diff --git a/README.md b/README.md index cd1eabd0..e16d31f9 100644 --- a/README.md +++ b/README.md @@ -462,6 +462,7 @@ The following inputs can be used as `step.with` keys | `aws_ecs_lb_redirect_enable`| String | Toggle redirect from HTTP and/or HTTPS to the main port. | | `aws_ecs_lb_container_path`| String | Comma separated list of paths for subsequent deployed containers. Need `aws_ecs_lb_redirect_enable` to be true. eg. api. (For http://bitovi.com/api/). If you have multiple, set them to `api,monitor,prom,,` (This example is for 6 containers) | | `aws_ecs_lb_ssl_policy` | String | SSL Policy for HTTPS listener in ALB. Will default to ELBSecurityPolicy-TLS13-1-2-2021-06 if none provided. See [this link](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html) for other policies. | +| `aws_ecs_lb_www_to_apex_redirect` | Boolean | Toggle redirect from www to apex domain. `aws_r53_domain_name` must be set. Defaults to `false`. | | `aws_ecs_autoscaling_enable`| Boolean | Toggle ecs autoscaling policy. | | `aws_ecs_autoscaling_max_nodes`| String | Max ammount of nodes to scale up to. | | `aws_ecs_autoscaling_min_nodes`| String | Min ammount of nodes to scale down to. | diff --git a/action.yaml b/action.yaml index f676e01b..43a8ef14 100644 --- a/action.yaml +++ b/action.yaml @@ -901,6 +901,9 @@ inputs: aws_ecs_lb_ssl_policy: description: 'SSL Policy for HTTPS listener in ALB. Will default to ELBSecurityPolicy-TLS13-1-2-2021-06 if none provided.' required: false + aws_ecs_lb_www_to_apex_redirect: + description: 'Toggle redirect from www to apex domain. aws_r53_domain_name must be set.' + required: false aws_ecs_autoscaling_enable: description: 'Toggle ecs autoscaling policy' required: false @@ -1514,6 +1517,7 @@ runs: AWS_ECS_LB_REDIRECT_ENABLE: ${{ inputs.aws_ecs_lb_redirect_enable }} AWS_ECS_LB_CONTAINER_PATH: ${{ inputs.aws_ecs_lb_container_path }} AWS_ECS_LB_SSL_POLICY: ${{ inputs.aws_ecs_lb_ssl_policy }} + AWS_ECS_LB_WWW_TO_APEX_REDIRECT: ${{ inputs.aws_ecs_lb_www_to_apex_redirect }} AWS_ECS_AUTOSCALING_ENABLE: ${{ inputs.aws_ecs_autoscaling_enable }} AWS_ECS_AUTOSCALING_MAX_NODES: ${{ inputs.aws_ecs_autoscaling_max_nodes }} AWS_ECS_AUTOSCALING_MIN_NODES: ${{ inputs.aws_ecs_autoscaling_min_nodes }} diff --git a/operations/_scripts/generate/generate_vars_terraform.sh b/operations/_scripts/generate/generate_vars_terraform.sh index 34ba9da2..04890722 100644 --- a/operations/_scripts/generate/generate_vars_terraform.sh +++ b/operations/_scripts/generate/generate_vars_terraform.sh @@ -349,6 +349,7 @@ if [[ $(alpha_only "$AWS_ECS_ENABLE") == true ]]; then aws_ecs_lb_redirect_enable=$(generate_var aws_ecs_lb_redirect_enable $AWS_ECS_LB_REDIRECT_ENABLE) aws_ecs_lb_container_path=$(generate_var aws_ecs_lb_container_path $AWS_ECS_LB_CONTAINER_PATH) aws_ecs_lb_ssl_policy=$(generate_var aws_ecs_lb_ssl_policy $AWS_ECS_LB_SSL_POLICY) + aws_ecs_lb_www_to_apex_redirect=$(generate_var aws_ecs_lb_www_to_apex_redirect $AWS_ECS_LB_WWW_TO_APEX_REDIRECT) aws_ecs_autoscaling_enable=$(generate_var aws_ecs_autoscaling_enable $AWS_ECS_AUTOSCALING_ENABLE) aws_ecs_autoscaling_max_nodes=$(generate_var aws_ecs_autoscaling_max_nodes $AWS_ECS_AUTOSCALING_MAX_NODES) aws_ecs_autoscaling_min_nodes=$(generate_var aws_ecs_autoscaling_min_nodes $AWS_ECS_AUTOSCALING_MIN_NODES) @@ -712,6 +713,7 @@ $aws_ecs_lb_port $aws_ecs_lb_redirect_enable $aws_ecs_lb_container_path $aws_ecs_lb_ssl_policy +$aws_ecs_lb_www_to_apex_redirect $aws_ecs_autoscaling_enable $aws_ecs_autoscaling_max_nodes $aws_ecs_autoscaling_min_nodes diff --git a/operations/deployment/terraform/aws/aws_variables.tf b/operations/deployment/terraform/aws/aws_variables.tf index 6e9fa262..adac2be2 100644 --- a/operations/deployment/terraform/aws/aws_variables.tf +++ b/operations/deployment/terraform/aws/aws_variables.tf @@ -1535,6 +1535,12 @@ variable "aws_ecs_lb_ssl_policy" { default = "ELBSecurityPolicy-TLS13-1-2-2021-06" } +variable "aws_ecs_lb_www_to_apex_redirect" { + type = bool + description = "Toggle redirect from www to apex domain. Need aws_r53_domain_name variable defined." + default = false +} + variable "aws_ecs_autoscaling_enable" { type = bool description = "Toggle ecs autoscaling policy" diff --git a/operations/deployment/terraform/aws/bitovi_main.tf b/operations/deployment/terraform/aws/bitovi_main.tf index 4c89b9a2..eccb3bdf 100644 --- a/operations/deployment/terraform/aws/bitovi_main.tf +++ b/operations/deployment/terraform/aws/bitovi_main.tf @@ -479,7 +479,7 @@ module "aws_ecs" { source = "../modules/aws/ecs" count = var.aws_ecs_enable ? 1 : 0 # ECS - aws_ecs_service_name = var.aws_ecs_service_name + aws_ecs_service_name = var.aws_ecs_service_name aws_ecs_cluster_name = var.aws_ecs_cluster_name aws_ecs_service_launch_type = var.aws_ecs_service_launch_type aws_ecs_task_type = var.aws_ecs_task_type @@ -501,6 +501,7 @@ module "aws_ecs" { aws_ecs_lb_redirect_enable = var.aws_ecs_lb_redirect_enable aws_ecs_lb_container_path = var.aws_ecs_lb_container_path aws_ecs_lb_ssl_policy = var.aws_ecs_lb_ssl_policy + aws_ecs_lb_www_to_apex_redirect = var.aws_ecs_lb_www_to_apex_redirect aws_ecs_autoscaling_enable = var.aws_ecs_autoscaling_enable aws_ecs_autoscaling_max_nodes = var.aws_ecs_autoscaling_max_nodes aws_ecs_autoscaling_min_nodes = var.aws_ecs_autoscaling_min_nodes @@ -514,6 +515,7 @@ module "aws_ecs" { aws_selected_vpc_id = module.vpc.aws_selected_vpc_id aws_selected_subnets = module.vpc.aws_selected_vpc_subnets # Others + aws_r53_domain_name = var.aws_r53_enable && var.aws_r53_domain_name != "" ? var.aws_r53_domain_name : "" aws_certificate_enabled = var.aws_r53_enable_cert && length(module.aws_certificates) > 0 ? true : false aws_certificates_selected_arn = var.aws_r53_enable_cert && var.aws_r53_domain_name != "" ? module.aws_certificates[0].selected_arn : "" aws_resource_identifier = var.aws_resource_identifier diff --git a/operations/deployment/terraform/modules/aws/ecs/aws_ecs_networking.tf b/operations/deployment/terraform/modules/aws/ecs/aws_ecs_networking.tf index 9f590ff3..d6d1132d 100644 --- a/operations/deployment/terraform/modules/aws/ecs/aws_ecs_networking.tf +++ b/operations/deployment/terraform/modules/aws/ecs/aws_ecs_networking.tf @@ -124,23 +124,18 @@ resource "aws_alb_listener_rule" "redirect_based_on_path" { } resource "aws_alb_listener" "http_redirect" { - count = var.aws_ecs_lb_redirect_enable && !contains(local.aws_ecs_lb_port,80) ? 