aws/alb-main.tf - skywalking-terraform - Git at Google

 # Licensed to the Apache Software Foundation (ASF) under one or more
 # contributor license agreements.  See the NOTICE file distributed with
 # this work for additional information regarding copyright ownership.
 # The ASF licenses this file to You under the Apache License, Version 2.0
 # (the "License"); you may not use this file except in compliance with
 # the License.  You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
 module "alb" {
   source  = "terraform-aws-modules/alb/aws"
   version = "~> 8.0"

   create_lb = var.create_lb

   name = var.cluster_name

   load_balancer_type = "application"

   vpc_id          = module.vpc.vpc_id
   subnets         = module.vpc.public_subnets
   security_groups = [module.vpc.default_security_group_id]

   security_group_rules = {
     ingress_all_http = {
       type        = "ingress"
       from_port   = 80
       to_port     = 80
       protocol    = "tcp"
       description = "Allow HTTP traffic"
       cidr_blocks = ["0.0.0.0/0"]
     }
     egress_all = {
       type        = "egress"
       from_port   = 0
       to_port     = 0
       protocol    = "-1"
       cidr_blocks = ["0.0.0.0/0"]
     }
   }

   target_groups = [
     {
       name_prefix      = substr(var.cluster_name, 0, 6)
       backend_protocol = "HTTP"
       backend_port     = 8080
       target_type      = "instance"
       targets = [
         for i, ui_id in module.skywalking.ui_instance_ids : {
           target_id = ui_id
           port      = 8080
         }
       ]
       health_check = {
         enabled             = true
         interval            = 30
         path                = "/internal/l7check"
         port                = "traffic-port"
         healthy_threshold   = 3
         unhealthy_threshold = 3
         timeout             = 6
         protocol            = "HTTP"
         matcher             = "200"
       }
     }
   ]

   http_tcp_listeners = [
     {
       port               = 80
       protocol           = "HTTP"
       target_group_index = 0
     }
   ]

   tags = var.extra_tags
 }

 resource "aws_security_group" "alb-skywalking-ui" {
   count = var.create_lb ? 1 : 0

   name        = "alb-skywalking-ui"
   description = "Security group for ALB to access SkyWalking UI"
   vpc_id      = module.vpc.vpc_id

   ingress {
     from_port       = 8080
     to_port         = 8080
     protocol        = "tcp"
     description     = "Allow access from ALB to SkyWalking UI"
     security_groups = [module.alb.security_group_id]
   }
 }
	# Licensed to the Apache Software Foundation (ASF) under one or more
	# contributor license agreements. See the NOTICE file distributed with
	# this work for additional information regarding copyright ownership.
	# The ASF licenses this file to You under the Apache License, Version 2.0
	# (the "License"); you may not use this file except in compliance with
	# the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.
	#
	module "alb" {
	source = "terraform-aws-modules/alb/aws"
	version = "~> 8.0"

	create_lb = var.create_lb

	name = var.cluster_name

	load_balancer_type = "application"

	vpc_id = module.vpc.vpc_id
	subnets = module.vpc.public_subnets
	security_groups = [module.vpc.default_security_group_id]

	security_group_rules = {
	ingress_all_http = {
	type = "ingress"
	from_port = 80
	to_port = 80
	protocol = "tcp"
	description = "Allow HTTP traffic"
	cidr_blocks = ["0.0.0.0/0"]
	}
	egress_all = {
	type = "egress"
	from_port = 0
	to_port = 0
	protocol = "-1"
	cidr_blocks = ["0.0.0.0/0"]
	}
	}

	target_groups = [
	{
	name_prefix = substr(var.cluster_name, 0, 6)
	backend_protocol = "HTTP"
	backend_port = 8080
	target_type = "instance"
	targets = [
	for i, ui_id in module.skywalking.ui_instance_ids : {
	target_id = ui_id
	port = 8080
	}
	]
	health_check = {
	enabled = true
	interval = 30
	path = "/internal/l7check"
	port = "traffic-port"
	healthy_threshold = 3
	unhealthy_threshold = 3
	timeout = 6
	protocol = "HTTP"
	matcher = "200"
	}
	}
	]

	http_tcp_listeners = [
	{
	port = 80
	protocol = "HTTP"
	target_group_index = 0
	}
	]

	tags = var.extra_tags
	}

	resource "aws_security_group" "alb-skywalking-ui" {
	count = var.create_lb ? 1 : 0

	name = "alb-skywalking-ui"
	description = "Security group for ALB to access SkyWalking UI"
	vpc_id = module.vpc.vpc_id

	ingress {
	from_port = 8080
	to_port = 8080
	protocol = "tcp"
	description = "Allow access from ALB to SkyWalking UI"
	security_groups = [module.alb.security_group_id]
	}
	}