Merge pull request #3 from Geartrixy/feature/offloading

Feature/offloading

CHANGELOG.md

@@ -0,0 +1,18 @@
+## Release Version: 0.0.2
+
+BACKWARDS INCOMPATIBILITIES / NOTES:
+
+* N/A
+
+NEW FEATURES:
+
+* The HTTPS listener now supports offloading to HTTP target groups.
+Activated by setting parameter "lb_https_offloading=true"
+
+IMPROVEMENTS:
+
+* Added the following output values:  lb_name, lb_arn, lb_arn_suffix, lb_dns_name, lb_zone_id
+
+BUG FIXES:
+
+* N/A

README.md

@@ -90,8 +90,27 @@ The following determines what kind of listener(s) will be applied to the load ba
 
 ```hcl
   lb_http_listener = true #default = true
-  lb_https_listener = true #default = false
+  *lb_https_listener = true #default = false
 ```
+#### * HTTPS Offloading
+To enable offloading from HTTPS to HTTP set the following parameter "lb_https_offloading" to "true":
+
+
+```hcl
+  lb_https_listener   = true #default = false
+  lb_https_offloading = true #default = false
+```
+The following parameters need to be set:
+* http_target_group_names
+* http_target_group_ports
+* https_host_headers
+
+The following parameters need **not** be set as the HTTP counterparts are used instead:
+* https_target_group_names
+* https_target_group_ports
+
+
+
 #### Load Balancer Listener Ports
 HTTP/HTTPS listener port of the load balancer depending on what kind of listener(s) are selected:
 ```hcl
@@ -185,7 +204,37 @@ Can be set when there is a standard naming convention in use. They are applied t
   prefix = "P-"
   suffix = "-HR"
 ```
-
+#### Outputs
+The following outputs are possible:
+* lb_name  (The name of the LB)
+* lb_arn (The ARN of the load balancer)
+* lb_arn_suffix (The ARN suffix for use with CloudWatch Metrics)
+* lb_dns_name (The DNS name of the load balancer)
+* lb_zone_id (The canonical hosted zone ID of the load balancer (to be used in a Route 53 Alias record))
+
+Example usage:
+```hcl
+#The name of the LB
+output "lb_name" {
+  value = "${module.alb.lb_name}"
+}
+#The ARN of the load balancer
+output "lb_arn" {
+  value = "${module.alb.lb_arn}"
+}
+#The ARN suffix for use with CloudWatch Metrics
+output "lb_arn_suffix" {
+  value = "${module.alb.lb_arn_suffix}"
+}
+#The DNS name of the load balancer
+output "lb_dns_name" {
+  value = "${module.alb.lb_dns_name}"
+}
+#The canonical hosted zone ID of the load balancer (to be used in a Route 53 Alias record)
+output "lb_zone_id" {
+  value = "${module.alb.lb_zone_id}"
+}
+```
 
 
 

alb_https_listeners.tf

@@ -1,6 +1,6 @@
-# Create https listener for the loadbalancer if "var.lb_https_listener == true"
+# Create https listener for the loadbalancer if "var.lb_https_listener == true" and "var.lb_https_offloading == false"
 resource "aws_lb_listener" "application_loadbalancer_listener_https" {
-  count             = "${var.lb_https_listener}"
+  count             = "${var.lb_https_listener ? "${!var.lb_https_offloading ? 1 :0 }" :0 }"
   load_balancer_arn = "${aws_lb.application_loadbalancer.arn}"
   port              = "${var.lb_https_listener_port}"
   protocol          = "HTTPS"
@@ -15,7 +15,7 @@ resource "aws_lb_listener" "application_loadbalancer_listener_https" {
 
 # Create https listener rules
 resource "aws_lb_listener_rule" "https_host_based_routing" {
-  count = "${var.lb_https_listener ? "${length(var.https_host_headers) == "${length(var.https_target_group_names)}" ? "${length(var.https_host_headers)}" : 0}" :0}"
+  count = "${var.lb_https_listener ? "${!var.lb_https_offloading ? "${length(var.https_host_headers) == "${length(var.http_target_group_names)}" ? "${length(var.https_host_headers)}" : 0}" :0}" :0}"
 
   listener_arn = "${aws_lb_listener.application_loadbalancer_listener_https.arn}"
 
