80 lines
1.6 KiB
HCL
80 lines
1.6 KiB
HCL
resource "aws_security_group" "alb" {
|
|
name = "riju-alb"
|
|
description = "Security group for Riju application load balancer"
|
|
|
|
ingress {
|
|
description = "HTTP"
|
|
from_port = 80
|
|
to_port = 80
|
|
protocol = "tcp"
|
|
cidr_blocks = ["0.0.0.0/0"]
|
|
}
|
|
|
|
ingress {
|
|
description = "HTTPS"
|
|
from_port = 443
|
|
to_port = 443
|
|
protocol = "tcp"
|
|
cidr_blocks = ["0.0.0.0/0"]
|
|
}
|
|
|
|
egress {
|
|
from_port = 0
|
|
to_port = 0
|
|
protocol = "-1"
|
|
cidr_blocks = ["0.0.0.0/0"]
|
|
}
|
|
}
|
|
|
|
resource "aws_lb" "server" {
|
|
name = "riju-server"
|
|
security_groups = [aws_security_group.alb.id]
|
|
subnets = data.aws_subnet_ids.default.ids
|
|
idle_timeout = 3600
|
|
|
|
tags = {
|
|
BillingSubcategory = "Riju:ALB"
|
|
}
|
|
}
|
|
|
|
resource "aws_lb_target_group" "server" {
|
|
name = "riju-server-http"
|
|
port = 80
|
|
protocol = "HTTP"
|
|
vpc_id = data.aws_vpc.default.id
|
|
|
|
health_check {
|
|
path = "/"
|
|
matcher = "200"
|
|
}
|
|
}
|
|
|
|
resource "aws_lb_listener" "server_http" {
|
|
load_balancer_arn = aws_lb.server.arn
|
|
port = "80"
|
|
protocol = "HTTP"
|
|
|
|
default_action {
|
|
type = "redirect"
|
|
|
|
redirect {
|
|
port = "443"
|
|
protocol = "HTTPS"
|
|
status_code = "HTTP_301"
|
|
}
|
|
}
|
|
}
|
|
|
|
resource "aws_lb_listener" "server_https" {
|
|
load_balancer_arn = aws_lb.server.arn
|
|
port = "443"
|
|
protocol = "HTTPS"
|
|
ssl_policy = "ELBSecurityPolicy-2016-08"
|
|
certificate_arn = aws_acm_certificate.riju.arn
|
|
|
|
default_action {
|
|
type = "forward"
|
|
target_group_arn = aws_lb_target_group.server.arn
|
|
}
|
|
}
|