From 04dc9de50c9d723be2545c14bc99e86da5179b9b Mon Sep 17 00:00:00 2001
From: Kirmayer Elad <6572119+ekirmayer@users.noreply.github.com>
Date: Fri, 17 Jan 2025 15:28:08 +0000
Subject: [PATCH 1/2] Support http respond headers for ALB listeners
---
README.md | 4 ++--
examples/complete-alb/main.tf | 25 +++++++++++++++++++++++++
main.tf | 13 +++++++++++++
versions.tf | 2 +-
wrappers/versions.tf | 2 +-
5 files changed, 42 insertions(+), 4 deletions(-)
diff --git a/README.md b/README.md
index 45ee25c..767f938 100644
--- a/README.md
+++ b/README.md
@@ -352,13 +352,13 @@ See [patterns.md](https://github.com/terraform-aws-modules/terraform-aws-alb/blo
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.82 |
+| [aws](#requirement\_aws) | >= 5.84 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.82 |
+| [aws](#provider\_aws) | >= 5.84 |
## Modules
diff --git a/examples/complete-alb/main.tf b/examples/complete-alb/main.tf
index d1a6c80..3460b3b 100644
--- a/examples/complete-alb/main.tf
+++ b/examples/complete-alb/main.tf
@@ -359,6 +359,31 @@ module "alb" {
target_group_key = "ex-instance"
}
}
+
+ ex-response-headers = {
+ port = "443"
+ protocol = "HTTPS"
+ ssl_policy = "ELBSecurityPolicy-TLS13-1-2-Res-2021-06"
+ certificate_arn = module.acm.acm_certificate_arn
+
+ fixed_response = {
+ content_type = "text/plain"
+ message_body = "Fixed message"
+ status_code = "200"
+ }
+
+ routing_http_response_server_enabled = false
+ routing_http_response_strict_transport_security_header_value = "max-age=31536000; includeSubDomains; preload"
+ routing_http_response_access_control_allow_origin_header_value = "https://example.com"
+ routing_http_response_access_control_allow_methods_header_value = "TRACE,GET"
+ routing_http_response_access_control_allow_headers_header_value = "Accept-Language,Content-Language"
+ routing_http_response_access_control_allow_credentials_header_value = "true"
+ routing_http_response_access_control_expose_headers_header_value = "Cache-Control"
+ routing_http_response_access_control_max_age_header_value = 86400
+ routing_http_response_content_security_policy_header_value = "*"
+ routing_http_response_x_content_type_options_header_value = "nosniff"
+ routing_http_response_x_frame_options_header_value = "SAMEORIGIN"
+ }
}
target_groups = {
diff --git a/main.tf b/main.tf
index 4e15748..2ffc03a 100644
--- a/main.tf
+++ b/main.tf
@@ -217,12 +217,25 @@ resource "aws_lb_listener" "this" {
}
}
+ routing_http_response_server_enabled = try(each.value.routing_http_response_server_enabled, false)
+ routing_http_response_strict_transport_security_header_value = try(each.value.routing_http_response_strict_transport_security_header_value, null)
+ routing_http_response_access_control_allow_origin_header_value = try(each.value.routing_http_response_access_control_allow_origin_header_value, null)
+ routing_http_response_access_control_allow_methods_header_value = try(each.value.routing_http_response_access_control_allow_methods_header_value, null)
+ routing_http_response_access_control_allow_headers_header_value = try(each.value.routing_http_response_access_control_allow_headers_header_value, null)
+ routing_http_response_access_control_allow_credentials_header_value = try(each.value.routing_http_response_access_control_allow_credentials_header_value, null)
+ routing_http_response_access_control_expose_headers_header_value = try(each.value.routing_http_response_access_control_expose_headers_header_value, null)
+ routing_http_response_access_control_max_age_header_value = try(each.value.routing_http_response_access_control_max_age_header_value, null)
+ routing_http_response_content_security_policy_header_value = try(each.value.routing_http_response_content_security_policy_header_value, null)
