adding test listener for blue/green deployment to be used on Codedeploy (#14)

elliot-dnx · adenot · web-flow · commit a6ec7c07c89b · 2020-04-07T12:23:20.000+10:00
* adding test listener for blue/green deployment to be used on Codedeploy

* changing variable test_traffic_route_listener_arn name

* Incorrect substring trimming first char

* SG description

Co-authored-by: Allan Denot &lt;adenot@gmail.com&gt;
diff --git a/_outputs.tf b/_outputs.tf
@@ -54,6 +54,10 @@ output "alb_listener_https_arn" {
   value = aws_lb_listener.ecs_https.*.arn
 }
 
+output "test_traffic_route_listener_arn" {
+  value = aws_lb_listener.ecs_test_https.*.arn
+}
+
 output "ecs_nodes_secgrp_id" {
   value = aws_security_group.ecs_nodes.id
 }
diff --git a/alb.tf b/alb.tf
@@ -60,20 +60,72 @@ resource "aws_lb_listener" "ecs_http_redirect" {
   }
 }
 
+resource "aws_lb_listener" "ecs_test_https" {
+  count = var.alb ? 1 : 0
+
+  load_balancer_arn = aws_lb.ecs[0].arn
+  port              = "8443"
+  protocol          = "HTTPS"
+  ssl_policy        = "ELBSecurityPolicy-2016-08"
+  certificate_arn   = var.certificate_arn
+
+  default_action {
+    type = "forward"
+    #target_group_arn = aws_lb_target_group.ecs_replacement_https[0].arn
+    target_group_arn = aws_lb_target_group.ecs_default_https[0].arn
+  }
+}
+
+resource "aws_lb_listener" "ecs_test_http_redirect" {
+  count = var.alb ? 1 : 0
+
+  load_balancer_arn = aws_lb.ecs[0].arn
+  port              = "8080"
+  protocol          = "HTTP"
+
+  default_action {
+    type = "redirect"
+
+    redirect {
+      port        = "8443"
+      protocol    = "HTTPS"
+      status_code = "HTTP_301"
+    }
+  }
+}
+
+# Generate a random string to add it to the name of the Target Group
+resource "random_string" "alb_prefix" {
+  length  = 4
+  upper   = false
+  special = false
+}
+
 resource "aws_lb_target_group" "ecs_default_http" {
   count = var.alb ? 1 : 0
 
-  name     = "ecs-${var.name}-default-http"
+  name     = substr("ecs-${var.name}-default-http-${random_string.alb_prefix.result}", 0, 32)
   port     = 80
   protocol = "HTTP"
   vpc_id   = var.vpc_id
+
+  lifecycle {
+    create_before_destroy = true
+  }
 }
 
 resource "aws_lb_target_group" "ecs_default_https" {
   count = var.alb ? 1 : 0
 
-  name     = "ecs-${var.name}-default-https"
+  name     = substr("ecs-${var.name}-default-https-${random_string.alb_prefix.result}", 0, 32)
   port     = 80
   protocol = "HTTP"
   vpc_id   = var.vpc_id
+
+  lifecycle {
+    create_before_destroy = true
+  }
 }
+
+
+
diff --git a/sg-alb.tf b/sg-alb.tf
@@ -34,6 +34,19 @@ resource "aws_security_group_rule" "https_from_world_to_alb" {
   cidr_blocks       = ["0.0.0.0/0"]
 }
 
+resource "aws_security_group_rule" "https_test_listener_from_world_to_alb" {
+  count = var.alb ? 1 : 0
+
+  description       = "HTTPS ECS ALB Test Listener"
+  type              = "ingress"
+  from_port         = 8443
+  to_port           = 8443
+  protocol          = "tcp"
+  security_group_id = aws_security_group.alb[0].id
+  cidr_blocks       = ["0.0.0.0/0"]
+}
+
+
 resource "aws_security_group_rule" "to_ecs_nodes" {
   count = var.alb ? 1 : 0
 

Original file line number	Diff line number	Diff line change
`@@ -54,6 +54,10 @@ output "alb_listener_https_arn" {`
`54`	`54`	`value = aws_lb_listener.ecs_https.*.arn`
`55`	`55`	`}`
`56`	`56`
	`57`	`+output "test_traffic_route_listener_arn" {`
	`58`	`+ value = aws_lb_listener.ecs_test_https.*.arn`
	`59`	`+}`
	`60`	`+`
`57`	`61`	`output "ecs_nodes_secgrp_id" {`
`58`	`62`	`value = aws_security_group.ecs_nodes.id`
`59`	`63`	`}`