cn-terraform / terraform-aws-ecs-alb Goto Github PK

View Code? Open in Web Editor NEW

27.0 27.0 29.0 123 KB

AWS ALB Terraform Module for ECS

Home Page: https://registry.terraform.io/modules/cn-terraform/ecs-alb

License: Apache License 2.0

HCL 100.00%

amazon-web-services aws aws-alb ecs terraform terraform-module

terraform-aws-ecs-alb's People

Contributors

Stargazers

Watchers

terraform-aws-ecs-alb's Issues

Support access logs on LB

S3Bucket validation transient issue

Hello @jnonino ,

Since your udpate, I have issue during sonarqube deployment :

 Error: failure configuring LB attributes: InvalidConfigurationRequest: S3Bucket validation transient issue
      status code: 400, request id: 391d3af7-99cd-4cd8-9617-15557228d1ce

  with module.sonar.module.ecs_fargate.module.ecs-fargate-service.module.ecs-alb.aws_lb.lb,
  on .terraform/modules/sonar.ecs_fargate.ecs-fargate-service.ecs-alb/main.tf line 26, in resource "aws_lb" "lb":
  26: resource "aws_lb" "lb" {

Feature Request: listener ports differ form target ports

At the moment it is not possible to have different LB listener and target group ports.

For example you can not forward LB port 443 to target group port 80

https://github.com/cn-terraform/terraform-aws-ecs-alb/blob/master/main.tf#L160-L179

Because the listener port is read out of the targetgroups:

  port              = element(aws_lb_target_group.lb_http_tgs.*.port, count.index)

  port              = element(aws_lb_target_group.lb_https_tgs.*.port, count.index)

Dependency Dashboard

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

This repository currently has no open or pending branches.

Detected dependencies

github-actions

.github/workflows/pipeline.yml

actions/checkout v4

actions/checkout v4

terraform

main.tf

cn-terraform/logs-s3-bucket/aws 1.0.6

versions.tf

aws >= 4

hashicorp/terraform >= 0.13

Check this box to trigger a request for Renovate to run again on this repository

Add an option to create a randomized name

The name of the load balancer is limited to 32 characters, which can be easily violated, especially when the name is composed of many parts.

Can't forward HTTP and HTTPS traffic to the same container port

I'm running into an issue when I try to forward both HTTP and HTTPS to the same container port. As an example:

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 3.0"
    }
  }
}

provider "aws" {
  region = "us-west-1"
}


module "base-network" {
  source                                      = "cn-terraform/networking/aws"
  version                                     = "2.0.13"
  name_prefix                                 = "test-networking"
  vpc_cidr_block                              = "192.168.0.0/16"
  availability_zones                          = ["us-west-1a", "us-west-1b"]
  public_subnets_cidrs_per_availability_zone  = ["192.168.0.0/19", "192.168.32.0/19"]
  private_subnets_cidrs_per_availability_zone = ["192.168.128.0/19", "192.168.160.0/19"]
}


module "ecs-fargate" {
  source  = "cn-terraform/ecs-fargate/aws"
  version = "2.0.28"
  
  name_prefix = "demo-http-https-port"

  assign_public_ip = false

  container_image = "mendhak/http-https-echo:23"
  container_name = "demo-http-https-port"

  vpc_id = module.base-network.vpc_id
  private_subnets_ids = module.base-network.private_subnets_ids
  public_subnets_ids = module.base-network.public_subnets_ids


  environment = [
    {
      name = "HTTP_PORT"
      value = "3000"
    }
  ]

  port_mappings = [
    {
      containerPort = 3000
      hostPort = 3000
      protocol = "tcp"
    }
  ]

  lb_http_ports = {
    default_http = {
      listener_port     = 80
      target_group_port = 3000
    }
  }

  lb_https_ports = {
    default_https = {
      listener_port     = 443
      target_group_port = 3000
    }
  }
  default_certificate_arn = "MY_CERT_ARN"

}

When I apply this configuration, I see:

│ Error: [WARN] A duplicate Security Group rule was found on (sg-xxxxxxxxxx). This may be
│ a side effect of a now-fixed Terraform issue causing two security groups with
│ identical attributes but different source_security_group_ids to overwrite each
│ other in the state. See https://github.com/hashicorp/terraform/pull/2376 for more
│ information and instructions for recovery. Error: InvalidPermission.Duplicate: the specified rule "peer: sg-xxxxxxxxxx, TCP, from port: 3000, to port: 3000, ALLOW" already exists
│ 	status code: 400, request id: xxxxxxxxx
│
│   with module.ecs-fargate.module.ecs-fargate-service.aws_security_group_rule.ingress_through_https["3000"],
│   on .terraform/modules/ecs-fargate.ecs-fargate-service/main.tf line 161, in resource "aws_security_group_rule" "ingress_through_https":
│  161: resource "aws_security_group_rule" "ingress_through_https" {
│

I believe this is because this module creates an ingress rule for HTTP and HTTPS traffic (one each) that wind up being identical (main.tf:116):

resource "aws_security_group_rule" "ingress_through_http" {
  for_each          = var.http_ports
  security_group_id = aws_security_group.lb_access_sg.id
  type              = "ingress"
  from_port         = each.value.listener_port
  to_port           = each.value.listener_port
  protocol          = "tcp"
  cidr_blocks       = var.http_ingress_cidr_blocks
  prefix_list_ids   = var.http_ingress_prefix_list_ids
}

resource "aws_security_group_rule" "ingress_through_https" {
  for_each          = var.https_ports
  security_group_id = aws_security_group.lb_access_sg.id
  type              = "ingress"
  from_port         = each.value.listener_port
  to_port           = each.value.listener_port
  protocol          = "tcp"
  cidr_blocks       = var.https_ingress_cidr_blocks
  prefix_list_ids   = var.https_ingress_prefix_list_ids
}

There might be some way to deduplicate these rules or make them different in some semantic way to allow both rules to exist.

missing Tags on lb and tg

Missing Tags as a variable [map()] on lb and tg

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.