From e4b8654ecb1bcce07f29b3ae67671912c3b67dfd Mon Sep 17 00:00:00 2001 From: Viktor Orda Date: Mon, 31 Mar 2025 21:58:22 +0300 Subject: [PATCH 1/2] Support HTTPS request headers renaming --- README.md | 4 ++-- examples/complete-alb/main.tf | 22 ++++++++++++++++++++++ main.tf | 9 +++++++++ versions.tf | 2 +- wrappers/main.tf | 2 +- wrappers/versions.tf | 2 +- 6 files changed, 36 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 59b06d7..c4f6bb5 100644 --- a/README.md +++ b/README.md @@ -352,13 +352,13 @@ See [patterns.md](https://github.com/terraform-aws-modules/terraform-aws-alb/blo | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.89 | +| [aws](#requirement\_aws) | >= 5.93 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.89 | +| [aws](#provider\_aws) | >= 5.93 | ## Modules diff --git a/examples/complete-alb/main.tf b/examples/complete-alb/main.tf index 3460b3b..c4925b4 100644 --- a/examples/complete-alb/main.tf +++ b/examples/complete-alb/main.tf @@ -384,6 +384,28 @@ module "alb" { routing_http_response_x_content_type_options_header_value = "nosniff" routing_http_response_x_frame_options_header_value = "SAMEORIGIN" } + + ex-request-headers = { + port = "443" + protocol = "HTTPS" + ssl_policy = "ELBSecurityPolicy-TLS13-1-2-Res-2021-06" + certificate_arn = module.acm.acm_certificate_arn + + fixed_response = { + content_type = "text/plain" + message_body = "Fixed message" + status_code = "200" + } + + routing_http_request_x_amzn_tls_version_header_name = "X-Amzn-Tls-Version-Custom" + routing_http_request_x_amzn_tls_cipher_suite_header_name = "X-Amzn-Tls-Cipher-Suite-Custom" + routing_http_request_x_amzn_mtls_clientcert_header_name = "X-Amzn-Mtls-Clientcert-Custom" + routing_http_request_x_amzn_mtls_clientcert_serial_number_header_name = "X-Amzn-Mtls-Clientcert-Serial-Number-Custom" + routing_http_request_x_amzn_mtls_clientcert_issuer_header_name = "X-Amzn-Mtls-Clientcert-Issuer-Custom" + routing_http_request_x_amzn_mtls_clientcert_subject_header_name = "X-Amzn-Mtls-Clientcert-Subject-Custom" + routing_http_request_x_amzn_mtls_clientcert_validity_header_name = "X-Amzn-Mtls-Clientcert-Validity-Custom" + routing_http_request_x_amzn_mtls_clientcert_leaf_header_name = "X-Amzn-Mtls-Clientcert-Leaf-Custom" + } } target_groups = { diff --git a/main.tf b/main.tf index 7ac785c..180590a 100644 --- a/main.tf +++ b/main.tf @@ -229,6 +229,15 @@ resource "aws_lb_listener" "this" { routing_http_response_x_content_type_options_header_value = try(each.value.routing_http_response_x_content_type_options_header_value, null) routing_http_response_x_frame_options_header_value = try(each.value.routing_http_response_x_frame_options_header_value, null) + routing_http_request_x_amzn_tls_version_header_name = try(each.value.protocol, var.default_protocol, null) == "HTTPS" ? try(each.value.routing_http_request_x_amzn_tls_version_header_name, null) : null + routing_http_request_x_amzn_tls_cipher_suite_header_name = try(each.value.protocol, var.default_protocol, null) == "HTTPS" ? try(each.value.routing_http_request_x_amzn_tls_cipher_suite_header_name, null) : null + routing_http_request_x_amzn_mtls_clientcert_header_name = try(each.value.protocol, var.default_protocol, null) == "HTTPS" ? try(each.value.routing_http_request_x_amzn_mtls_clientcert_header_name, null) : null + routing_http_request_x_amzn_mtls_clientcert_serial_number_header_name = try(each.value.protocol, var.default_protocol, null) == "HTTPS" ? try(each.value.routing_http_request_x_amzn_mtls_clientcert_serial_number_header_name, null) : null + routing_http_request_x_amzn_mtls_clientcert_issuer_header_name = try(each.value.protocol, var.default_protocol, null) == "HTTPS" ? try(each.value.routing_http_request_x_amzn_mtls_clientcert_issuer_header_name, null) : null + routing_http_request_x_amzn_mtls_clientcert_subject_header_name = try(each.value.protocol, var.default_protocol, null) == "HTTPS" ? try(each.value.routing_http_request_x_amzn_mtls_clientcert_subject_header_name, null) : null + routing_http_request_x_amzn_mtls_clientcert_validity_header_name = try(each.value.protocol, var.default_protocol, null) == "HTTPS" ? try(each.value.routing_http_request_x_amzn_mtls_clientcert_validity_header_name, null) : null + routing_http_request_x_amzn_mtls_clientcert_leaf_header_name = try(each.value.protocol, var.default_protocol, null) == "HTTPS" ? try(each.value.routing_http_request_x_amzn_mtls_clientcert_leaf_header_name, null) : null + load_balancer_arn = aws_lb.this[0].arn port = try(each.value.port, var.default_port) protocol = try(each.value.protocol, var.default_protocol) diff --git a/versions.tf b/versions.tf index c00acf7..f2f9288 100644 --- a/versions.tf +++ b/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.89" + version = ">= 5.93" } } } diff --git a/wrappers/main.tf b/wrappers/main.tf index 21de9c3..ed76ff0 100644 --- a/wrappers/main.tf +++ b/wrappers/main.tf @@ -38,9 +38,9 @@ module "wrapper" { security_group_egress_rules = try(each.value.security_group_egress_rules, var.defaults.security_group_egress_rules, {}) security_group_ingress_rules = try(each.value.security_group_ingress_rules, var.defaults.security_group_ingress_rules, {}) security_group_name = try(each.value.security_group_name, var.defaults.security_group_name, null) + security_groups = try(each.value.security_groups, var.defaults.security_groups, []) security_group_tags = try(each.value.security_group_tags, var.defaults.security_group_tags, {}) security_group_use_name_prefix = try(each.value.security_group_use_name_prefix, var.defaults.security_group_use_name_prefix, true) - security_groups = try(each.value.security_groups, var.defaults.security_groups, []) subnet_mapping = try(each.value.subnet_mapping, var.defaults.subnet_mapping, []) subnets = try(each.value.subnets, var.defaults.subnets, null) tags = try(each.value.tags, var.defaults.tags, {}) diff --git a/wrappers/versions.tf b/wrappers/versions.tf index c00acf7..f2f9288 100644 --- a/wrappers/versions.tf +++ b/wrappers/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.89" + version = ">= 5.93" } } } From a4d54bfd7ebbd7e25a5fa57f88768fc74bb7a4ff Mon Sep 17 00:00:00 2001 From: Viktor Orda Date: Tue, 1 Apr 2025 19:02:55 +0300 Subject: [PATCH 2/2] Fix pre-commit issue --- wrappers/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wrappers/main.tf b/wrappers/main.tf index ed76ff0..21de9c3 100644 --- a/wrappers/main.tf +++ b/wrappers/main.tf @@ -38,9 +38,9 @@ module "wrapper" { security_group_egress_rules = try(each.value.security_group_egress_rules, var.defaults.security_group_egress_rules, {}) security_group_ingress_rules = try(each.value.security_group_ingress_rules, var.defaults.security_group_ingress_rules, {}) security_group_name = try(each.value.security_group_name, var.defaults.security_group_name, null) - security_groups = try(each.value.security_groups, var.defaults.security_groups, []) security_group_tags = try(each.value.security_group_tags, var.defaults.security_group_tags, {}) security_group_use_name_prefix = try(each.value.security_group_use_name_prefix, var.defaults.security_group_use_name_prefix, true) + security_groups = try(each.value.security_groups, var.defaults.security_groups, []) subnet_mapping = try(each.value.subnet_mapping, var.defaults.subnet_mapping, []) subnets = try(each.value.subnets, var.defaults.subnets, null) tags = try(each.value.tags, var.defaults.tags, {})