ISSUE-53 - Add variable to use a custom LB instead of creating one (#55)

jnonino · web-flow · commit 88221561d4c8 · 2022-08-01T09:54:42.000+01:00
diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl
diff --git a/README.md b/README.md
@@ -66,7 +66,7 @@ In order to run all checks at any point run the following command:
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_ecs-alb"></a> [ecs-alb](#module\_ecs-alb) | cn-terraform/ecs-alb/aws | 1.0.23 |
+| <a name="module_ecs-alb"></a> [ecs-alb](#module\_ecs-alb) | cn-terraform/ecs-alb/aws | 1.0.24 |
 | <a name="module_ecs-autoscaling"></a> [ecs-autoscaling](#module\_ecs-autoscaling) | cn-terraform/ecs-service-autoscaling/aws | 1.0.6 |
 
 ## Resources
@@ -86,6 +86,7 @@ In order to run all checks at any point run the following command:
 | <a name="input_assign_public_ip"></a> [assign\_public\_ip](#input\_assign\_public\_ip) | (Optional) Assign a public IP address to the ENI (Fargate launch type only). If true service will be associated with public subnets. Default false. | `bool` | `false` | no |
 | <a name="input_block_s3_bucket_public_access"></a> [block\_s3\_bucket\_public\_access](#input\_block\_s3\_bucket\_public\_access) | (Optional) If true, public access to the S3 bucket will be blocked. | `bool` | `true` | no |
 | <a name="input_container_name"></a> [container\_name](#input\_container\_name) | Name of the running container | `any` | n/a | yes |
+| <a name="input_custom_lb_arn"></a> [custom\_lb\_arn](#input\_custom\_lb\_arn) | ARN of the Load Balancer to use in the ECS service. If provided, this module will not create a load balancer and will use the one provided in this variable | `string` | `null` | no |
 | <a name="input_default_certificate_arn"></a> [default\_certificate\_arn](#input\_default\_certificate\_arn) | (Optional) The ARN of the default SSL server certificate. Required if var.https\_ports is set. | `string` | `null` | no |
 | <a name="input_deployment_controller"></a> [deployment\_controller](#input\_deployment\_controller) | (Optional) Deployment controller | `list(string)` | `[]` | no |
 | <a name="input_deployment_maximum_percent"></a> [deployment\_maximum\_percent](#input\_deployment\_maximum\_percent) | (Optional) The upper limit (as a percentage of the service's desiredCount) of the number of running tasks that can be running in a service during a deployment. | `number` | `200` | no |
diff --git a/main.tf b/main.tf
@@ -2,6 +2,8 @@
 # AWS LOAD BALANCER
 #------------------------------------------------------------------------------
 module "ecs-alb" {
+  count = var.custom_lb_arn == null ? 1 : 0
+
   source  = "cn-terraform/ecs-alb/aws"
   version = "1.0.24"
 
@@ -74,15 +76,15 @@ resource "aws_ecs_service" "service" {
   force_new_deployment               = var.force_new_deployment
 
   dynamic "load_balancer" {
-    for_each = module.ecs-alb.lb_http_tgs_map_arn_port
+    for_each = module.ecs-alb[0].lb_http_tgs_map_arn_port
     content {
       target_group_arn = load_balancer.key
       container_name   = var.container_name
       container_port   = load_balancer.value
     }
   }
   dynamic "load_balancer" {
-    for_each = module.ecs-alb.lb_https_tgs_map_arn_port
+    for_each = module.ecs-alb[0].lb_https_tgs_map_arn_port
     content {
       target_group_arn = load_balancer.key
       container_name   = var.container_name
@@ -161,13 +163,13 @@ resource "aws_security_group_rule" "egress" {
 }
 
 resource "aws_security_group_rule" "ingress_through_http_and_https" {
-  for_each                 = toset(concat(module.ecs-alb.lb_https_tgs_ports, module.ecs-alb.lb_http_tgs_ports))
+  for_each                 = toset(concat(module.ecs-alb[0].lb_https_tgs_ports, module.ecs-alb[0].lb_http_tgs_ports))
   security_group_id        = aws_security_group.ecs_tasks_sg.id
   type                     = "ingress"
   from_port                = each.key
   to_port                  = each.key
   protocol                 = "tcp"
-  source_security_group_id = module.ecs-alb.aws_security_group_lb_access_sg_id
+  source_security_group_id = module.ecs-alb[0].aws_security_group_lb_access_sg_id
 }
 
