From 60f378e8d6eb9a4cfdb68cf29dfdbadf13ab88a7 Mon Sep 17 00:00:00 2001 From: Marcin Cuber Date: Wed, 5 Aug 2020 09:10:20 +0100 Subject: [PATCH] Improve module versions + add alb access logs example (#3) --- .pre-commit-config.yaml | 4 +- README.md | 12 +- examples/alb-with-s3-access-logs/data.tf | 3 + examples/alb-with-s3-access-logs/main.tf | 150 +++++++++++++++++++++++ versions.tf | 4 +- 5 files changed, 164 insertions(+), 9 deletions(-) create mode 100644 examples/alb-with-s3-access-logs/data.tf create mode 100644 examples/alb-with-s3-access-logs/main.tf diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 0a26a19..d688e1b 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v2.5.0 + rev: v3.2.0 hooks: - id: check-added-large-files args: ['--maxkb=500'] @@ -18,7 +18,7 @@ repos: args: ['--allow-missing-credentials'] - id: trailing-whitespace - repo: git://github.com/antonbabenko/pre-commit-terraform - rev: v1.29.0 + rev: v1.31.0 hooks: - id: terraform_fmt - id: terraform_docs diff --git a/README.md b/README.md index 5a654be..37a65c6 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ Terraform 0.12. Pin module version to `~> v1.0`. Submit pull-requests to `master ```hcl module "alb" { source = "umotif-public/alb/aws" - version = "~> 1.2.0" + version = "~> 1.2.1" name_prefix = "complete-alb" @@ -43,7 +43,7 @@ module "alb" { ```hcl module "nlb" { source = "umotif-public/alb/aws" - version = "~> 1.2.0" + version = "~> 1.2.1" name = "complete-nlb" @@ -70,6 +70,8 @@ Module is to be used with Terraform > 0.12. ## Examples * [Application Load Balancer ALB](https://github.com/umotif-public/terraform-aws-alb/tree/master/examples/alb) +* [Application Load Balancer ALB with S3 access logs](https://github.com/umotif-public/terraform-aws-alb/tree/master/examples/alb-with-s3-access-logs) +* [Application Load Balancer NLB](https://github.com/umotif-public/terraform-aws-alb/tree/master/examples/nlb) ## Authors @@ -80,14 +82,14 @@ Module managed by [Marcin Cuber](https://github.com/marcincuber) [linkedin](http | Name | Version | |------|---------| -| terraform | ~> 0.12.6 | -| aws | ~> 2.45 | +| terraform | >= 0.12.6, < 0.14 | +| aws | >= 2.45, < 4.0 | ## Providers | Name | Version | |------|---------| -| aws | ~> 2.45 | +| aws | >= 2.45, < 4.0 | ## Inputs diff --git a/examples/alb-with-s3-access-logs/data.tf b/examples/alb-with-s3-access-logs/data.tf new file mode 100644 index 0000000..f89ca57 --- /dev/null +++ b/examples/alb-with-s3-access-logs/data.tf @@ -0,0 +1,3 @@ +data "aws_availability_zones" "available" {} +data "aws_region" "current" {} +data "aws_caller_identity" "current" {} diff --git a/examples/alb-with-s3-access-logs/main.tf b/examples/alb-with-s3-access-logs/main.tf new file mode 100644 index 0000000..34bd1dd --- /dev/null +++ b/examples/alb-with-s3-access-logs/main.tf @@ -0,0 +1,150 @@ +provider "aws" { + region = "eu-west-1" +} + +##### +# VPC and subnets +##### +module "vpc" { + source = "terraform-aws-modules/vpc/aws" + version = "2.44.0" + + name = "simple-vpc" + + cidr = "10.0.0.0/16" + + azs = ["eu-west-1a", "eu-west-1b", "eu-west-1c"] + private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] + public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"] + + enable_nat_gateway = false + + tags = { + Environment = "test" + } +} + +##### +# Application Load Balancer +##### +module "alb" { + source = "../../" + + name_prefix = "example-with-access-logs" + + load_balancer_type = "application" + + internal = false + vpc_id = module.vpc.vpc_id + subnets = flatten([module.vpc.public_subnets]) + + enable_http_to_https_redirect = true + cidr_blocks_redirect = ["10.10.0.0/16"] + + access_logs = { + bucket = aws_s3_bucket.alb_access_logs.bucket + prefix = "example-with-access-logs-alb" + enabled = true + } + + tags = { + Project = "Test" + } +} + +##### +# ALB listener +##### +resource "aws_lb_listener" "alb_80_redirect_to_443" { + load_balancer_arn = module.alb.arn + port = "80" + protocol = "HTTP" + + default_action { + type = "redirect" + + redirect { + port = "443" + protocol = "HTTPS" + status_code = "HTTP_301" + } + } +} + +##### +# SGs +##### +resource "aws_security_group_rule" "alb_ingress_443" { + security_group_id = module.alb.security_group_id + type = "ingress" + protocol = "tcp" + from_port = 443 + to_port = 443 + cidr_blocks = ["0.0.0.0/0"] + ipv6_cidr_blocks = ["::/0"] +} + +##### +# S3 bucket storing ALB access logs +##### +locals { + alb_root_account_id = "156460612806" # valid account id for Ireland Region. Full list -> https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html +} + +resource "aws_s3_bucket" "alb_access_logs" { + bucket = "example-alb-access-logs-bucket" + acl = "private" + region = data.aws_region.current.name + + server_side_encryption_configuration { + rule { + apply_server_side_encryption_by_default { + sse_algorithm = "AES256" + } + } + } + + policy = <