+ routing_http_response_x_content_type_options_header_value = try(each.value.routing_http_response_x_content_type_options_header_value, null)
+ routing_http_response_x_frame_options_header_value = try(each.value.routing_http_response_x_frame_options_header_value, null)
+
load_balancer_arn = aws_lb.this[0].arn
port = try(each.value.port, var.default_port)
protocol = try(each.value.protocol, var.default_protocol)
ssl_policy = contains(["HTTPS", "TLS"], try(each.value.protocol, var.default_protocol)) ? try(each.value.ssl_policy, "ELBSecurityPolicy-TLS13-1-2-Res-2021-06") : try(each.value.ssl_policy, null)
tcp_idle_timeout_seconds = try(each.value.tcp_idle_timeout_seconds, null)
tags = merge(local.tags, try(each.value.tags, {}))
+
}
################################################################################
diff --git a/versions.tf b/versions.tf
index bdfd597..3810049 100644
--- a/versions.tf
+++ b/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.82"
+ version = ">= 5.84"
}
}
}
diff --git a/wrappers/versions.tf b/wrappers/versions.tf
index bdfd597..3810049 100644
--- a/wrappers/versions.tf
+++ b/wrappers/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.82"
+ version = ">= 5.84"
}
}
}
From d85057ef8bb2ee66ed0aa6d083724df093fb663f Mon Sep 17 00:00:00 2001
From: Bryant Biggs
Date: Thu, 13 Mar 2025 07:45:16 -0500
Subject: [PATCH 2/2] chore: Fix up versions and defaults
---
.pre-commit-config.yaml | 2 +-
README.md | 4 ++--
examples/complete-alb/README.md | 4 ++--
examples/complete-alb/versions.tf | 2 +-
examples/complete-nlb/README.md | 4 ++--
examples/complete-nlb/versions.tf | 2 +-
examples/mutual-auth-alb/README.md | 4 ++--
examples/mutual-auth-alb/versions.tf | 2 +-
main.tf | 3 +--
modules/lb_trust_store/README.md | 4 ++--
modules/lb_trust_store/versions.tf | 2 +-
versions.tf | 2 +-
wrappers/lb_trust_store/versions.tf | 2 +-
wrappers/versions.tf | 2 +-
14 files changed, 19 insertions(+), 20 deletions(-)
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 7e4e7da..d0e69ab 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
repos:
- repo: https://github.com/antonbabenko/pre-commit-terraform
- rev: v1.96.1
+ rev: v1.97.4
hooks:
- id: terraform_fmt
- id: terraform_wrapper_module_for_each
diff --git a/README.md b/README.md
index 767f938..59b06d7 100644
--- a/README.md
+++ b/README.md
@@ -352,13 +352,13 @@ See [patterns.md](https://github.com/terraform-aws-modules/terraform-aws-alb/blo
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.84 |
+| [aws](#requirement\_aws) | >= 5.89 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.84 |
+| [aws](#provider\_aws) | >= 5.89 |
## Modules
diff --git a/examples/complete-alb/README.md b/examples/complete-alb/README.md
index 2ff839b..734b274 100644
--- a/examples/complete-alb/README.md
+++ b/examples/complete-alb/README.md
@@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.82 |
+| [aws](#requirement\_aws) | >= 5.89 |
| [null](#requirement\_null) | >= 2.0 |
| [random](#requirement\_random) | >= 3.6 |
@@ -28,7 +28,7 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.82 |
+| [aws](#provider\_aws) | >= 5.89 |
| [null](#provider\_null) | >= 2.0 |
| [random](#provider\_random) | >= 3.6 |
diff --git a/examples/complete-alb/versions.tf b/examples/complete-alb/versions.tf
index 60bc7cf..6c02420 100644
--- a/examples/complete-alb/versions.tf
+++ b/examples/complete-alb/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.82"
+ version = ">= 5.89"
}
null = {
source = "hashicorp/null"
diff --git a/examples/complete-nlb/README.md b/examples/complete-nlb/README.md
index 70ee5f8..396ba36 100644
--- a/examples/complete-nlb/README.md
+++ b/examples/complete-nlb/README.md
@@ -20,13 +20,13 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.82 |
+| [aws](#requirement\_aws) | >= 5.89 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.82 |
+| [aws](#provider\_aws) | >= 5.89 |
