Skip to content

Instantly share code, notes, and snippets.

@lehins
Last active March 13, 2018 17:20
Show Gist options
  • Save lehins/d08f0bcccbd5f85ee83ee9e127c9aab0 to your computer and use it in GitHub Desktop.
Save lehins/d08f0bcccbd5f85ee83ee9e127c9aab0 to your computer and use it in GitHub Desktop.
ELK ELB/ALB switch
# elasticsearch_external_alb = "${module.kibana-elasticsearch-alb.alb}"
elasticsearch_external_alb = {
"security_group_id" = "${aws_security_group.es-external-lb.id}"
"deploy_elb" = true
"deploy_elb_internal" = false
"certificate_arn" = "${data.aws_acm_certificate.wildcard-cert.arn}"
}
data "aws_acm_certificate" "wildcard-cert" {
domain = "*.${var.base_domain}"
statuses = ["ISSUED"]
}
resource "aws_security_group" "es-internal-lb" {
name = "${var.name_prefix}-es-internal-lb"
vpc_id = "${var.vpc_id}"
description = "Security group for Elasticsearch Internal LB."
tags {
Name = "${var.name_prefix}-es-internal-lb"
}
}
resource "aws_security_group_rule" "es-internal-lb-egress-rule" {
type = "egress"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
security_group_id = "${aws_security_group.es-internal-lb.id}"
}
resource "aws_security_group" "es-external-lb" {
name = "${var.name_prefix}-es-external-lb"
vpc_id = "${var.vpc_id}"
description = "Security group for Elasticsearch External LB."
tags {
Name = "elasticsearch.${var.base_domain}"
}
}
resource "aws_security_group_rule" "es-external-lb-egress-rule" {
type = "egress"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
security_group_id = "${aws_security_group.es-external-lb.id}"
}
resource "aws_security_group" "kibana-lb" {
name = "${var.name_prefix}-kibana-lb"
vpc_id = "${var.vpc_id}"
description = "Security group for Kibana LB."
tags {
Name = "kibana.${var.base_domain}"
}
}
resource "aws_security_group_rule" "kibana-lb-egress-rule" {
type = "egress"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
security_group_id = "${aws_security_group.kibana-lb.id}"
}
resource "aws_security_group_rule" "kibana-lb-ingress-rule" {
type = "ingress"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
security_group_id = "${aws_security_group.kibana-lb.id}"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment