troydieter/emr-lb

## emr-lb
# EMR Load Balancer Creation
# www.troydieter.com

# Certificate and domain

data "aws_acm_certificate" "wildcard-cert" {
  domain   = "*.example.com"
  statuses = ["ISSUED"]
}

variable "domain" {
  type        = string
  default     = "emr.example.com"
  description = "The top level domain used for EMR"
}

resource "random_id" "lb-rand" {
  byte_length = 2
}

provider "aws" {
  profile = var.aws-profile
  region  = var.aws_region
}

# Tags

locals {
  emr-tags = {
    "parent_app"  = var.application
    "environment" = var.environment
  }
}

# Data sources
# Used for the default target group, send traffic to the NameNode

data "aws_lb_target_group" "emr-namenode" {
  name = "hadoop-hdfs-namenode-${random_id.lb-rand.hex}"
  depends_on = [ aws_lb_target_group.emr-tg ]
}

# Variables

variable "application" {
  type    = string
  default = "EMR"
}

variable "aws-profile" {
  type        = string
  description = "AWS Profile used to deploy with"
}

variable "aws_region" {
  type        = string
  default     = "us-east-1"
  description = "Region"
}

variable "environment" {
  type        = string
  default     = "dev"
  description = "Environment you're deploying with"
}

variable "vpc_id" {
  type        = string
  description = "The VPC ID that the load balancer deploys to"
}

variable "cidr_block" {
  type        = string
  default     = "0.0.0.0/0"
  description = "CIDR Block of allowed ingress traffic"
}

variable elbsecpolicy {
  type        = string
  default     = "ELBSecurityPolicy-TLS-1-1-2017-01"
  description = "Applied AWS ELB policy"
}

# Example list (map) of AWS EMR applications used

variable emr-app {
  type = map
  default = {
    hadoop-hdfs-namenode  = "50070"
    hadoop-hdfs-datanode  = "50075"
    hbase                 = "16010"
    hue                   = "8888"
    jupyterhub            = "9443"
    livy                  = "8998"
    spark                 = "18080"
    tez                   = "8080"
    yarn-node-manager     = "8042"
    yarn-resource-manager = "8088"
    zeppelin              = "8890"
  }
}

# Import subnets

data "aws_subnet_ids" "alb-subnets" {
  vpc_id = var.vpc_id
}

# AWS Security Group
resource "aws_security_group" "lb_sg01" {
  name        = "${var.application}-${lower(var.environment)}-lb-sg01"
  description = "Allow inbound traffic to the ${upper(var.application)} load balancer"
  vpc_id      = var.vpc_id
  ingress {
    description = "LB"
    from_port   = 443
    to_port     = 443
    protocol    = "tcp"
    cidr_blocks = ["${var.cidr_block}"]
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }

  lifecycle {
    create_before_destroy = true
  }

}

# EMR Load Balancer

resource "aws_lb" "emr_lb" {
  name               = "${lower(var.application)}-${lower(var.environment)}-lb-${random_id.lb-rand.hex}"
  load_balancer_type = "application"
  subnets            = data.aws_subnet_ids.alb-subnets.ids
  security_groups    = [aws_security_group.lb_sg01.id]
  lifecycle {
    ignore_changes = [
      tags,
      access_logs
    ]
  }
  depends_on = [ aws_lb_target_group.emr-tg ]
  tags = local.emr-tags
}

resource "aws_lb_listener" "emr-443" {
  load_balancer_arn = aws_lb.emr_lb.arn
  port              = 443
  protocol          = "HTTPS"
  ssl_policy        = var.elbsecpolicy
  certificate_arn   = data.aws_acm_certificate.wildcard-cert.arn
  default_action {
    type             = "forward"
    target_group_arn = data.aws_lb_target_group.emr-namenode.arn
  }
  depends_on = [ aws_lb_target_group.emr-tg ]
}

resource "aws_lb_listener_rule" "host_based_emr_routing" {
  for_each     = var.emr-app
  listener_arn = aws_lb_listener.emr-443.arn

  action {
    type             = "forward"
    target_group_arn = aws_lb_target_group.emr-tg[each.key].arn
  }

  condition {
    host_header {
      values = ["${each.key}.${var.domain}"]
    }
  }
}

resource "aws_lb_target_group" "emr-tg" {
  for_each    = var.emr-app
  name        = "${each.key}-${random_id.lb-rand.hex}"
  port        = each.value
  target_type = "instance"
  protocol    = "HTTP"
  vpc_id      = var.vpc_id
  tags        = local.emr-tags
}
	# EMR Load Balancer Creation
	# www.troydieter.com