@@ -29,3 +29,35 @@ resource "aws_lb_listener_rule" "https_host_based_routing" {
     values = ["${element(var.https_host_headers, count.index)}"]
   }
 }
+
+# Create https listener (with offloading) for the loadbalancer if "var.lb_https_listener == true" and "var.lb_https_offloading == true"
+resource "aws_lb_listener" "application_loadbalancer_listener_https_with_offloading" {
+  count             = "${var.lb_https_listener ? "${var.lb_https_offloading ? 1 :0 }" :0 }"
+  load_balancer_arn = "${aws_lb.application_loadbalancer.arn}"
+  port              = "${var.lb_https_listener_port}"
+  protocol          = "HTTPS"
+
+  default_action {
+    target_group_arn = "${aws_lb_target_group.tg_http.0.arn}"
+    type             = "forward"
+  }
+
+  certificate_arn = "${var.certificate_arn}"
+}
+
+# Create https (offloading) listener rules
+resource "aws_lb_listener_rule" "https_host_based_routing_offloading" {
+  count = "${var.lb_https_listener ? "${var.lb_https_offloading ? "${length(var.https_host_headers) == "${length(var.http_target_group_names)}" ? "${length(var.https_host_headers)}" : 0}" :0}" :0}"
+
+  listener_arn = "${aws_lb_listener.application_loadbalancer_listener_https_with_offloading.arn}"
+
+  action {
+    type             = "forward"
+    target_group_arn = "${element(aws_lb_target_group.tg_http.*.arn, count.index)}"
+  }
+
+  condition {
+    field  = "host-header"
+    values = ["${element(var.https_host_headers, count.index)}"]
+  }
+}

https_target_groups.tf

@@ -2,7 +2,7 @@
 resource "aws_lb_target_group" "tg_https" {
   # Check the number of https target group names matches the number of https target group ports.
   # If check is ok creates the number of https target group resources based on the number of https target group names
-  count = "${var.lb_https_listener ? "${length(var.https_target_group_names) == "${length(var.https_target_group_ports)}" ? "${length(var.https_target_group_names)}" : 0}" :0}"
+  count = "${var.lb_https_listener ? "${!var.lb_https_offloading ? "${length(var.https_target_group_names) == "${length(var.https_target_group_ports)}" ? "${length(var.https_target_group_names)}" : 0}" :0}" :0}"
 
   ### Required Arguments ###
   name     = "${var.prefix}${element(var.https_target_group_names, count.index)}${var.suffix}" # default prefix/suffix = "". Default target group name = ["https-target-group"] N.B. 32 Character limit with prefix/suffix
@@ -35,7 +35,7 @@ resource "aws_lb_target_group" "tg_https" {
 
 # Attach target to https target group(s)
 resource "aws_lb_target_group_attachment" "attach_https_tg" {
-  count = "${var.lb_https_listener ? "${length(var.https_target_group_names) == "${length(var.https_target_group_ports)}" ? "${length(var.https_target_group_names)}" : 0}" :0}"
+  count = "${var.lb_https_listener ? "${!var.lb_https_offloading ? "${length(var.https_target_group_names) == "${length(var.https_target_group_ports)}" ? "${length(var.https_target_group_names)}" : 0}" :0}" :0}"
 
   target_group_arn = "${element(aws_lb_target_group.tg_https.*.arn, count.index)}"
   target_id        = "${var.target_id}"

outputs.tf

@@ -0,0 +1,20 @@
+#The name of the LB
+output "lb_name" {
+  value = "${aws_lb.application_loadbalancer.name}"
+}
+#The ARN of the load balancer
+output "lb_arn" {
+  value = "${aws_lb.application_loadbalancer.arn}"
+}
+#The DNS name of the load balancer
+output "lb_dns_name" {
+  value = "${aws_lb.application_loadbalancer.dns_name}"
+}
+#The ARN suffix for use with CloudWatch Metrics
+output "lb_arn_suffix" {
+  value = "${aws_lb.application_loadbalancer.arn_suffix}"
+}
+#The canonical hosted zone ID of the load balancer (to be used in a Route 53 Alias record)
+output "lb_zone_id" {
+  value = "${aws_lb.application_loadbalancer.zone_id}"
+}

variables_load_balancer.tf

@@ -96,6 +96,12 @@ variable "lb_https_listener" {
   default     = false
 }
 
+# Load balancer HTTPS offloading?
+variable "lb_https_offloading" {
+  description = "If true offload to HTTP"
+  default     = false
+}
+
 # Load balancer HTTP listener port
 variable "lb_http_listener_port" {
   description = "HTTP listener port of the loadbalancer"