Terraform module to setup AWS ALB with required parameters.
Based on Hashicorp's ALB module. In addition can configure S3 bucket to store ALB logs, Route53 record with custom DNS name and setup security group. Added China region support.
- Changed syntax to use Terraform 1.0
- Added the security policy if using HTTPS externally on the load balancer.
- Changed the Hashicorp's ALB module version from 3.5 to 6.0
module "alb" {
source = "github.com/lean-delivery/tf-module-aws-alb"
project = "Project"
environment = "dev"
vpc_id = "vpc-eizox8ea"
subnets = ["subnet-sait0aiw", "subnet-op8phee4", "subnet-eego9xoo"]
acm_cert_domain = "*.project.example.com"
root_domain = "example.com"
alb_logs_lifecycle_rule_enabled = true
alb_logs_expiration_days = 5
}| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| acm_cert_domain | Domain name for which ACM certificate was created | string | `` | no |
| cn_acm | Whether to use acm certificate in AWS China. Default set to false for backward compatibility | bool | false |
no |
| cn_route53 | Whether to use Route53 in AWS China | bool | false |
no |
| default_http_tcp_listeners_port | Port of default HTTP listener | number | 80 |
no |
| default_https_tcp_listeners_port | Port of default HTTPs listener | number | 443 |
no |
| default_load_balancer_is_internal | Boolean determining if the load balancer is internal or externally facing. | bool | true |
no |
| default_target_groups_backend_protocol | Backend protocol of default target group | string | HTTP |
no |
| default_target_groups_port | Port of default target group | number | 80 |
no |
| enable_logging | Trigger to enable ALB logging | bool | true |
no |
| enable_subdomains | Trigger to add '*.' before ALB custom domain name | bool | false |
no |
| environment | Environment name (used for resource naming and tagging) | string | test |
no |
| force_destroy | Enforces destruction of S3 bucket with ALB logs | bool | true |
no |
| lb_accout_id_per_region | - | map | <map> |
no |
| most_recent_certificate | Triger to use most recent SSL certificate | bool | false |
no |
| project | Project name (used for resource naming and tagging) | string | project |
no |
| root_domain | Root domain in which custom DNS record for ALB would be created | string | `` | no |
| subnets | A list of subnets to associate with the load balancer | list | - | yes |
| tags | Additional tags for resources | map | <map> |
no |
| target_groups_health_check | Target group health check parameters | map | <map> |
no |
| vpc_id | VPC id where the load balancer and other resources will be deployed | string | - | yes |
| alb_logs_expiration_days | s3 lifecycle rule expiration period | number | 5 |
yes |
| alb_logs_lifecycle_rule_enabled | Enable or disable s3 lifecycle rule | bool | false |
yes |
| alb_custom_security_group | Switch to override default-created security group | bool | false |
no |
| alb_custom_security_group_id | Security group ID that override default-created security group | string | None |
no |
| alb_custom_route53_record_name | Custom Route53 record name for ALB | string | None |
no |
| listener_ssl_policy | The security policy if using HTTPS externally on the load balancer. | string | ELBSecurityPolicy-FS-1-2-Res-2020-10 |
no |
| Name | Description |
|---|---|
| alb_custom_dns_name | The custom DNS name of the load balancer. |
| alb_dns_name | The DNS name of the load balancer. |
| alb_http_tcp_listener_arns | The ARN of the TCP and HTTP load balancer listeners created. |
| alb_http_tcp_listener_ids | The IDs of the TCP and HTTP load balancer listeners created. |
| alb_https_listener_arns | The ARNs of the HTTPS load balancer listeners created. |
| alb_https_listener_ids | The IDs of the load balancer listeners created. |
| alb_s3_logs | S3 bucket name for storing ALB logs. |
| alb_sg_egress | The Egress rule of security group for ALB. |
| alb_sg_id | The ID of security group for ALB. |
| alb_sg_ingress | The Ingress rule of security group for ALB. |
| alb_target_group_arns | ARNs of the target groups. Useful for passing to your Auto Scaling group. |
| alb_target_group_names | Name of the target group. Useful for passing to your CodeDeploy Deployment Group. |
| load_balancer_arn_suffix | ARN suffix of our load balancer - can be used with CloudWatch. |
| load_balancer_id | The ID and ARN of the load balancer we created. |
| load_balancer_zone_id | The zone_id of the load balancer to assist with creating DNS records. |
| root_domain_hosted_zone_id | - |
| target_group_arn_suffixes | ARN suffixes of our target groups - can be used with CloudWatch. |
Terraform version 1.0.0 or newer is required for this module to work.
Thank you for your interest in contributing! Please refer to CONTRIBUTING.md for guidance.
Apache2.0 Licensed. See LICENSE for full details.
Lean Delivery Team [email protected]