1 : 0 + count = var.aws_ecs_lb_redirect_enable && !contains(local.aws_ecs_lb_port,80) && var.aws_certificate_enabled ? 1 : 0 load_balancer_arn = aws_alb.ecs_lb[0].id port = "80" protocol = "HTTP" - default_action { - type = var.aws_certificate_enabled ? "redirect" : "forward" - target_group_arn = var.aws_certificate_enabled ? null : aws_alb_target_group.lb_targets[0].id - - dynamic "redirect" { - for_each = var.aws_certificate_enabled ? [1] : [0] - content { - port = 443 - protocol = "HTTPS" - status_code = "HTTP_301" - } + type = "redirect" + + redirect { + port = "443" + protocol = "HTTPS" + status_code = "HTTP_301" } } depends_on = [ @@ -149,6 +144,22 @@ resource "aws_alb_listener" "http_redirect" { ] } +resource "aws_alb_listener" "http_forward" { + count = var.aws_ecs_lb_redirect_enable && !contains(local.aws_ecs_lb_port,80) && !var.aws_certificate_enabled ? 1 : 0 + load_balancer_arn = aws_alb.ecs_lb[0].id + port = "80" + protocol = "HTTP" + + default_action { + type = "forward" + target_group_arn = aws_alb_target_group.lb_targets[0].id + } + depends_on = [ + aws_alb.ecs_lb, + aws_alb_target_group.lb_targets + ] +} + resource "aws_security_group_rule" "incoming_alb_http" { count = length(aws_alb_listener.http_redirect) type = "ingress" @@ -191,6 +202,31 @@ resource "aws_alb_listener_rule" "redirect_based_on_path_for_http" { } } +resource "aws_lb_listener_rule" "redirect_www_to_apex" { + count = var.aws_ecs_lb_www_to_apex_redirect && var.aws_r53_domain_name != "" ? 1 : 0 + listener_arn = var.aws_certificate_enabled ? aws_alb_listener.lb_listener_ssl[0].arn : aws_alb_listener.lb_listener[0].arn + priority = 10 + + condition { + host_header { + values = ["www.${var.aws_r53_domain_name}"] + } + } + + action { + type = "redirect" + + redirect { + port = var.aws_certificate_enabled ? "443" : "80" + protocol = var.aws_certificate_enabled ? "HTTPS" : "HTTP" + status_code = "HTTP_301" + host = "${var.aws_r53_domain_name}" + path = "/#{path}" + query = "#{query}" + } + } +} + resource "aws_security_group_rule" "incoming_alb_https" { count = length(aws_alb_listener.https_redirect) type = "ingress" diff --git a/operations/deployment/terraform/modules/aws/ecs/aws_ecs_vars.tf b/operations/deployment/terraform/modules/aws/ecs/aws_ecs_vars.tf index e7dafbc3..8a3d5942 100644 --- a/operations/deployment/terraform/modules/aws/ecs/aws_ecs_vars.tf +++ b/operations/deployment/terraform/modules/aws/ecs/aws_ecs_vars.tf @@ -20,6 +20,7 @@ variable "aws_ecs_lb_port" {} variable "aws_ecs_lb_redirect_enable" {} variable "aws_ecs_lb_container_path" {} variable "aws_ecs_lb_ssl_policy" {} +variable "aws_ecs_lb_www_to_apex_redirect" {} variable "aws_ecs_autoscaling_enable" {} variable "aws_ecs_autoscaling_max_nodes" {} variable "aws_ecs_autoscaling_min_nodes" {} @@ -29,6 +30,7 @@ variable "aws_ecs_cloudwatch_enable" {} variable "aws_ecs_cloudwatch_lg_name" {} variable "aws_ecs_cloudwatch_skip_destroy" {} variable "aws_ecs_cloudwatch_retention_days" {} +variable "aws_r53_domain_name" {} variable "aws_certificate_enabled" {} variable "aws_certificates_selected_arn" {} variable "aws_region_current_name" {}