Skip to content

Instantly share code, notes, and snippets.

@deckerego
Last active October 7, 2022 03:05
Show Gist options
  • Save deckerego/fd594149fda7bdad6bbaebc8aac51893 to your computer and use it in GitHub Desktop.
Save deckerego/fd594149fda7bdad6bbaebc8aac51893 to your computer and use it in GitHub Desktop.
Redirect HTTP traffic using Application Load Balancers
locals {
public_zones = {
"domainone.egg" = "FEEDFACEBEEF"
"domaintwo.egg" = "BEEFBEEFFACE"
"domainthree.egg" = "FACEFEEDFACE"
}
}
resource "aws_default_vpc" "default" {}
resource "aws_security_group" "redirect" {
name = "redirect_http"
description = "Redirect enablement for HTTP"
vpc_id = aws_default_vpc.default.id
ingress = [
{
description = "HTTP from VPC"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = [ "0.0.0.0/0" ]
ipv6_cidr_blocks = ["::/0"]
prefix_list_ids = []
security_groups = []
self = false
},
{
description = "HTTPS from VPC"
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = [ "0.0.0.0/0" ]
ipv6_cidr_blocks = ["::/0"]
prefix_list_ids = []
security_groups = []
self = false
}
]
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = [ "0.0.0.0/0" ]
}
}
resource "aws_lb" "redirect" {
name = "redirect-alb"
internal = false
load_balancer_type = "application"
subnets = data.aws_subnets.default.ids
security_groups = [
aws_security_group.redirect.id
]
}
resource "aws_lb_listener" "redirect-http" {
load_balancer_arn = aws_lb.redirect.arn
port = 80
protocol = "HTTP"
default_action {
type = "redirect"
redirect {
protocol = "HTTPS"
port = "443"
path = "/"
query = ""
host = "domain.egg"
status_code = "HTTP_301"
}
}
}
resource "aws_lb_listener" "redirect-https" {
load_balancer_arn = aws_lb.redirect.arn
port = 443
protocol = "HTTPS"
certificate_arn = module.acm.acm_certificate_arn
default_action {
type = "redirect"
redirect {
protocol = "HTTPS"
port = "443"
path = "/"
query = ""
host = "domain.egg"
status_code = "HTTP_301"
}
}
}
module "redirect-acm" {
source = "terraform-aws-modules/acm/aws"
version = "~> 4.0"
for_each = local.public_zones
domain_name = each.key
zone_id = each.value
subject_alternative_names = [
"www.${each.key}"
]
wait_for_validation = true
}
resource "aws_lb_listener_certificate" "redirect-https" {
for_each = module.redirect-acm
listener_arn = aws_lb_listener.redirect-https.arn
certificate_arn = each.value.acm_certificate_arn
}
resource "aws_route53_record" "redirect-v4" {
for_each = local.public_zones
zone_id = each.value
name = each.key
type = "A"
alias {
name = aws_lb.redirect.dns_name
zone_id = aws_lb.redirect.zone_id
evaluate_target_health = false
}
}
resource "aws_route53_record" "redirect-www-v4" {
for_each = local.public_zones
zone_id = each.value
name = "www.${each.key}"
type = "A"
alias {
name = aws_lb.redirect.dns_name
zone_id = aws_lb.redirect.zone_id
evaluate_target_health = false
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment