From b79d2fbbc4cd3052d6a579b220a75d3cc831d453 Mon Sep 17 00:00:00 2001 From: Micah Martin Date: Tue, 7 Mar 2017 12:10:56 -0500 Subject: [PATCH] Replace classic ELB with ALB --- web-service/{elb => alb}/main.tf | 91 ++++++++++++++++++-------------- web-service/main.tf | 69 ++++++++++++++---------- 2 files changed, 92 insertions(+), 68 deletions(-) rename web-service/{elb => alb}/main.tf (57%) diff --git a/web-service/elb/main.tf b/web-service/alb/main.tf similarity index 57% rename from web-service/elb/main.tf rename to web-service/alb/main.tf index 7d47856c..676298a7 100644 --- a/web-service/elb/main.tf +++ b/web-service/alb/main.tf @@ -48,56 +48,65 @@ variable "internal_zone_id" { description = "The zone ID to create the record in" } -variable "ssl_certificate_id" { +variable "ssl_certificate_id" {} + +variable "vpc_id" { + description = "The id of the VPC." } /** * Resources. */ -resource "aws_elb" "main" { - name = "${var.name}" - - internal = false - cross_zone_load_balancing = true - subnets = ["${split(",", var.subnet_ids)}"] - security_groups = ["${split(",",var.security_groups)}"] +# Create a new load balancer +resource "aws_alb" "main" { + name = "${var.name}" + internal = false + subnets = ["${split(",", var.subnet_ids)}"] + security_groups = ["${split(",",var.security_groups)}"] - idle_timeout = 30 - connection_draining = true - connection_draining_timeout = 15 - - listener { - lb_port = 80 - lb_protocol = "http" - instance_port = "${var.port}" - instance_protocol = "http" + access_logs { + bucket = "${var.log_bucket}" } +} - listener { - lb_port = 443 - lb_protocol = "https" - instance_port = "${var.port}" - instance_protocol = "http" - ssl_certificate_id = "${var.ssl_certificate_id}" - } +resource "aws_alb_target_group" "main" { + name = "alb-target-${var.name}" + port = "${var.port}" + protocol = "HTTP" + vpc_id = "${var.vpc_id}" health_check { healthy_threshold = 2 unhealthy_threshold = 2 timeout = 5 - target = "HTTP:${var.port}${var.healthcheck}" + protocol = "HTTP" + path = "${var.healthcheck}" interval = 30 } +} - access_logs { - bucket = "${var.log_bucket}" +resource "aws_alb_listener" "service_https" { + load_balancer_arn = "${aws_alb.main.arn}" + port = "443" + protocol = "HTTPS" + ssl_policy = "ELBSecurityPolicy-2015-05" + certificate_arn = "${var.ssl_certificate_id}" + + default_action { + target_group_arn = "${aws_alb_target_group.main.arn}" + type = "forward" } +} - tags { - Name = "${var.name}-balancer" - Service = "${var.name}" - Environment = "${var.environment}" +resource "aws_alb_listener" "service_http" { + load_balancer_arn = "${aws_alb.main.arn}" + port = "80" + protocol = "HTTP" + + default_action { + target_group_arn = "${aws_alb_target_group.main.arn}" + type = "forward" } } @@ -107,8 +116,8 @@ resource "aws_route53_record" "external" { type = "A" alias { - zone_id = "${aws_elb.main.zone_id}" - name = "${aws_elb.main.dns_name}" + zone_id = "${aws_alb.main.zone_id}" + name = "${aws_alb.main.dns_name}" evaluate_target_health = false } } @@ -119,8 +128,8 @@ resource "aws_route53_record" "internal" { type = "A" alias { - zone_id = "${aws_elb.main.zone_id}" - name = "${aws_elb.main.dns_name}" + zone_id = "${aws_alb.main.zone_id}" + name = "${aws_alb.main.dns_name}" evaluate_target_health = false } } @@ -131,17 +140,17 @@ resource "aws_route53_record" "internal" { // The ELB name. output "name" { - value = "${aws_elb.main.name}" + value = "${aws_alb.main.name}" } // The ELB ID. output "id" { - value = "${aws_elb.main.id}" + value = "${aws_alb.main.id}" } // The ELB dns_name. output "dns" { - value = "${aws_elb.main.dns_name}" + value = "${aws_alb.main.dns_name}" } // FQDN built using the zone domain and name (external) @@ -156,5 +165,9 @@ output "internal_fqdn" { // The zone id of the ELB output "zone_id" { - value = "${aws_elb.main.zone_id}" + value = "${aws_alb.main.zone_id}" +} + +output "target_group" { + value = "${aws_alb_target_group.main.arn}" } diff --git a/web-service/main.tf b/web-service/main.tf index 95b43db5..bcaa91c3 100644 --- a/web-service/main.tf +++ b/web-service/main.tf @@ -1,6 +1,6 @@ /** * The web-service is similar to the `service` module, but the - * it provides a __public__ ELB instead. + * it provides a __public__ ALB instead. * * Usage: * @@ -36,11 +36,11 @@ variable "version" { } variable "subnet_ids" { - description = "Comma separated list of subnet IDs that will be passed to the ELB module" + description = "Comma separated list of subnet IDs that will be passed to the ALB module" } variable "security_groups" { - description = "Comma separated list of security group IDs that will be passed to the ELB module" + description = "Comma separated list of security group IDs that will be passed to the ALB module" } variable "port" { @@ -52,7 +52,7 @@ variable "cluster" { } variable "log_bucket" { - description = "The S3 bucket ID to use for the ELB" + description = "The S3 bucket ID to use for the ALB" } variable "ssl_certificate_id" { @@ -64,12 +64,12 @@ variable "iam_role" { } variable "external_dns_name" { - description = "The subdomain under which the ELB is exposed externally, defaults to the task name" + description = "The subdomain under which the ALB is exposed externally, defaults to the task name" default = "" } variable "internal_dns_name" { - description = "The subdomain under which the ELB is exposed internally, defaults to the task name" + description = "The subdomain under which the ALB is exposed internally, defaults to the task name" default = "" } @@ -120,6 +120,11 @@ variable "cpu" { default = 512 } +variable "working_directory" { + description = "The working directory of the container process." + default = "/" +} + variable "deployment_minimum_healthy_percent" { description = "lower limit (% of desired_count) of # of running tasks during a deployment" default = 100 @@ -130,6 +135,10 @@ variable "deployment_maximum_percent" { default = 200 } +variable vpc_id { + description = "The id of the VPC." +} + /** * Resources. */ @@ -144,9 +153,9 @@ resource "aws_ecs_service" "main" { deployment_maximum_percent = "${var.deployment_maximum_percent}" load_balancer { - elb_name = "${module.elb.id}" - container_name = "${module.task.name}" - container_port = "${var.container_port}" + target_group_arn = "${module.alb.target_group}" + container_name = "${module.task.name}" + container_port = "${var.container_port}" } lifecycle { @@ -157,13 +166,14 @@ resource "aws_ecs_service" "main" { module "task" { source = "../task" - name = "${coalesce(var.name, replace(var.image, "/", "-"))}" - image = "${var.image}" - image_version = "${var.version}" - command = "${var.command}" - env_vars = "${var.env_vars}" - memory = "${var.memory}" - cpu = "${var.cpu}" + name = "${coalesce(var.name, replace(var.image, "/", "-"))}" + image = "${var.image}" + image_version = "${var.version}" + command = "${var.command}" + env_vars = "${var.env_vars}" + memory = "${var.memory}" + cpu = "${var.cpu}" + working_directory = "${var.working_directory}" ports = <