## Modules
diff --git a/examples/complete-nlb/versions.tf b/examples/complete-nlb/versions.tf
index bdfd597..c00acf7 100644
--- a/examples/complete-nlb/versions.tf
+++ b/examples/complete-nlb/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.82"
+ version = ">= 5.89"
}
}
}
diff --git a/examples/mutual-auth-alb/README.md b/examples/mutual-auth-alb/README.md
index f3ddd75..f39a2a9 100644
--- a/examples/mutual-auth-alb/README.md
+++ b/examples/mutual-auth-alb/README.md
@@ -21,7 +21,7 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.82 |
+| [aws](#requirement\_aws) | >= 5.89 |
| [null](#requirement\_null) | >= 2.0 |
| [tls](#requirement\_tls) | >= 4.0 |
@@ -29,7 +29,7 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.82 |
+| [aws](#provider\_aws) | >= 5.89 |
| [null](#provider\_null) | >= 2.0 |
| [tls](#provider\_tls) | >= 4.0 |
diff --git a/examples/mutual-auth-alb/versions.tf b/examples/mutual-auth-alb/versions.tf
index 6fee869..0c9dd70 100644
--- a/examples/mutual-auth-alb/versions.tf
+++ b/examples/mutual-auth-alb/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.82"
+ version = ">= 5.89"
}
null = {
source = "hashicorp/null"
diff --git a/main.tf b/main.tf
index 2ffc03a..7ac785c 100644
--- a/main.tf
+++ b/main.tf
@@ -217,7 +217,7 @@ resource "aws_lb_listener" "this" {
}
}
- routing_http_response_server_enabled = try(each.value.routing_http_response_server_enabled, false)
+ routing_http_response_server_enabled = try(each.value.routing_http_response_server_enabled, null)
routing_http_response_strict_transport_security_header_value = try(each.value.routing_http_response_strict_transport_security_header_value, null)
routing_http_response_access_control_allow_origin_header_value = try(each.value.routing_http_response_access_control_allow_origin_header_value, null)
routing_http_response_access_control_allow_methods_header_value = try(each.value.routing_http_response_access_control_allow_methods_header_value, null)
@@ -235,7 +235,6 @@ resource "aws_lb_listener" "this" {
ssl_policy = contains(["HTTPS", "TLS"], try(each.value.protocol, var.default_protocol)) ? try(each.value.ssl_policy, "ELBSecurityPolicy-TLS13-1-2-Res-2021-06") : try(each.value.ssl_policy, null)
tcp_idle_timeout_seconds = try(each.value.tcp_idle_timeout_seconds, null)
tags = merge(local.tags, try(each.value.tags, {}))
-
}
################################################################################
diff --git a/modules/lb_trust_store/README.md b/modules/lb_trust_store/README.md
index 29496df..2b37a70 100644
--- a/modules/lb_trust_store/README.md
+++ b/modules/lb_trust_store/README.md
@@ -30,13 +30,13 @@ module "trust_store" {
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.82 |
+| [aws](#requirement\_aws) | >= 5.89 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.82 |
+| [aws](#provider\_aws) | >= 5.89 |
## Modules
diff --git a/modules/lb_trust_store/versions.tf b/modules/lb_trust_store/versions.tf
index bdfd597..c00acf7 100644
--- a/modules/lb_trust_store/versions.tf
+++ b/modules/lb_trust_store/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.82"
+ version = ">= 5.89"
}
}
}
diff --git a/versions.tf b/versions.tf
index 3810049..c00acf7 100644
--- a/versions.tf
+++ b/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.84"
+ version = ">= 5.89"
}
}
}
diff --git a/wrappers/lb_trust_store/versions.tf b/wrappers/lb_trust_store/versions.tf
index bdfd597..c00acf7 100644
--- a/wrappers/lb_trust_store/versions.tf
+++ b/wrappers/lb_trust_store/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.82"
+ version = ">= 5.89"
}
}
}
diff --git a/wrappers/versions.tf b/wrappers/versions.tf
index 3810049..c00acf7 100644
--- a/wrappers/versions.tf
+++ b/wrappers/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.84"
+ version = ">= 5.89"
}
}
}