Merge pull request #18 from zoitech/enhancement/redirect_to_443

#17 Listener to redirect HTTP traffic
zoitech · Mar 31, 2020 · fcd92ab · fcd92ab
2 parents 4538f53 + 23a4081
commit fcd92ab
Show file tree

Hide file tree

Showing 7 changed files with 120 additions and 38 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 1.0.2
+
+* Listener to redirect HTTP traffic ([#17](https://github.com/zoitech/terraform-aws-alb/issues/17))
+
 ## 1.0.1
 
 ENHANCEMENTS:

diff --git a/README.md b/README.md
@@ -58,6 +58,24 @@ module "alb" {
   certificate_arn = "arn:aws:acm:eu-central-1:xxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
 ```
 
+Alternatively, to create a HTTP redirect listener (defaults to HTTPS (443) if "lb_http_redirect_to_protocol" and "lb_http_redirect_to_port" are not configured) :
+
+```hcl
+module "alb" {
+  source                           = "git::https://github.com/zoitech/terraform-aws-alb.git"
+  aws_region                       = "eu-central-1"
+  vpc_id                           = "vpc-1234567b"
+  prefix                           = "p-dept.123-"
+  suffix                           = "-abc"
+  lb_name                          = "my-load-balancer"
+  create_internal_lb               = true
+  lb_subnet_ids                    = ["subnet-fd42536a", "subnet-98781bac"]
+  create_lb_http_redirect_listener = true
+  lb_http_redirect_listener_port   = 8080
+  lb_http_redirect_to_protocol     = "HTTP"
+  lb_http_redirect_to_port         = 80
+```
+
 ### Health Checks
 
 Health checks for all target groups can be set.

diff --git a/alb_http_listeners.tf b/alb_http_listeners.tf
@@ -32,3 +32,42 @@ resource "aws_lb_listener_rule" "http_host_based_routing" {
   }
 }
 
+# Create http redirect listener for the loadbalancer if "var.lb_http_redirect_listener == true"
+resource "aws_lb_listener" "application_loadbalancer_listener_http_redirect" {
+  count             = local.create_lb_http_redirect_listener
+  load_balancer_arn = aws_lb.application_loadbalancer.arn
+  port              = var.lb_http_redirect_listener_port
+  protocol          = "HTTP"
+
+  default_action {
+    type = "redirect"
+
+    redirect {
+      port        = var.lb_http_redirect_to_port
+      protocol    = var.lb_http_redirect_to_protocol
+      status_code = "HTTP_301"
+    }
+  }
+}
+
+# Redirect http 
+# resource "aws_lb_listener_rule" "redirect_http" {
+#   count        = local.create_lb_http_redirect_listener_rules
+#   listener_arn = aws_lb_listener.application_loadbalancer_listener_http_redirect[0].arn
+
+#   action {
+#     type = "redirect"
+
+#     redirect {
+#       port        = "443"
+#       protocol    = "HTTPS"
+#       status_code = "HTTP_301"
+#     }
+#   }
+
+#   condition {
+#     host_header {
+#       values = ["*.*"]
+#     }
+#   }
+# }
diff --git a/locals.tf b/locals.tf
@@ -1,16 +1,20 @@
 locals {
   # load balancer
   ## Security groups
-  create_sg_http_in      = (var.create_lb_http_listener == true ? 1 : 0)
+  create_sg_http_in      = (var.create_lb_http_listener == true && var.http_target_group_parameters != null ? 1 : 0)
   create_sg_https_in     = (var.create_lb_https_listener == true ? 1 : 0)
-  create_sg_http_attach  = (var.create_lb_http_listener == true ? length(split(",", var.target_ids)) : 0)
+  create_sg_http_attach  = (var.create_lb_http_listener == true && var.http_target_group_parameters != null ? length(split(",", var.target_ids)) : 0)
   create_sg_https_attach = (var.create_lb_https_listener == true ? length(split(",", var.target_ids)) : 0)
   lb_security_groups     = concat([aws_security_group.lb_group.id], var.lb_security_group_ids)
 
   # load balancer listeners
   ## alb_http_listeners.tf
-  create_lb_http_listener       = (var.create_lb_http_listener == true ? 1 : 0)
-  create_lb_http_listener_rules = (var.create_lb_http_listener == true && var.http_target_group_parameters != null ? length(var.http_target_group_parameters) : 0)
+  create_lb_http_listener          = (var.create_lb_http_listener == true && var.http_target_group_parameters != null ? 1 : 0)
+  create_lb_http_listener_rules    = (var.create_lb_http_listener == true && var.http_target_group_parameters != null ? length(var.http_target_group_parameters) : 0)
+  create_lb_http_redirect_listener = (var.create_lb_http_redirect_listener == true ? 1 : 0)
+  #create_lb_http_redirect_listener_rules = (var.create_lb_http_redirect_listener == true && var.create_listener_rule_http_redirect_https == true ? 1 : 0)
+
+
   ## alb_https_listeners.tf
   create_lb_https_listener       = (var.create_lb_https_listener == true ? 1 : 0)
   create_lb_https_listener_rules = (var.create_lb_https_listener == true ? (var.enable_lb_https_offloading == true && var.http_target_group_parameters != null ? length(var.http_target_group_parameters) : (var.enable_lb_https_offloading == false && var.https_target_group_parameters != null ? length(var.https_target_group_parameters) : 0)) : 0)
