Add ecs www to apex option (#104)

LeoDiazL · web-flow · commit f9d065cd48b9 · 2025-11-19T19:58:40.000-03:00
* Add-ECS-www-to-apex-option

* Fix listener rule

* Fix with/without redirect
diff --git a/README.md b/README.md
@@ -462,6 +462,7 @@ The following inputs can be used as `step.with` keys
 | `aws_ecs_lb_redirect_enable`| String | Toggle redirect from HTTP and/or HTTPS to the main port. |
 | `aws_ecs_lb_container_path`| String | Comma separated list of paths for subsequent deployed containers. Need `aws_ecs_lb_redirect_enable` to be true. eg. api. (For http://bitovi.com/api/). If you have multiple, set them to `api,monitor,prom,,` (This example is for 6 containers) |
 | `aws_ecs_lb_ssl_policy` | String | SSL Policy for HTTPS listener in ALB. Will default to ELBSecurityPolicy-TLS13-1-2-2021-06 if none provided. See [this link](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html) for other policies. |
+| `aws_ecs_lb_www_to_apex_redirect` | Boolean | Toggle redirect from www to apex domain. `aws_r53_domain_name` must be set. Defaults to `false`. |
 | `aws_ecs_autoscaling_enable`| Boolean | Toggle ecs autoscaling policy. |
 | `aws_ecs_autoscaling_max_nodes`| String | Max ammount of nodes to scale up to. |
 | `aws_ecs_autoscaling_min_nodes`| String | Min ammount of nodes to scale down to. |
diff --git a/action.yaml b/action.yaml
@@ -901,6 +901,9 @@ inputs:
   aws_ecs_lb_ssl_policy:
     description: 'SSL Policy for HTTPS listener in ALB. Will default to ELBSecurityPolicy-TLS13-1-2-2021-06 if none provided.'
     required: false
+  aws_ecs_lb_www_to_apex_redirect:
+    description: 'Toggle redirect from www to apex domain. aws_r53_domain_name must be set.'
+    required: false
   aws_ecs_autoscaling_enable:
     description: 'Toggle ecs autoscaling policy'
     required: false
@@ -1514,6 +1517,7 @@ runs:
         AWS_ECS_LB_REDIRECT_ENABLE: ${{ inputs.aws_ecs_lb_redirect_enable }}
         AWS_ECS_LB_CONTAINER_PATH: ${{ inputs.aws_ecs_lb_container_path }}
         AWS_ECS_LB_SSL_POLICY: ${{ inputs.aws_ecs_lb_ssl_policy }}
+        AWS_ECS_LB_WWW_TO_APEX_REDIRECT: ${{ inputs.aws_ecs_lb_www_to_apex_redirect }}
         AWS_ECS_AUTOSCALING_ENABLE: ${{ inputs.aws_ecs_autoscaling_enable }}
         AWS_ECS_AUTOSCALING_MAX_NODES: ${{ inputs.aws_ecs_autoscaling_max_nodes }}
         AWS_ECS_AUTOSCALING_MIN_NODES: ${{ inputs.aws_ecs_autoscaling_min_nodes }}
diff --git a/operations/_scripts/generate/generate_vars_terraform.sh b/operations/_scripts/generate/generate_vars_terraform.sh
@@ -349,6 +349,7 @@ if [[ $(alpha_only "$AWS_ECS_ENABLE") == true ]]; then
   aws_ecs_lb_redirect_enable=$(generate_var aws_ecs_lb_redirect_enable $AWS_ECS_LB_REDIRECT_ENABLE)
   aws_ecs_lb_container_path=$(generate_var aws_ecs_lb_container_path $AWS_ECS_LB_CONTAINER_PATH)
   aws_ecs_lb_ssl_policy=$(generate_var aws_ecs_lb_ssl_policy $AWS_ECS_LB_SSL_POLICY)
+  aws_ecs_lb_www_to_apex_redirect=$(generate_var aws_ecs_lb_www_to_apex_redirect $AWS_ECS_LB_WWW_TO_APEX_REDIRECT)
   aws_ecs_autoscaling_enable=$(generate_var aws_ecs_autoscaling_enable $AWS_ECS_AUTOSCALING_ENABLE)
   aws_ecs_autoscaling_max_nodes=$(generate_var aws_ecs_autoscaling_max_nodes $AWS_ECS_AUTOSCALING_MAX_NODES)
   aws_ecs_autoscaling_min_nodes=$(generate_var aws_ecs_autoscaling_min_nodes $AWS_ECS_AUTOSCALING_MIN_NODES)
@@ -712,6 +713,7 @@ $aws_ecs_lb_port
 $aws_ecs_lb_redirect_enable
 $aws_ecs_lb_container_path
 $aws_ecs_lb_ssl_policy
+$aws_ecs_lb_www_to_apex_redirect
 $aws_ecs_autoscaling_enable
 $aws_ecs_autoscaling_max_nodes
 $aws_ecs_autoscaling_min_nodes
diff --git a/operations/deployment/terraform/aws/aws_variables.tf b/operations/deployment/terraform/aws/aws_variables.tf
@@ -1535,6 +1535,12 @@ variable "aws_ecs_lb_ssl_policy" {
   default     = "ELBSecurityPolicy-TLS13-1-2-2021-06"
 }
 
