diff options
| author | Paul Buetow <paul@buetow.org> | 2023-12-17 20:32:39 +0200 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2023-12-17 20:32:39 +0200 |
| commit | 9d6584aabb26bc833707a7ae001e5ededcced063 (patch) | |
| tree | e30429174a1c628effd983bf6643690ce3c2296d | |
| parent | 40f297c5714abfe308b1b6635563f0d1cc90634c (diff) | |
can load balance based on hostname
| -rw-r--r-- | playground/fargate/ecs.tf | 46 | ||||
| -rw-r--r-- | playground/fargate/elb.tf | 60 | ||||
| -rw-r--r-- | playground/fargate/vpc.tf | 9 |
3 files changed, 22 insertions, 93 deletions
diff --git a/playground/fargate/ecs.tf b/playground/fargate/ecs.tf index 9cc4b61..b31a46b 100644 --- a/playground/fargate/ecs.tf +++ b/playground/fargate/ecs.tf @@ -1,23 +1,5 @@ -resource "aws_ecs_cluster" "my_cluster" { - name = "my-cluster" -} - -resource "aws_ecs_task_definition" "nginx_task" { - family = "nginx" - network_mode = "awsvpc" - requires_compatibilities = ["FARGATE"] - cpu = "256" - memory = "512" - execution_role_arn = aws_iam_role.ecs_execution_role.arn - - container_definitions = jsonencode([{ - name = "nginx", - image = "nginx:latest", - portMappings = [{ - containerPort = 80, - hostPort = 80 - }] - }]) +resource "aws_ecs_cluster" "my_ecs_cluster" { + name = "my-ecs-cluster" } resource "aws_iam_role" "ecs_execution_role" { @@ -39,27 +21,3 @@ resource "aws_iam_role_policy_attachment" "ecs_execution_role_policy_attach" { role = aws_iam_role.ecs_execution_role.name policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy" } - -resource "aws_ecs_service" "nginx_service" { - name = "nginx-service" - cluster = aws_ecs_cluster.my_cluster.id - task_definition = aws_ecs_task_definition.nginx_task.arn - launch_type = "FARGATE" - desired_count = 1 - - load_balancer { - target_group_arn = aws_lb_target_group.my_tg.arn - container_name = "nginx" # Must match the name in your container definition - container_port = 80 # The port your container is listening on - } - - network_configuration { - subnets = [ - aws_subnet.my_public_subnet_a.id, - aws_subnet.my_public_subnet_b.id, - aws_subnet.my_public_subnet_c.id, - ] - security_groups = [aws_security_group.nginx_sg.id] - assign_public_ip = true - } -} diff --git a/playground/fargate/elb.tf b/playground/fargate/elb.tf index e2c1ec6..4a9fe11 100644 --- a/playground/fargate/elb.tf +++ b/playground/fargate/elb.tf @@ -37,33 +37,21 @@ resource "aws_security_group" "alb_sg" { } } -resource "aws_lb_target_group" "my_tg" { - name = "my-tg" - port = 80 - protocol = "HTTP" - vpc_id = aws_vpc.my_vpc.id - target_type = "ip" - - health_check { - enabled = true - healthy_threshold = 2 - unhealthy_threshold = 2 - interval = 30 - path = "/" # Modify if your app has a specific health check path - protocol = "HTTP" - timeout = 3 - matcher = "200-299" - } -} - resource "aws_lb_listener" "my_http_listener" { load_balancer_arn = aws_lb.my_alb.arn port = "80" protocol = "HTTP" default_action { - type = "forward" - target_group_arn = aws_lb_target_group.my_tg.arn + type = "redirect" + + redirect { + protocol = "HTTPS" + port = "443" + status_code = "HTTP_301" + path = "/#{path}" + query = "#{query}" + } } } @@ -71,40 +59,16 @@ data "aws_route53_zone" "my_zone" { name = "aws.buetow.org." } -resource "aws_route53_record" "my_a_record" { - zone_id = data.aws_route53_zone.my_zone.zone_id - name = "nginx.aws.buetow.org." - type = "A" - - alias { - name = aws_lb.my_alb.dns_name - zone_id = aws_lb.my_alb.zone_id - evaluate_target_health = true - } -} - -#resource "aws_route53_record" "my_aaaa_record" { -# zone_id = data.aws_route53_zone.my_zone.zone_id -# name = "nginx.aws.buetow.org." -# type = "AAAA" -# -# alias { -# name = aws_lb.my_alb.dns_name -# zone_id = aws_lb.my_alb.zone_id -# evaluate_target_health = true -# } -#} - - resource "aws_lb_listener" "my_https_listener" { load_balancer_arn = aws_lb.my_alb.arn port = "443" protocol = "HTTPS" ssl_policy = "ELBSecurityPolicy-2016-08" - certificate_arn = "arn:aws:acm:eu-central-1:634617747016:certificate/4ae442c0-3b56-4e17-9a3f-023faf39d244" + # aws.buetow.org and *.aws.buetow.org certificate. + certificate_arn = "arn:aws:acm:eu-central-1:634617747016:certificate/4ae442c0-3b56-4e17-9a3f-023faf39d244" default_action { type = "forward" - target_group_arn = aws_lb_target_group.my_tg.arn + target_group_arn = aws_lb_target_group.my_nginx_tg.arn } } diff --git a/playground/fargate/vpc.tf b/playground/fargate/vpc.tf index 1ab8c95..4da9c8a 100644 --- a/playground/fargate/vpc.tf +++ b/playground/fargate/vpc.tf @@ -66,7 +66,7 @@ resource "aws_route_table_association" "public_route_table_assoc_c" { route_table_id = aws_route_table.public_route_table.id } -resource "aws_security_group" "nginx_sg" { +resource "aws_security_group" "web_sg" { vpc_id = aws_vpc.my_vpc.id ingress { @@ -76,6 +76,13 @@ resource "aws_security_group" "nginx_sg" { cidr_blocks = ["0.0.0.0/0"] } + ingress { + from_port = 443 + to_port = 443 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + egress { from_port = 0 to_port = 0 |