Ccl 859/central ingress modules (#193)

* variablised the aws_lb params * variablized the aws_lb params
UKHomeOffice · Nov 4, 2024 · 3fd0789 · 3fd0789
1 parent 7def538
commit 3fd0789
Show file tree

Hide file tree

Showing 6 changed files with 55 additions and 19 deletions.
diff --git a/modules/aws/networking/alb/README.md b/modules/aws/networking/alb/README.md
@@ -13,10 +13,13 @@ inputs = {
   load_balancer_type = "application"
   load_balancer_internal = false
   enable_deletion_protection = true 
+  enable_cross_zone_load_balancing = true
+  enable_http2        = false
   vpc_id             = "vpc-example"  
   subnets            = ["subnet-1", "subnet-2", "subnet-3"] # subnets from vpc
   certificate_arn     = "arn:aws:acm:eu-west-2:<account-id>:certificate/example_cert"
   access_logs_bucket  = "example-alb-accesslogs-bucket"
+  access_logs_enabled = false
 
   tg_port             = "443"
   tg_protocol         = "HTTPS"

diff --git a/modules/aws/networking/alb/main.tf b/modules/aws/networking/alb/main.tf
@@ -4,14 +4,14 @@ resource "aws_lb" "lb" {
   load_balancer_type = var.load_balancer_type
   subnets            = var.subnets
   security_groups    = [aws_security_group.sg.id]
-  enable_cross_zone_load_balancing = true
-  enable_deletion_protection       = true
-  enable_http2                    = false
+  enable_cross_zone_load_balancing = var.enable_cross_zone_load_balancing
+  enable_deletion_protection       = var.enable_deletion_protection
+  enable_http2                     = var.enable_http2
 
-#   access_logs {
-#     bucket  = var.access_logs_bucket
-#     enabled = true
-#   }
+  access_logs {
+    bucket  = var.access_logs_bucket
+    enabled = var.access_logs_enabled
+  }
 
   tags = {
     Name = var.name

diff --git a/modules/aws/networking/alb/variables.tf b/modules/aws/networking/alb/variables.tf
@@ -35,9 +35,9 @@ variable "access_logs_bucket" {
   description = "S3 bucket for NLB access logs"
 }
 
-variable "enable_deletion_protection" {
+variable "access_logs_enabled" {
   type        = string
-  description = "enable_deletion_protection true or false"
+  description = "access_logs_enabled - true or false"
 }
 
 variable "load_balancer_type" {
@@ -70,6 +70,21 @@ variable "nlb_ips" {
   # }
 }
 
+variable "enable_deletion_protection" {
+  type        = string
+  description = "enable_deletion_protection - true or false"  
+}
+
+variable "enable_cross_zone_load_balancing" {
+  type        = string
+  description = "enable_cross_zone_load_balancing - true or false"  
+}
+
+variable "enable_http2" {
+  type        = string
+  description = "enable_http2 - true or false"  
+}
+
 # SG related 
 
 variable "ingress_rules" {

diff --git a/modules/aws/networking/nlb/README.md b/modules/aws/networking/nlb/README.md
@@ -12,11 +12,14 @@ inputs = {
   load_balancer_type = "network"
   load_balancer_internal = true
   enable_deletion_protection = true 
+  enable_cross_zone_load_balancing = true
+  enable_http2        = false
   vpc_id              = "vpc-example" 
   subnets             = ["subnet-1", "subnet-2", "subnet-3"] 
   certificate_arn     = "arn:aws:acm:eu-west-2:<account-id>:certificate/<example-cert-id>
   access_logs_bucket  = "example-nlb-accesslogs-bucket"
-
+  access_logs_enabled = false
+  
   tg_port           = "80"
   tg_protocol       = "TCP"
   target_type       = "instance"   # allowed values are: ip or instance or alb or lambda

diff --git a/modules/aws/networking/nlb/main.tf b/modules/aws/networking/nlb/main.tf
@@ -4,14 +4,14 @@ resource "aws_lb" "lb" {
   load_balancer_type = var.load_balancer_type
   subnets            = var.subnets
   security_groups    = [aws_security_group.sg.id]
-  enable_cross_zone_load_balancing = true
-  enable_deletion_protection       = true
-  enable_http2                    = false
+  enable_cross_zone_load_balancing = var.enable_cross_zone_load_balancing
+  enable_deletion_protection       = var.enable_deletion_protection
+  enable_http2                     = var.enable_http2
 
-#   access_logs {
-#     bucket  = var.access_logs_bucket
-#     enabled = true
-#   }
+  access_logs {
+    bucket  = var.access_logs_bucket
+    enabled = var.access_logs_enabled
+  }
 
   tags = {
     Name = var.name

diff --git a/modules/aws/networking/nlb/variables.tf b/modules/aws/networking/nlb/variables.tf
@@ -35,9 +35,9 @@ variable "access_logs_bucket" {
   description = "S3 bucket for NLB access logs"
 }
 
-variable "enable_deletion_protection" {
+variable "access_logs_enabled" {
   type        = string
-  description = "enable_deletion_protection true or false"
+  description = "access_logs_enabled - true or false"
 }
 
 variable "load_balancer_type" {
@@ -71,6 +71,21 @@ variable "instance_targets" {
   # }
 }
 
+variable "enable_deletion_protection" {
+  type        = string
+  description = "enable_deletion_protection - true or false"  
+}
+
+variable "enable_cross_zone_load_balancing" {
+  type        = string
+  description = "enable_cross_zone_load_balancing - true or false"  
+}
+
+variable "enable_http2" {
+  type        = string
+  description = "enable_http2 - true or false"  
+}
+
 # SG related 
 
 variable "ingress_rules" {