terraform-aws-alb

Requirements

Name	Version
terraform	>= 1.0.0
aws	>= 4.00

Providers

Name	Version
aws	5.98.0

Modules

Name	Source	Version
application_record	oozou/route53/aws	1.0.2
s3_alb_log_bucket	oozou/s3/aws	1.1.5

Resources

Name	Type
aws_lb.this	resource
aws_lb_listener.front_end_https_http_redirect	resource
aws_lb_listener.http	resource
aws_lb_target_group.this	resource
aws_security_group.alb	resource
aws_security_group_rule.alb_ingress	resource
aws_security_group_rule.egress	resource
aws_security_group_rule.http_ingress	resource
aws_security_group_rule.https_ingress	resource
aws_service_discovery_private_dns_namespace.internal	resource
aws_elb_service_account.this	data source
aws_iam_policy_document.alb_log	data source

Inputs

Name	Description	Type	Default	Required
additional_security_group_alb_ingress_rules	Map of ingress and any specific/overriding attributes to be created	any	{}	no
additional_security_group_ingress_rules	Map of ingress and any specific/overriding attributes to be created	any	{}	no
alb_access_logs_bucket_name	ALB access_logs S3 bucket name.	string	""	no
alb_aws_security_group_id	(Require) when is_create_alb_security_group is set to false	string	""	no
alb_certificate_arn	Certitificate ARN to link with ALB	string	""	no
alb_listener_port	The port to listen on the ALB for public services (80/443, default 443)	number	443	no
alb_s3_access_principals	n/a	list(object({ type = string identifiers = list(string) }))	[]	no
client_keep_alive	Client keep alive value in seconds. The valid range is 60-604800 seconds. The default is 3600 seconds.	number	3600	no
default_tg_config	Default configuration values for the target group	object({ port = number # The port on which the target group receives traffic protocol = string # The protocol used for routing traffic to the targets (HTTP, HTTPS, TCP, etc.) protocol_version = string # The version of the protocol to use (HTTP1, HTTP2, etc.) name_max_length = number # Maximum allowed length for the target group name (AWS limit is 32) target_type = string # The type of target (instance, ip, or lambda) stickiness = optional(object({ cookie_duration = number # Time in seconds for the cookie to be considered valid enabled = bool # Whether stickiness is enabled })) # Configuration block for target group stickiness deregistration_delay = number # Time in seconds to wait before deregistering a target slow_start = optional(number) # Time in seconds for slow start mode; optional load_balancing_algorithm_type = string # Algorithm type for load balancing (round_robin, least_outstanding_requests) load_balancing_anomaly_mitigation = string # Mitigation mode (off, basic, proactive) })	{ "deregistration_delay": 15, "load_balancing_algorithm_type": "round_robin", "load_balancing_anomaly_mitigation": "off", "name_max_length": 32, "port": 80, "protocol": "HTTP", "protocol_version": "HTTP1", "slow_start": null, "stickiness": null, "target_type": "ip" }	no
default_tg_hc_config	Default health check configuration for the target group	object({ path = string # The destination for the health check request port = string # The port to use for the health check protocol = optional(string) # The protocol to use for the health check. If not specified, same as the traffic protocol timeout = number # Time to wait in seconds before failing a health check request healthy_threshold = number # Number of consecutive successes required before marking target healthy unhealthy_threshold = number # Number of consecutive failures before marking target unhealthy interval = number # Time in seconds between health checks matcher = string # HTTP response codes to indicate a healthy check })	{ "healthy_threshold": 2, "interval": 15, "matcher": "200-399", "path": "/", "port": "traffic-port", "protocol": null, "timeout": 10, "unhealthy_threshold": 2 }	no
drop_invalid_header_fields	Indicates whether HTTP headers with header fields that are not valid are removed by the load balancer (true) or routed to targets (false).	bool	true	no
enable_deletion_protection	(Optional) If true, deletion of the load balancer will be disabled via the AWS API. This will prevent Terraform from deleting the load balancer. Defaults to false.	bool	false	no
environment	Environment Variable used as a prefix	string	n/a	yes
fully_qualified_domain_name	The domain name for the ACM cert for attaching to the ALB i.e. *.example.com, www.amazing.com	string	""	no
http_ingress_cidr_blocks	List of CIDR blocks to allow in HTTP security group	list(string)	[ "0.0.0.0/0", "::/0" ]	no
http_ingress_prefix_list_ids	inbound or outbound rules to allow or deny traffic to/from specific AWS-managed services like S3, DynamoDB	list(string)	[]	no
http_port	The port for the HTTP listener	number	80	no
https_ingress_cidr_blocks	List of CIDR blocks to allow in HTTPS security group	list(string)	[ "0.0.0.0/0", "::/0" ]	no
https_ingress_prefix_list_ids	inbound or outbound rules to allow or deny traffic to/from specific AWS-managed services like S3, DynamoDB	list(string)	[]	no
https_port	The port for the HTTPS listener	number	443	no
idle_timeout	The time in seconds that the connection is allowed to be idle	number	60	no
ip_address_type	The type of IP addresses used by the subnets for your load balancer. The possible values are ipv4 and dualstack.	string	"ipv4"	no
is_create_alb_dns_record	Whether to create ALB dns record or not	bool	true	no
is_create_alb_security_group	Whether to create ALB security group or not	bool	true	no
is_create_discovery_namespace	Flag to determine whether to create a discovery namespace	bool	false	no
is_default_target_group_enabled	Flag to enable or disable the default target group	bool	false	no
is_enable_access_log	Boolean to enable / disable access_logs. Defaults to false, even when bucket is specified.	bool	false	no
is_ignore_unsecured_connection	Whether to by pass the HTTPs endpoints required or not	bool	false	no
is_public_alb	Flag for Internal/Public ALB. ALB is production env should be public	bool	false	no
listener_https_fixed_response	Have the HTTPS listener return a fixed response for the default action.	object({ content_type = string message_body = string status_code = string })	null	no
name	Name of the alb to create	string	n/a	yes
prefix	The prefix name of customer to be displayed in AWS console and resource	string	n/a	yes
preserve_host_header	Indicates whether the Application Load Balancer should preserve the Host header in the HTTP request and send it to the target without any change.	bool	false	no
private_subnet_ids	Private subnets for private alb	list(string)	[]	no
public_subnet_ids	Public subnets for public AWS Application Load Balancer deployment	list(string)	[]	no
route53_hosted_zone_name	The domain name in Route53 to fetch the hosted zone, i.e. example.com, mango-dev.blue.cloud	string	""	no
s3_alb_log_bucket_lifecycle_rules	List of lifecycle rules to transition the data. Leave empty to disable this feature. storage_class can be STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, or DEEP_ARCHIVE	any	[]	no
ssl_policy	The SSL policy for the ALB listener when using HTTPS	string	"ELBSecurityPolicy-2016-08"	no
tags	Custom tags which can be passed on to the AWS resources. They should be key value pairs having distinct keys	map(any)	{}	no
vpc_id	VPC to deploy the alb in	string	n/a	yes
xff_header_processing_mode	The mode for processing the X-Forwarded-For header. The possible values are append and preserve. The default is append.	string	"append"	no

Outputs

Name	Description
alb_arn	ARN of alb
alb_dns_name	The DNS name of the load balancer.
alb_id	ID of alb
alb_listener_http_arn	ARN of the listener (matches id).
alb_listener_https_redirect_arn	ARN of the listener (matches id).
alb_sg_id	The security group id of the ALB
service_discovery_namespace	The ID of a namespace.