb_target_https_group } +/* Temp target groups */ +output "cf_gr_target_group" { + value = module.cf.lb_gr_target_https_group +} + +output "cf_apps_gr_target_group" { + value = module.cf.apps_lb_gr_target_https_group +} + output "cf_logstash_target_group" { - value = concat( + value = flatten(concat( [module.cf.logstash_lb_target_https_group], + [module.cf.logstash_gr_lb_target_https_group], module.dedicated_loadbalancer_group.domains_lbgroup_target_group_logstash_https_names, + module.dedicated_loadbalancer_group.domains_lbgroup_target_group_gr_logstash_https_names, aws_lb_target_group.domains_broker_logstash_https.*.name, - ) + aws_lb_target_group.domains_broker_gr_logstash_https.*.name, + )) } output "cf_uaa_target_group" { value = module.cf.uaa_lb_target_group } +output "cf_router_main_target_group" { + value = concat( + [module.cf.uaa_lb_target_group], + [module.cf.uaa_lb_gr_target_https_group], + ) +} + /* Security Groups */ output "bosh_security_group" { value = module.stack.bosh_security_group