forked from aws-ia/terraform-aws-shield-advanced
-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.tf
57 lines (50 loc) · 1.72 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
locals {
tags = {
Repository = "https://github.com/aws-ia/terraform-aws-shield-advanced"
}
}
##################################################
# Shield Advanced Protection
##################################################
resource "aws_shield_protection" "this" {
name = var.name
resource_arn = var.resource_arn
tags = merge(
local.tags,
var.tags
)
}
resource "aws_shield_protection_group" "this" {
for_each = var.protection_group_config != null ? { for config in var.protection_group_config : config.id => config } : {}
protection_group_id = each.value.id
aggregation = each.value.aggregation
pattern = each.value.pattern
resource_type = each.value.resource_type
members = try([var.resource_arn], [])
tags = merge(
local.tags,
var.tags
)
depends_on = [aws_shield_protection.this]
}
##################################################
# Health Check
##################################################
resource "aws_route53_health_check" "this" {
for_each = var.health_check_configuration == null ? {} : var.health_check_configuration
ip_address = each.value.resource_ip
port = each.value.health_check_port
type = each.value.health_check_type
resource_path = each.value.health_check_path
failure_threshold = each.value.health_check_threshold
request_interval = each.value.health_check_interval
tags = merge(
local.tags,
var.tags
)
}
resource "aws_shield_protection_health_check_association" "this" {
for_each = aws_route53_health_check.this
health_check_arn = aws_route53_health_check.this[each.key].arn
shield_protection_id = aws_shield_protection.this.id
}