Add-ECS-www-to-apex-option

Author: LeoDiazL

README.md

@@ -462,6 +462,7 @@ The following inputs can be used as `step.with` keys
 | `aws_ecs_lb_redirect_enable`| String | Toggle redirect from HTTP and/or HTTPS to the main port. |
 | `aws_ecs_lb_container_path`| String | Comma separated list of paths for subsequent deployed containers. Need `aws_ecs_lb_redirect_enable` to be true. eg. api. (For http://bitovi.com/api/). If you have multiple, set them to `api,monitor,prom,,` (This example is for 6 containers) |
 | `aws_ecs_lb_ssl_policy` | String | SSL Policy for HTTPS listener in ALB. Will default to ELBSecurityPolicy-TLS13-1-2-2021-06 if none provided. See [this link](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html) for other policies. |
+| `aws_ecs_lb_www_to_apex_redirect` | Boolean | Toggle redirect from www to apex domain. `aws_r53_domain_name` must be set. Defaults to `false`. |
 | `aws_ecs_autoscaling_enable`| Boolean | Toggle ecs autoscaling policy. |
 | `aws_ecs_autoscaling_max_nodes`| String | Max ammount of nodes to scale up to. |
 | `aws_ecs_autoscaling_min_nodes`| String | Min ammount of nodes to scale down to. |

action.yaml

@@ -901,6 +901,9 @@ inputs:
   aws_ecs_lb_ssl_policy:
     description: 'SSL Policy for HTTPS listener in ALB. Will default to ELBSecurityPolicy-TLS13-1-2-2021-06 if none provided.'
     required: false
+  aws_ecs_lb_www_to_apex_redirect:
+    description: 'Toggle redirect from www to apex domain. aws_r53_domain_name must be set.'
+    required: false
   aws_ecs_autoscaling_enable:
     description: 'Toggle ecs autoscaling policy'
     required: false
@@ -1514,6 +1517,7 @@ runs:
         AWS_ECS_LB_REDIRECT_ENABLE: ${{ inputs.aws_ecs_lb_redirect_enable }}
         AWS_ECS_LB_CONTAINER_PATH: ${{ inputs.aws_ecs_lb_container_path }}
         AWS_ECS_LB_SSL_POLICY: ${{ inputs.aws_ecs_lb_ssl_policy }}
+        AWS_ECS_LB_WWW_TO_APEX_REDIRECT: ${{ inputs.aws_ecs_lb_www_to_apex_redirect }}
         AWS_ECS_AUTOSCALING_ENABLE: ${{ inputs.aws_ecs_autoscaling_enable }}
         AWS_ECS_AUTOSCALING_MAX_NODES: ${{ inputs.aws_ecs_autoscaling_max_nodes }}
         AWS_ECS_AUTOSCALING_MIN_NODES: ${{ inputs.aws_ecs_autoscaling_min_nodes }}

operations/_scripts/generate/generate_vars_terraform.sh

@@ -349,6 +349,7 @@ if [[ $(alpha_only "$AWS_ECS_ENABLE") == true ]]; then
   aws_ecs_lb_redirect_enable=$(generate_var aws_ecs_lb_redirect_enable $AWS_ECS_LB_REDIRECT_ENABLE)
   aws_ecs_lb_container_path=$(generate_var aws_ecs_lb_container_path $AWS_ECS_LB_CONTAINER_PATH)
   aws_ecs_lb_ssl_policy=$(generate_var aws_ecs_lb_ssl_policy $AWS_ECS_LB_SSL_POLICY)
+  aws_ecs_lb_www_to_apex_redirect=$(generate_var aws_ecs_lb_www_to_apex_redirect $AWS_ECS_LB_WWW_TO_APEX_REDIRECT)
   aws_ecs_autoscaling_enable=$(generate_var aws_ecs_autoscaling_enable $AWS_ECS_AUTOSCALING_ENABLE)
   aws_ecs_autoscaling_max_nodes=$(generate_var aws_ecs_autoscaling_max_nodes $AWS_ECS_AUTOSCALING_MAX_NODES)
   aws_ecs_autoscaling_min_nodes=$(generate_var aws_ecs_autoscaling_min_nodes $AWS_ECS_AUTOSCALING_MIN_NODES)
@@ -712,6 +713,7 @@ $aws_ecs_lb_port
 $aws_ecs_lb_redirect_enable
 $aws_ecs_lb_container_path
 $aws_ecs_lb_ssl_policy
+$aws_ecs_lb_www_to_apex_redirect
 $aws_ecs_autoscaling_enable
 $aws_ecs_autoscaling_max_nodes
 $aws_ecs_autoscaling_min_nodes

operations/deployment/terraform/aws/aws_variables.tf

@@ -1535,6 +1535,12 @@ variable "aws_ecs_lb_ssl_policy" {
   default     = "ELBSecurityPolicy-TLS13-1-2-2021-06"
 }
 