@@ -23,7 +27,7 @@ locals {
 
 
   # HTTP target group attachment
-  http_tg_attachment_conditionals = var.create_lb_http_listener == true ? length(var.http_target_group_parameters) : 0
+  http_tg_attachment_conditionals = var.create_lb_http_listener == true && var.http_target_group_parameters != null ? length(var.http_target_group_parameters) : 0
   http_target_id_1                = length(split(",", var.target_ids)) >= 1 ? local.http_tg_attachment_conditionals : 0
   http_target_id_2                = length(split(",", var.target_ids)) >= 2 ? local.http_tg_attachment_conditionals : 0
   http_target_id_3                = length(split(",", var.target_ids)) >= 3 ? local.http_tg_attachment_conditionals : 0
@@ -34,7 +38,7 @@ locals {
   http_target_id_8                = length(split(",", var.target_ids)) >= 8 ? local.http_tg_attachment_conditionals : 0
 
   # HTTPS target group attachment
-  https_tg_attachment_conditionals = var.create_lb_https_listener == true ? var.enable_lb_https_offloading == false ? length(var.https_target_group_parameters) : 0 : 0
+  https_tg_attachment_conditionals = var.create_lb_https_listener == true && var.https_target_group_parameters != null ? var.enable_lb_https_offloading == false ? length(var.https_target_group_parameters) : 0 : 0
 
   https_target_id_1 = length(split(",", var.target_ids)) >= 1 ? local.https_tg_attachment_conditionals : 0
   https_target_id_2 = length(split(",", var.target_ids)) >= 2 ? local.https_tg_attachment_conditionals : 0

diff --git a/variables_http_target_group.tf b/variables_http_target_group.tf
@@ -1,18 +1,15 @@
 ### HTTP target group variables ###
 variable "http_target_group_parameters" {
   #https://github.com/terraform-providers/terraform-provider-aws/pull/8268
-  type = list(object({
-    target_group = string
-    host_headers = list(string)
-    port         = number
-  }))
-  default = [
-    {
-      target_group = "default-http"
-      host_headers = ["default.com"]
-      port         = 80
-    }
-  ]
+  type    = list(any)
+  default = null
+  # default = [
+  #   {
+  #     target_group = "default-http"
+  #     host_headers = ["default.com"]
+  #     port         = 80
+  #   }
+  # ]
 }
 
 # HTTP target group degregistration delay

diff --git a/variables_https_target_group.tf b/variables_https_target_group.tf
@@ -1,18 +1,15 @@
 ### HTTPS target group variables ###
 variable "https_target_group_parameters" {
   #https://github.com/terraform-providers/terraform-provider-aws/pull/8268
-  type = list(object({
-    target_group = string
-    host_headers = list(string)
-    port         = number
-  }))
-  default = [
-    {
-      target_group = "default-https"
-      host_headers = ["default.com"]
-      port         = 443
-    }
-  ]
+  type    = list(any)
+  default = null
+  # default = [
+  #   {
+  #     target_group = "default-https"
+  #     host_headers = ["default.com"]
+  #     port         = 443
+  #   }
+  # ]
 }
 
 # HTTPS target group degregistration delay

diff --git a/variables_listeners.tf b/variables_listeners.tf
@@ -1,11 +1,40 @@
 # Load balancer listener variables
-## Load balancer HTTP listener needed?
+## HTTP
 variable "create_lb_http_listener" {
   description = "If true add a HTTP listener"
   default     = false
 }
 
-## Load balancer HTTPS listener needed?
+## Load balancer HTTP listener port
+variable "lb_http_listener_port" {
+  description = "HTTP listener port of the loadbalancer"
+  default     = 80
+}
+
+## load balancer http redirect listener
+variable "create_lb_http_redirect_listener" {
+  default = false
+}
+
+## Load balancer HTTP redirect listener port
+variable "lb_http_redirect_listener_port" {
+  description = "HTTP redirect listener port of the loadbalancer"
+  default     = 80
+}
+
+## Load balancer HTTP redirect to protocol
+variable "lb_http_redirect_to_protocol" {
+  description = "HTTP redirect listener to loadbalancer protocol"
+  default     = "HTTPS"
+}
+
+## Load balancer HTTP redirect to port
+variable "lb_http_redirect_to_port" {
+  description = "HTTP redirect listener to loadbalancer port"
+  default     = 443
+}
+
+## HTTPS
 variable "create_lb_https_listener" {
   description = "If true add a HTTPS listener"
   default     = false
@@ -17,12 +46,6 @@ variable "enable_lb_https_offloading" {
   default     = true
 }
 
-## Load balancer HTTP listener port
-variable "lb_http_listener_port" {
-  description = "HTTP listener port of the loadbalancer"
-  default     = 80
-}
-
 ## Loadbalancer HTTPS listener port
 variable "lb_https_listener_port" {
   description = "HTTPS listener port of the loadbalancer"