segmentio · micahlmartin · Mar 7, 2017
diff --git a/web-service/elb/main.tf → web-service/alb/main.tf b/web-service/elb/main.tf → web-service/alb/main.tf
@@ -48,56 +48,65 @@ variable "internal_zone_id" {
   description = "The zone ID to create the record in"
 }
 
-variable "ssl_certificate_id" {
+variable "ssl_certificate_id" {}
+
+variable "vpc_id" {
+  description = "The id of the VPC."
 }
 
 /**
  * Resources.
  */
 
-resource "aws_elb" "main" {
-  name = "${var.name}"
-
-  internal                  = false
-  cross_zone_load_balancing = true
-  subnets                   = ["${split(",", var.subnet_ids)}"]
-  security_groups           = ["${split(",",var.security_groups)}"]
+# Create a new load balancer
+resource "aws_alb" "main" {
+  name            = "${var.name}"
+  internal        = false
+  subnets         = ["${split(",", var.subnet_ids)}"]
+  security_groups = ["${split(",",var.security_groups)}"]
 
-  idle_timeout                = 30
-  connection_draining         = true
-  connection_draining_timeout = 15
-
-  listener {
-    lb_port           = 80
-    lb_protocol       = "http"
-    instance_port     = "${var.port}"
-    instance_protocol = "http"
+  access_logs {
+    bucket = "${var.log_bucket}"
   }
+}
 
-  listener {
-    lb_port            = 443
-    lb_protocol        = "https"
-    instance_port      = "${var.port}"
-    instance_protocol  = "http"
-    ssl_certificate_id = "${var.ssl_certificate_id}"
-  }
+resource "aws_alb_target_group" "main" {
+  name     = "alb-target-${var.name}"
+  port     = "${var.port}"
+  protocol = "HTTP"
+  vpc_id   = "${var.vpc_id}"
 
   health_check {
     healthy_threshold   = 2
     unhealthy_threshold = 2
     timeout             = 5
-    target              = "HTTP:${var.port}${var.healthcheck}"
+    protocol            = "HTTP"
+    path                = "${var.healthcheck}"
     interval            = 30
   }
+}
 
-  access_logs {
-    bucket = "${var.log_bucket}"
+resource "aws_alb_listener" "service_https" {
+  load_balancer_arn = "${aws_alb.main.arn}"
+  port              = "443"
+  protocol          = "HTTPS"
+  ssl_policy        = "ELBSecurityPolicy-2015-05"
+  certificate_arn   = "${var.ssl_certificate_id}"
+
+  default_action {
+    target_group_arn = "${aws_alb_target_group.main.arn}"
+    type             = "forward"
   }
+}
 
-  tags {
-    Name        = "${var.name}-balancer"
-    Service     = "${var.name}"
-    Environment = "${var.environment}"
+resource "aws_alb_listener" "service_http" {
+  load_balancer_arn = "${aws_alb.main.arn}"
+  port              = "80"
+  protocol          = "HTTP"
+
+  default_action {
+    target_group_arn = "${aws_alb_target_group.main.arn}"
+    type             = "forward"
   }
 }
 
@@ -107,8 +116,8 @@ resource "aws_route53_record" "external" {
   type    = "A"
 
   alias {
-    zone_id                = "${aws_elb.main.zone_id}"
-    name                   = "${aws_elb.main.dns_name}"
+    zone_id                = "${aws_alb.main.zone_id}"
+    name                   = "${aws_alb.main.dns_name}"
     evaluate_target_health = false
   }
 }
@@ -119,8 +128,8 @@ resource "aws_route53_record" "internal" {
   type    = "A"
 
   alias {
-    zone_id                = "${aws_elb.main.zone_id}"
-    name                   = "${aws_elb.main.dns_name}"
+    zone_id                = "${aws_alb.main.zone_id}"
+    name                   = "${aws_alb.main.dns_name}"
     evaluate_target_health = false
   }
 }
@@ -131,17 +140,17 @@ resource "aws_route53_record" "internal" {
 
 // The ELB name.
 output "name" {
-  value = "${aws_elb.main.name}"
+  value = "${aws_alb.main.name}"
 }
 
 // The ELB ID.
 output "id" {
-  value = "${aws_elb.main.id}"
+  value = "${aws_alb.main.id}"
 }
 
 // The ELB dns_name.
 output "dns" {
-  value = "${aws_elb.main.dns_name}"
+  value = "${aws_alb.main.dns_name}"
 }
 
 // FQDN built using the zone domain and name (external)
@@ -156,5 +165,9 @@ output "internal_fqdn" {
 
