-
-
Notifications
You must be signed in to change notification settings - Fork 41
/
Copy pathalb.tf
155 lines (146 loc) · 6.47 KB
/
alb.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
/////////////////////////////////////////////////[ APPLICATION LOAD BALANCER ]////////////////////////////////////////////
# # ---------------------------------------------------------------------------------------------------------------------#
# Create Application Load Balancers
# # ---------------------------------------------------------------------------------------------------------------------#
resource "aws_lb" "this" {
name = "${local.project}-${each.key}-alb"
internal = false
load_balancer_type = "application"
drop_invalid_header_fields = true
security_groups = [aws_security_group.alb.id]
subnets = [for az, subnet in aws_subnet.this : subnet.id][0:2]
access_logs {
bucket = aws_s3_bucket.this["system"].bucket
prefix = "ALB"
enabled = true
}
tags = {
Name = "${local.project}-${each.key}-alb"
}
}
# # ---------------------------------------------------------------------------------------------------------------------#
# Create Target Groups for Load Balancers
# # ---------------------------------------------------------------------------------------------------------------------#
resource "aws_lb_target_group" "this" {
name = "${local.project}-varnish"
port = 80
protocol = "HTTP"
vpc_id = aws_vpc.this.id
health_check {
path = "/${random_string.this["health_check"].result}"
interval = 30
timeout = 5
healthy_threshold = 3
unhealthy_threshold = 2
matcher = "200"
}
}
# # ---------------------------------------------------------------------------------------------------------------------#
# Create https:// listener for Load Balancer - default
# # ---------------------------------------------------------------------------------------------------------------------#
resource "aws_lb_listener" "https" {
depends_on = [aws_acm_certificate_validation.default]
load_balancer_arn = aws_lb.this.arn
port = "443"
protocol = "HTTPS"
ssl_policy = "ELBSecurityPolicy-FS-1-2-Res-2020-10"
certificate_arn = aws_acm_certificate.default.arn
default_action {
type = "fixed-response"
fixed_response {
content_type = "text/plain"
message_body = "No targets are responding to this request"
status_code = "502"
}
}
}
# # ---------------------------------------------------------------------------------------------------------------------#
# Create conditional listener rule for Load Balancer - forward to varnish
# # ---------------------------------------------------------------------------------------------------------------------#
resource "aws_lb_listener_rule" "varnish" {
listener_arn = aws_lb_listener.https.arn
priority = 30
action {
type = "forward"
target_group_arn = aws_lb_target_group.this.arn
}
condition {
host_header {
values = [var.domain]
}
}
}
# # ---------------------------------------------------------------------------------------------------------------------#
# Create http:// listener for Load Balancer - redirect to https://
# # ---------------------------------------------------------------------------------------------------------------------#
resource "aws_lb_listener" "http" {
load_balancer_arn = aws_lb.this.arn
port = "80"
protocol = "HTTP"
default_action {
type = "redirect"
redirect {
port = "443"
protocol = "HTTPS"
status_code = "HTTP_301"
}
}
}
# # ---------------------------------------------------------------------------------------------------------------------#
# Create CloudWatch HTTP 5XX metrics and email alerts
# # ---------------------------------------------------------------------------------------------------------------------#
resource "aws_cloudwatch_metric_alarm" "httpcode_target_5xx_count" {
alarm_name = "${local.project}-http-5xx-errors-from-target"
comparison_operator = "GreaterThanThreshold"
evaluation_periods = "1"
metric_name = "HTTPCode_Target_5XX_Count"
namespace = "AWS/ApplicationELB"
period = 300
statistic = "Sum"
threshold = var.alb["error_threshold"]
alarm_description = "HTTPCode 5XX count for frontend instances over ${var.alb["error_threshold"]}"
alarm_actions = ["${aws_sns_topic.default.arn}"]
ok_actions = ["${aws_sns_topic.default.arn}"]
dimensions = {
TargetGroup = aws_lb_target_group.this.arn
LoadBalancer = aws_lb.this.arn
}
}
# # ---------------------------------------------------------------------------------------------------------------------#
# Create CloudWatch HTTP 5XX metrics and email alerts
# # ---------------------------------------------------------------------------------------------------------------------#
resource "aws_cloudwatch_metric_alarm" "httpcode_elb_5xx_count" {
alarm_name = "${local.project}-http-5xx-errors-from-loadbalancer"
comparison_operator = "GreaterThanThreshold"
evaluation_periods = "1"
metric_name = "HTTPCode_ELB_5XX_Count"
namespace = "AWS/ApplicationELB"
period = 300
statistic = "Sum"
threshold = var.alb["error_threshold"]
alarm_description = "HTTPCode 5XX count for loadbalancer over ${var.alb["error_threshold"]}"
alarm_actions = ["${aws_sns_topic.default.arn}"]
ok_actions = ["${aws_sns_topic.default.arn}"]
dimensions = {
LoadBalancer = aws_lb.this.arn
}
}
# # ---------------------------------------------------------------------------------------------------------------------#
# Create CloudWatch RequestCount metrics and email alerts
# # ---------------------------------------------------------------------------------------------------------------------#
resource "aws_cloudwatch_metric_alarm" "alb_rps" {
alarm_name = "${local.project}-loadbalancer-rps"
comparison_operator = "GreaterThanThreshold"
evaluation_periods = "1"
metric_name = "RequestCount"
namespace = "AWS/ApplicationELB"
period = "120"
statistic = "Sum"
threshold = var.alb["rps_threshold"]
alarm_description = "The number of requests processed over 2 minutes greater than ${var.alb["rps_threshold"]}"
alarm_actions = ["${aws_sns_topic.default.arn}"]
ok_actions = ["${aws_sns_topic.default.arn}"]
dimensions = {
LoadBalancer = aws_lb.this.arn
}
}