feat: add alb

stacks/prod/config.tm.hcl

@@ -1,6 +1,7 @@
 globals "terraform" "module" "version" {
   vpc         = "5.7.1"
   ecs_cluster = "5.11.1"
+  alb         = "9.9.0"
 }
 
 globals "vpc" {

stacks/prod/us-east-1/alb/backend.tf

@@ -0,0 +1,11 @@
+// TERRAMATE: GENERATED AUTOMATICALLY DO NOT EDIT
+
+terraform {
+  backend "s3" {
+    bucket         = "terramate-example-terraform-state-backend"
+    dynamodb_table = "terraform-lock"
+    encrypt        = true
+    key            = "terraform/stacks/by-id/93e0c782-1635-48cd-8717-d0728438fbac/terraform.tfstate"
+    region         = "us-east-1"
+  }
+}

stacks/prod/us-east-1/alb/config.tm.hcl

@@ -0,0 +1,5 @@
+globals {
+  alb = {
+    name = "production-alb"
+  }
+}

stacks/prod/us-east-1/alb/main.tf

@@ -0,0 +1,90 @@
+// TERRAMATE: GENERATED AUTOMATICALLY DO NOT EDIT
+
+resource "null_resource" "initial_deployment_trigger" {
+}
+data "aws_vpc" "vpc" {
+  depends_on = [
+    null_resource.initial_deployment_trigger,
+  ]
+  tags = {
+    Environment = "prd"
+    Terraform   = "true"
+  }
+}
+data "aws_subnets" "subnets" {
+  tags = {
+    Tier = "public"
+  }
+  filter {
+    name = "vpc-id"
+    values = [
+      data.aws_vpc.vpc.id,
+    ]
+  }
+}
+module "alb" {
+  enable_deletion_protection = false
+  listeners = {
+    ex_http = {
+      port     = 80
+      protocol = "HTTP"
+      forward = {
+        target_group_key = "ex_ecs"
+      }
+    }
+  }
+  load_balancer_type = "application"
+  name               = "production-alb"
+  security_group_egress_rules = {
+    all = {
+      ip_protocol = "-1"
+      cidr_ipv4   = "10.0.0.0/16"
+    }
+  }
+  security_group_ingress_rules = {
+    all_http = {
+      from_port   = 80
+      to_port     = 80
+      ip_protocol = "tcp"
+      cidr_ipv4   = "0.0.0.0/0"
+    }
+  }
+  source  = "terraform-aws-modules/alb/aws"
+  subnets = data.aws_subnets.subnets.ids
+  tags = {
+    Environment = "prd"
+    Terraform   = "true"
+  }
+  target_groups = {
+    ex_ecs = {
+      backend_protocol                  = "HTTP"
+      backend_port                      = 3000
+      target_type                       = "ip"
+      deregistration_delay              = 5
+      load_balancing_cross_zone_enabled = true
+      health_check = {
+        enabled             = true
+        healthy_threshold   = 5
+        interval            = 30
+        matcher             = "200"
+        path                = "/"
+        port                = "traffic-port"
+        protocol            = "HTTP"
+        timeout             = 5
+        unhealthy_threshold = 2
+      }
+      create_attachment = false
+    }
+  }
+  version = "9.9.0"
+  vpc_id  = data.aws_vpc.vpc.id
+}
+output "security_group_arn" {
+  value = module.alb.security_group_arn
+}
+output "security_group_id" {
+  value = module.alb.security_group_id
+}
+output "target_group" {
+  value = module.alb.target_groups.ex_ecs
+}

stacks/prod/us-east-1/alb/main.tm.hcl

@@ -0,0 +1,107 @@
+generate_hcl "main.tf" {
+  inherit = false
+
+  content {
+    resource "null_resource" "initial_deployment_trigger" {}
+
+    data "aws_vpc" "vpc" {
+      tags = global.tags
+
+      depends_on = [
+        null_resource.initial_deployment_trigger
+      ]
+    }
+
+    data "aws_subnets" "subnets" {
+      filter {
+        name   = "vpc-id"
+        values = [data.aws_vpc.vpc.id]
+      }
+
+      tags = {
+        Tier = "public"
+      }
+    }
+
+    module "alb" {
+      source  = "terraform-aws-modules/alb/aws"
+      version = global.terraform.module.version.alb
+
+      name = global.alb.name
+
+      load_balancer_type = "application"
+
+      vpc_id  = data.aws_vpc.vpc.id
+      subnets = data.aws_subnets.subnets.ids
+
+      enable_deletion_protection = false
+
+      # Security Group
+      security_group_ingress_rules = {
+        all_http = {
+          from_port   = 80
+          to_port     = 80
+          ip_protocol = "tcp"
+          cidr_ipv4   = "0.0.0.0/0"
+        }
+      }
+      security_group_egress_rules = {
+        all = {
+          ip_protocol = "-1"
+          cidr_ipv4   = global.vpc.cidr
+        }
+      }
+
+      listeners = {
+        ex_http = {
+          port     = 80
+          protocol = "HTTP"
+
+          forward = {
+            target_group_key = "ex_ecs"
+          }
+        }
+      }
+
+      target_groups = {
+        ex_ecs = {
+          backend_protocol                  = "HTTP"
+          backend_port                      = 3000
+          target_type                       = "ip"
+          deregistration_delay              = 5
+          load_balancing_cross_zone_enabled = true
+
+          health_check = {
+            enabled             = true
+            healthy_threshold   = 5
+            interval            = 30
+            matcher             = "200"
+            path                = "/"
+            port                = "traffic-port"
+            protocol            = "HTTP"
+            timeout             = 5
+            unhealthy_threshold = 2
+          }
+
+          # There's nothing to attach here in this definition. Instead,
+          # ECS will attach the IPs of the tasks to this target group
+          create_attachment = false
+        }
+      }
+
+      tags = tm_try(global.tags, {})
+    }
+
+    output "security_group_arn" {
+      value = module.alb.security_group_arn
+    }
+
+    output "security_group_id" {
+      value = module.alb.security_group_id
+    }
+
+    output "target_group" {
+      value = module.alb.target_groups.ex_ecs
+    }
+  }
+}

stacks/prod/us-east-1/alb/stack.tm.hcl

@@ -0,0 +1,8 @@
+stack {
+  name        = "Production Application Load Balancer (ALB)"
+  description = "alb"
+  id          = "93e0c782-1635-48cd-8717-d0728438fbac"
+  after = [
+    "tag:networking"
+  ]
+}

stacks/prod/us-east-1/alb/terraform.tf

@@ -0,0 +1,16 @@
+// TERRAMATE: GENERATED AUTOMATICALLY DO NOT EDIT
+
+terraform {
+  required_version = "1.7.5"
+}
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.31"
+    }
+  }
+}
+provider "aws" {
+  region = "us-east-1"
+}