 // The zone id of the ELB
 output "zone_id" {
-  value = "${aws_elb.main.zone_id}"
+  value = "${aws_alb.main.zone_id}"
+}
+
+output "target_group" {
+  value = "${aws_alb_target_group.main.arn}"
 }
diff --git a/web-service/main.tf b/web-service/main.tf
@@ -1,6 +1,6 @@
 /**
  * The web-service is similar to the `service` module, but the
- * it provides a __public__ ELB instead.
+ * it provides a __public__ ALB instead.
  *
  * Usage:
  *
@@ -36,11 +36,11 @@ variable "version" {
 }
 
 variable "subnet_ids" {
-  description = "Comma separated list of subnet IDs that will be passed to the ELB module"
+  description = "Comma separated list of subnet IDs that will be passed to the ALB module"
 }
 
 variable "security_groups" {
-  description = "Comma separated list of security group IDs that will be passed to the ELB module"
+  description = "Comma separated list of security group IDs that will be passed to the ALB module"
 }
 
 variable "port" {
@@ -52,7 +52,7 @@ variable "cluster" {
 }
 
 variable "log_bucket" {
-  description = "The S3 bucket ID to use for the ELB"
+  description = "The S3 bucket ID to use for the ALB"
 }
 
 variable "ssl_certificate_id" {
@@ -64,12 +64,12 @@ variable "iam_role" {
 }
 
 variable "external_dns_name" {
-  description = "The subdomain under which the ELB is exposed externally, defaults to the task name"
+  description = "The subdomain under which the ALB is exposed externally, defaults to the task name"
   default     = ""
 }
 
 variable "internal_dns_name" {
-  description = "The subdomain under which the ELB is exposed internally, defaults to the task name"
+  description = "The subdomain under which the ALB is exposed internally, defaults to the task name"
   default     = ""
 }
 
@@ -120,6 +120,11 @@ variable "cpu" {
   default     = 512
 }
 
+variable "working_directory" {
+  description = "The working directory of the container process."
+  default     = "/"
+}
+
 variable "deployment_minimum_healthy_percent" {
   description = "lower limit (% of desired_count) of # of running tasks during a deployment"
   default     = 100
@@ -130,6 +135,10 @@ variable "deployment_maximum_percent" {
   default     = 200
 }
 
+variable vpc_id {
+  description = "The id of the VPC."
+}
+
 /**
  * Resources.
  */
@@ -144,9 +153,9 @@ resource "aws_ecs_service" "main" {
   deployment_maximum_percent         = "${var.deployment_maximum_percent}"
 
   load_balancer {
-    elb_name       = "${module.elb.id}"
-    container_name = "${module.task.name}"
-    container_port = "${var.container_port}"
+    target_group_arn = "${module.alb.target_group}"
+    container_name   = "${module.task.name}"
+    container_port   = "${var.container_port}"
   }
 
   lifecycle {
@@ -157,13 +166,14 @@ resource "aws_ecs_service" "main" {
 module "task" {
   source = "../task"
 
-  name          = "${coalesce(var.name, replace(var.image, "/", "-"))}"
-  image         = "${var.image}"
-  image_version = "${var.version}"
-  command       = "${var.command}"
-  env_vars      = "${var.env_vars}"
-  memory        = "${var.memory}"
-  cpu           = "${var.cpu}"
+  name              = "${coalesce(var.name, replace(var.image, "/", "-"))}"
+  image             = "${var.image}"
+  image_version     = "${var.version}"
+  command           = "${var.command}"
+  env_vars          = "${var.env_vars}"
+  memory            = "${var.memory}"
+  cpu               = "${var.cpu}"
+  working_directory = "${var.working_directory}"
 
   ports = <<EOF
   [
@@ -175,8 +185,8 @@ module "task" {
 EOF
 }
 
-module "elb" {
-  source = "./elb"
+module "alb" {
+  source = "./alb"
 
   name               = "${module.task.name}"
   port               = "${var.port}"
@@ -190,38 +200,39 @@ module "elb" {
   security_groups    = "${var.security_groups}"
   log_bucket         = "${var.log_bucket}"
   ssl_certificate_id = "${var.ssl_certificate_id}"
+  vpc_id             = "${var.vpc_id}"
 }
 
 /**
  * Outputs.
  */
 
-// The name of the ELB
+// The name of the ALB
 output "name" {
-  value = "${module.elb.name}"
+  value = "${module.alb.name}"
 }
 
-// The DNS name of the ELB
+// The DNS name of the ALB
 output "dns" {
-  value = "${module.elb.dns}"
+  value = "${module.alb.dns}"
 }
 
-// The id of the ELB
-output "elb" {
-  value = "${module.elb.id}"
+// The id of the ALB
+output "alb" {
+  value = "${module.alb.id}"
 }
 
-// The zone id of the ELB
+// The zone id of the ALB
 output "zone_id" {
-  value = "${module.elb.zone_id}"
+  value = "${module.alb.zone_id}"
 }
 
 // FQDN built using the zone domain and name (external)
 output "external_fqdn" {
-  value = "${module.elb.external_fqdn}"
+  value = "${module.alb.external_fqdn}"
 }
 
 // FQDN built using the zone domain and name (internal)
 output "internal_fqdn" {
-  value = "${module.elb.internal_fqdn}"
+  value = "${module.alb.internal_fqdn}"
 }