	# Certificate and domain

	data "aws_acm_certificate" "wildcard-cert" {
	domain = "*.example.com"
	statuses = ["ISSUED"]
	}

	variable "domain" {
	type = string
	default = "emr.example.com"
	description = "The top level domain used for EMR"
	}

	resource "random_id" "lb-rand" {
	byte_length = 2
	}

	provider "aws" {
	profile = var.aws-profile
	region = var.aws_region
	}

	# Tags

	locals {
	emr-tags = {
	"parent_app" = var.application
	"environment" = var.environment
	}
	}

	# Data sources
	# Used for the default target group, send traffic to the NameNode

	data "aws_lb_target_group" "emr-namenode" {
	name = "hadoop-hdfs-namenode-${random_id.lb-rand.hex}"
	depends_on = [ aws_lb_target_group.emr-tg ]
	}

	# Variables

	variable "application" {
	type = string
	default = "EMR"
	}

	variable "aws-profile" {
	type = string
	description = "AWS Profile used to deploy with"
	}

	variable "aws_region" {
	type = string
	default = "us-east-1"
	description = "Region"
	}

	variable "environment" {
	type = string
	default = "dev"
	description = "Environment you're deploying with"
	}

	variable "vpc_id" {
	type = string
	description = "The VPC ID that the load balancer deploys to"
	}

	variable "cidr_block" {
	type = string
	default = "0.0.0.0/0"
	description = "CIDR Block of allowed ingress traffic"
	}

	variable elbsecpolicy {
	type = string
	default = "ELBSecurityPolicy-TLS-1-1-2017-01"
	description = "Applied AWS ELB policy"
	}

	# Example list (map) of AWS EMR applications used

	variable emr-app {
	type = map
	default = {
	hadoop-hdfs-namenode = "50070"
	hadoop-hdfs-datanode = "50075"
	hbase = "16010"
	hue = "8888"
	jupyterhub = "9443"
	livy = "8998"
	spark = "18080"
	tez = "8080"
	yarn-node-manager = "8042"
	yarn-resource-manager = "8088"
	zeppelin = "8890"
	}
	}

	# Import subnets

	data "aws_subnet_ids" "alb-subnets" {
	vpc_id = var.vpc_id
	}

	# AWS Security Group
	resource "aws_security_group" "lb_sg01" {
	name = "${var.application}-${lower(var.environment)}-lb-sg01"
	description = "Allow inbound traffic to the ${upper(var.application)} load balancer"
	vpc_id = var.vpc_id
	ingress {
	description = "LB"
	from_port = 443
	to_port = 443
	protocol = "tcp"
	cidr_blocks = ["${var.cidr_block}"]
	}

	egress {
	from_port = 0
	to_port = 0
	protocol = "-1"
	cidr_blocks = ["0.0.0.0/0"]
	}

	lifecycle {
	create_before_destroy = true
	}

	}

	# EMR Load Balancer

	resource "aws_lb" "emr_lb" {
	name = "${lower(var.application)}-${lower(var.environment)}-lb-${random_id.lb-rand.hex}"
	load_balancer_type = "application"
	subnets = data.aws_subnet_ids.alb-subnets.ids
	security_groups = [aws_security_group.lb_sg01.id]
	lifecycle {
	ignore_changes = [
	tags,
	access_logs
	]
	}
	depends_on = [ aws_lb_target_group.emr-tg ]
	tags = local.emr-tags
	}

	resource "aws_lb_listener" "emr-443" {
	load_balancer_arn = aws_lb.emr_lb.arn
	port = 443
	protocol = "HTTPS"
	ssl_policy = var.elbsecpolicy
	certificate_arn = data.aws_acm_certificate.wildcard-cert.arn
	default_action {
	type = "forward"
	target_group_arn = data.aws_lb_target_group.emr-namenode.arn
	}
	depends_on = [ aws_lb_target_group.emr-tg ]
	}

	resource "aws_lb_listener_rule" "host_based_emr_routing" {
	for_each = var.emr-app
	listener_arn = aws_lb_listener.emr-443.arn

	action {
	type = "forward"
	target_group_arn = aws_lb_target_group.emr-tg[each.key].arn
	}

	condition {
	host_header {
	values = ["${each.key}.${var.domain}"]
	}
	}
	}

	resource "aws_lb_target_group" "emr-tg" {
	for_each = var.emr-app
	name = "${each.key}-${random_id.lb-rand.hex}"
	port = each.value
	target_type = "instance"
	protocol = "HTTP"
	vpc_id = var.vpc_id
	tags = local.emr-tags
	}