 module "ecs-autoscaling" {
diff --git a/outputs.tf b/outputs.tf
@@ -49,124 +49,124 @@ output "ecs_tasks_sg_description" {
 #------------------------------------------------------------------------------
 output "aws_lb_lb_id" {
   description = "The ARN of the load balancer (matches arn)."
-  value       = module.ecs-alb.aws_lb_lb_id
+  value       = var.custom_lb_arn == null ? module.ecs-alb[0].aws_lb_lb_id : null
 }
 
 output "aws_lb_lb_arn" {
   description = "The ARN of the load balancer (matches id)."
-  value       = module.ecs-alb.aws_lb_lb_arn
+  value       = var.custom_lb_arn == null ? module.ecs-alb[0].aws_lb_lb_arn : null
 }
 
 output "aws_lb_lb_arn_suffix" {
   description = "The ARN suffix for use with CloudWatch Metrics."
-  value       = module.ecs-alb.aws_lb_lb_arn_suffix
+  value       = var.custom_lb_arn == null ? module.ecs-alb[0].aws_lb_lb_arn_suffix : null
 }
 
 output "aws_lb_lb_dns_name" {
   description = "The DNS name of the load balancer."
-  value       = module.ecs-alb.aws_lb_lb_dns_name
+  value       = var.custom_lb_arn == null ? module.ecs-alb[0].aws_lb_lb_dns_name : null
 }
 
 output "aws_lb_lb_zone_id" {
   description = "The canonical hosted zone ID of the load balancer (to be used in a Route 53 Alias record)."
-  value       = module.ecs-alb.aws_lb_lb_zone_id
+  value       = var.custom_lb_arn == null ? module.ecs-alb[0].aws_lb_lb_zone_id : null
 }
 
 #------------------------------------------------------------------------------
 # ACCESS CONTROL TO APPLICATION LOAD BALANCER
 #------------------------------------------------------------------------------
 output "aws_security_group_lb_access_sg_id" {
   description = "The ID of the security group"
-  value       = module.ecs-alb.aws_security_group_lb_access_sg_id
+  value       = var.custom_lb_arn == null ? module.ecs-alb[0].aws_security_group_lb_access_sg_id : null
 }
 
 output "aws_security_group_lb_access_sg_arn" {
   description = "The ARN of the security group"
-  value       = module.ecs-alb.aws_security_group_lb_access_sg_arn
+  value       = var.custom_lb_arn == null ? module.ecs-alb[0].aws_security_group_lb_access_sg_arn : null
 }
 
 output "aws_security_group_lb_access_sg_vpc_id" {
   description = "The VPC ID."
-  value       = module.ecs-alb.aws_security_group_lb_access_sg_vpc_id
+  value       = var.custom_lb_arn == null ? module.ecs-alb[0].aws_security_group_lb_access_sg_vpc_id : null
 }
 
 output "aws_security_group_lb_access_sg_owner_id" {
   description = "The owner ID."
-  value       = module.ecs-alb.aws_security_group_lb_access_sg_owner_id
+  value       = var.custom_lb_arn == null ? module.ecs-alb[0].aws_security_group_lb_access_sg_owner_id : null
 }
 
 output "aws_security_group_lb_access_sg_name" {
   description = "The name of the security group"
-  value       = module.ecs-alb.aws_security_group_lb_access_sg_name
+  value       = var.custom_lb_arn == null ? module.ecs-alb[0].aws_security_group_lb_access_sg_name : null
 }
 
 output "aws_security_group_lb_access_sg_description" {
   description = "The description of the security group"
-  value       = module.ecs-alb.aws_security_group_lb_access_sg_description
+  value       = var.custom_lb_arn == null ? module.ecs-alb[0].aws_security_group_lb_access_sg_description : null
 }
 
 output "aws_security_group_lb_access_sg_ingress" {
   description = "The ingress rules."
-  value       = module.ecs-alb.aws_security_group_lb_access_sg_ingress
+  value       = var.custom_lb_arn == null ? module.ecs-alb[0].aws_security_group_lb_access_sg_ingress : null
 }
 
 output "aws_security_group_lb_access_sg_egress" {
   description = "The egress rules."
-  value       = module.ecs-alb.aws_security_group_lb_access_sg_egress
+  value       = var.custom_lb_arn == null ? module.ecs-alb[0].aws_security_group_lb_access_sg_egress : null
 }
 
 #------------------------------------------------------------------------------
 # AWS LOAD BALANCER - Target Groups
 #------------------------------------------------------------------------------
 output "lb_http_tgs_ids" {
   description = "List of HTTP Target Groups IDs"
-  value       = module.ecs-alb.lb_http_tgs_ids
+  value       = var.custom_lb_arn == null ? module.ecs-alb[0].lb_http_tgs_ids : null
 }
 
 output "lb_http_tgs_arns" {
   description = "List of HTTP Target Groups ARNs"
-  value       = module.ecs-alb.lb_http_tgs_arns
+  value       = var.custom_lb_arn == null ? module.ecs-alb[0].lb_http_tgs_arns : null
 }
 
 output "lb_http_tgs_names" {
   description = "List of HTTP Target Groups Names"
-  value       = module.ecs-alb.lb_http_tgs_names
+  value       = var.custom_lb_arn == null ? module.ecs-alb[0].lb_http_tgs_names : null
 }
 
 output "lb_https_tgs_ids" {
   description = "List of HTTPS Target Groups IDs"
-  value       = module.ecs-alb.lb_https_tgs_ids
+  value       = var.custom_lb_arn == null ? module.ecs-alb[0].lb_https_tgs_ids : null
 }
 
 output "lb_https_tgs_arns" {
   description = "List of HTTPS Target Groups ARNs"
-  value       = module.ecs-alb.lb_https_tgs_arns
+  value       = var.custom_lb_arn == null ? module.ecs-alb[0].lb_https_tgs_arns : null
 }
 
 output "lb_https_tgs_names" {
   description = "List of HTTPS Target Groups Names"
-  value       = module.ecs-alb.lb_https_tgs_names
+  value       = var.custom_lb_arn == null ? module.ecs-alb[0].lb_https_tgs_names : null
 }
 
 #------------------------------------------------------------------------------
 # AWS LOAD BALANCER - Listeners
 #------------------------------------------------------------------------------
 output "lb_http_listeners_ids" {
   description = "List of HTTP Listeners IDs"
-  value       = module.ecs-alb.lb_http_listeners_ids
+  value       = var.custom_lb_arn == null ? module.ecs-alb[0].lb_http_listeners_ids : null
 }
 
 output "lb_http_listeners_arns" {
   description = "List of HTTP Listeners ARNs"
-  value       = module.ecs-alb.lb_http_listeners_arns
+  value       = var.custom_lb_arn == null ? module.ecs-alb[0].lb_http_listeners_arns : null
 }
 
 output "lb_https_listeners_ids" {
   description = "List of HTTPS Listeners IDs"
-  value       = module.ecs-alb.lb_https_listeners_ids
+  value       = var.custom_lb_arn == null ? module.ecs-alb[0].lb_https_listeners_ids : null
 }
 
 output "lb_https_listeners_arns" {
   description = "List of HTTPS Listeners ARNs"
-  value       = module.ecs-alb.lb_https_listeners_arns
+  value       = var.custom_lb_arn == null ? module.ecs-alb[0].lb_https_listeners_arns : null
 }
diff --git a/variables.tf b/variables.tf
@@ -206,6 +206,12 @@ variable "scale_target_min_capacity" {
 #------------------------------------------------------------------------------
 # AWS LOAD BALANCER
 #------------------------------------------------------------------------------
+variable "custom_lb_arn" {
+  description = "ARN of the Load Balancer to use in the ECS service. If provided, this module will not create a load balancer and will use the one provided in this variable"
+  type        = string
+  default     = null
+}
+
 variable "lb_internal" {
   description = "(Optional) If true, the LB will be internal."
   type        = bool