+variable "aws_ecs_lb_www_to_apex_redirect" {
+  type        = bool
+  description = "Toggle redirect from www to apex domain. Need aws_r53_domain_name variable defined."
+  default     = false
+}
+
 variable "aws_ecs_autoscaling_enable" {
   type        = bool
   description = "Toggle ecs autoscaling policy"

operations/deployment/terraform/aws/bitovi_main.tf

@@ -479,7 +479,7 @@ module "aws_ecs" {
   source = "../modules/aws/ecs"
   count  = var.aws_ecs_enable ? 1 : 0
   # ECS
-  aws_ecs_service_name               = var.aws_ecs_service_name 
+  aws_ecs_service_name               = var.aws_ecs_service_name
   aws_ecs_cluster_name               = var.aws_ecs_cluster_name 
   aws_ecs_service_launch_type        = var.aws_ecs_service_launch_type
   aws_ecs_task_type                  = var.aws_ecs_task_type
@@ -501,6 +501,7 @@ module "aws_ecs" {
   aws_ecs_lb_redirect_enable         = var.aws_ecs_lb_redirect_enable
   aws_ecs_lb_container_path          = var.aws_ecs_lb_container_path
   aws_ecs_lb_ssl_policy              = var.aws_ecs_lb_ssl_policy
+  aws_ecs_lb_www_to_apex_redirect    = var.aws_ecs_lb_www_to_apex_redirect
   aws_ecs_autoscaling_enable         = var.aws_ecs_autoscaling_enable
   aws_ecs_autoscaling_max_nodes      = var.aws_ecs_autoscaling_max_nodes
   aws_ecs_autoscaling_min_nodes      = var.aws_ecs_autoscaling_min_nodes
@@ -514,6 +515,7 @@ module "aws_ecs" {
   aws_selected_vpc_id                = module.vpc.aws_selected_vpc_id
   aws_selected_subnets               = module.vpc.aws_selected_vpc_subnets
   # Others
+  aws_r53_domain_name                = var.aws_r53_enable && var.aws_r53_domain_name != "" ? var.aws_r53_domain_name : ""
   aws_certificate_enabled            = var.aws_r53_enable_cert && length(module.aws_certificates) > 0 ? true : false
   aws_certificates_selected_arn      = var.aws_r53_enable_cert && var.aws_r53_domain_name != "" ? module.aws_certificates[0].selected_arn : ""
   aws_resource_identifier            = var.aws_resource_identifier

operations/deployment/terraform/modules/aws/ecs/aws_ecs_networking.tf

@@ -191,6 +191,31 @@ resource "aws_alb_listener_rule" "redirect_based_on_path_for_http" {
   }
 }
 
+resource "aws_lb_listener_rule" "redirect_www_to_apex" {
+  count        = var.aws_ecs_lb_www_to_apex_redirect && var.aws_r53_domain_name != "" ? 1 : 0
+  listener_arn = var.aws_certificates_selected_arn != "" ? aws_alb_listener.https_redirect[0].arn : aws_alb_listener.http_redirect[0].arn
+  priority     = 10
+
+  condition {
+    host_header {
+      values = ["www.${var.aws_r53_domain_name}"]
+    }
+  }
+
+  action {
+    type = "redirect"
+
+    redirect {
+      port        = var.aws_certificates_selected_arn != "" ? "443" : "80"
+      protocol    = var.aws_certificates_selected_arn != "" ? "HTTPS" : "HTTP"
+      status_code = "HTTP_301"
+      host        = "${var.aws_r53_domain_name}"
+      path        = "/#{path}"
+      query       = "#{query}"
+    }
+  }
+}
+
 resource "aws_security_group_rule" "incoming_alb_https" {
   count             = length(aws_alb_listener.https_redirect)
   type              = "ingress"

operations/deployment/terraform/modules/aws/ecs/aws_ecs_vars.tf

@@ -20,6 +20,7 @@ variable "aws_ecs_lb_port" {}
 variable "aws_ecs_lb_redirect_enable" {}
 variable "aws_ecs_lb_container_path" {}
 variable "aws_ecs_lb_ssl_policy" {}
+variable "aws_ecs_lb_www_to_apex_redirect" {}
 variable "aws_ecs_autoscaling_enable" {}
 variable "aws_ecs_autoscaling_max_nodes" {}
 variable "aws_ecs_autoscaling_min_nodes" {}
@@ -29,6 +30,7 @@ variable "aws_ecs_cloudwatch_enable" {}
 variable "aws_ecs_cloudwatch_lg_name" {}
 variable "aws_ecs_cloudwatch_skip_destroy" {}
 variable "aws_ecs_cloudwatch_retention_days" {}
+variable "aws_r53_domain_name" {}
 variable "aws_certificate_enabled" {}
 variable "aws_certificates_selected_arn" {}
 variable "aws_region_current_name" {}