+variable "aws_ecs_lb_www_to_apex_redirect" {
+  type        = bool
+  description = "Toggle redirect from www to apex domain. Need aws_r53_domain_name variable defined."
+  default     = false
+}
+
 variable "aws_ecs_autoscaling_enable" {
   type        = bool
   description = "Toggle ecs autoscaling policy"
diff --git a/operations/deployment/terraform/aws/bitovi_main.tf b/operations/deployment/terraform/aws/bitovi_main.tf
@@ -479,7 +479,7 @@ module "aws_ecs" {
   source = "../modules/aws/ecs"
   count  = var.aws_ecs_enable ? 1 : 0
   # ECS
-  aws_ecs_service_name               = var.aws_ecs_service_name 
+  aws_ecs_service_name               = var.aws_ecs_service_name
   aws_ecs_cluster_name               = var.aws_ecs_cluster_name 
   aws_ecs_service_launch_type        = var.aws_ecs_service_launch_type
   aws_ecs_task_type                  = var.aws_ecs_task_type
@@ -501,6 +501,7 @@ module "aws_ecs" {
   aws_ecs_lb_redirect_enable         = var.aws_ecs_lb_redirect_enable
   aws_ecs_lb_container_path          = var.aws_ecs_lb_container_path
   aws_ecs_lb_ssl_policy              = var.aws_ecs_lb_ssl_policy
+  aws_ecs_lb_www_to_apex_redirect    = var.aws_ecs_lb_www_to_apex_redirect
   aws_ecs_autoscaling_enable         = var.aws_ecs_autoscaling_enable
   aws_ecs_autoscaling_max_nodes      = var.aws_ecs_autoscaling_max_nodes
   aws_ecs_autoscaling_min_nodes      = var.aws_ecs_autoscaling_min_nodes
@@ -514,6 +515,7 @@ module "aws_ecs" {
   aws_selected_vpc_id                = module.vpc.aws_selected_vpc_id
   aws_selected_subnets               = module.vpc.aws_selected_vpc_subnets
   # Others
+  aws_r53_domain_name                = var.aws_r53_enable && var.aws_r53_domain_name != "" ? var.aws_r53_domain_name : ""
   aws_certificate_enabled            = var.aws_r53_enable_cert && length(module.aws_certificates) > 0 ? true : false
   aws_certificates_selected_arn      = var.aws_r53_enable_cert && var.aws_r53_domain_name != "" ? module.aws_certificates[0].selected_arn : ""
   aws_resource_identifier            = var.aws_resource_identifier
diff --git a/operations/deployment/terraform/modules/aws/ecs/aws_ecs_networking.tf b/operations/deployment/terraform/modules/aws/ecs/aws_ecs_networking.tf
@@ -124,23 +124,18 @@ resource "aws_alb_listener_rule" "redirect_based_on_path" {
 }
 
 resource "aws_alb_listener" "http_redirect" {
-  count             = var.aws_ecs_lb_redirect_enable && !contains(local.aws_ecs_lb_port,80) ? 1 : 0
+  count             = var.aws_ecs_lb_redirect_enable && !contains(local.aws_ecs_lb_port,80) && var.aws_certificate_enabled ? 1 : 0
   load_balancer_arn = aws_alb.ecs_lb[0].id
   port              = "80"
   protocol          = "HTTP"
 
-
   default_action {
-    type = var.aws_certificate_enabled ? "redirect" : "forward"
-    target_group_arn = var.aws_certificate_enabled ? null : aws_alb_target_group.lb_targets[0].id
-
-    dynamic "redirect" {
-      for_each = var.aws_certificate_enabled ? [1] : [0]
-      content {
-        port        = 443
-        protocol    = "HTTPS"
-        status_code = "HTTP_301"
-      }
+    type = "redirect"
+
+    redirect {
+      port        = "443"
+      protocol    = "HTTPS"
+      status_code = "HTTP_301"
     }
   }
   depends_on = [
@@ -149,6 +144,22 @@ resource "aws_alb_listener" "http_redirect" {
   ]
 }
 
+resource "aws_alb_listener" "http_forward" {
+  count             = var.aws_ecs_lb_redirect_enable && !contains(local.aws_ecs_lb_port,80) && !var.aws_certificate_enabled ? 1 : 0
+  load_balancer_arn = aws_alb.ecs_lb[0].id
+  port              = "80"
+  protocol          = "HTTP"
+
+  default_action {
+    type             = "forward"
+    target_group_arn = aws_alb_target_group.lb_targets[0].id
+  }
+  depends_on = [
+    aws_alb.ecs_lb,
+    aws_alb_target_group.lb_targets
+  ]
+}
+
 resource "aws_security_group_rule" "incoming_alb_http" {
   count             = length(aws_alb_listener.http_redirect)
   type              = "ingress"
@@ -191,6 +202,31 @@ resource "aws_alb_listener_rule" "redirect_based_on_path_for_http" {
   }
 }
 
+resource "aws_lb_listener_rule" "redirect_www_to_apex" {
+  count        = var.aws_ecs_lb_www_to_apex_redirect && var.aws_r53_domain_name != "" ? 1 : 0
+  listener_arn = var.aws_certificate_enabled ? aws_alb_listener.lb_listener_ssl[0].arn : aws_alb_listener.lb_listener[0].arn
+  priority     = 10
+
+  condition {
+    host_header {
+      values = ["www.${var.aws_r53_domain_name}"]
+    }
+  }
+
+  action {
+    type = "redirect"
+
+    redirect {
+      port        = var.aws_certificate_enabled ? "443" : "80"
+      protocol    = var.aws_certificate_enabled ? "HTTPS" : "HTTP"
+      status_code = "HTTP_301"
+      host        = "${var.aws_r53_domain_name}"
+      path        = "/#{path}"
+      query       = "#{query}"
+    }
+  }
+}
+
 resource "aws_security_group_rule" "incoming_alb_https" {
   count             = length(aws_alb_listener.https_redirect)
   type              = "ingress"
diff --git a/operations/deployment/terraform/modules/aws/ecs/aws_ecs_vars.tf b/operations/deployment/terraform/modules/aws/ecs/aws_ecs_vars.tf
@@ -20,6 +20,7 @@ variable "aws_ecs_lb_port" {}
 variable "aws_ecs_lb_redirect_enable" {}
 variable "aws_ecs_lb_container_path" {}
 variable "aws_ecs_lb_ssl_policy" {}
+variable "aws_ecs_lb_www_to_apex_redirect" {}
 variable "aws_ecs_autoscaling_enable" {}
 variable "aws_ecs_autoscaling_max_nodes" {}
 variable "aws_ecs_autoscaling_min_nodes" {}
@@ -29,6 +30,7 @@ variable "aws_ecs_cloudwatch_enable" {}
 variable "aws_ecs_cloudwatch_lg_name" {}
 variable "aws_ecs_cloudwatch_skip_destroy" {}
 variable "aws_ecs_cloudwatch_retention_days" {}
+variable "aws_r53_domain_name" {}
 variable "aws_certificate_enabled" {}
 variable "aws_certificates_selected_arn" {}
 variable "aws_region_current_name" {}
