feat: Support aws_lb_listener_rule.transform, regex_values, and update docs (#422)

Author: magreenbaum

README.md

@@ -19,6 +19,7 @@ Please consult the `examples` directory for reference example configurations. If
 - Security group rules now use a default naming scheme of `<security-group-name>-<map-key>` unless a more specific rule name is provided.
 - `rule.actions.type` has been replaced with `rule.actions.<type>`. See before/after below for more details.
 - `query_string` supports a list of key:value pairs; type definition updated to support this (i.e. was `map(string)` and is now `list(map(string))`)
+- `aws_lb_listener.ssl_policy` now defaults to `ELBSecurityPolicy-TLS13-1-3-2021-06`
 
 ### Removed
 

docs/UPGRADE-10.0.md

@@ -20,15 +20,15 @@ Note that this example may create resources which cost money. Run `terraform des
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5.7 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.5 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.19 |
 | <a name="requirement_null"></a> [null](#requirement\_null) | >= 2.0 |
 | <a name="requirement_random"></a> [random](#requirement\_random) | >= 3.6 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.5 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.19 |
 | <a name="provider_null"></a> [null](#provider\_null) | >= 2.0 |
 | <a name="provider_random"></a> [random](#provider\_random) | >= 3.6 |
 

examples/complete-alb/README.md

@@ -93,7 +93,7 @@ module "alb" {
           conditions = [{
             http_header = {
               http_header_name = "x-Gimme-Fixed-Response"
-              values           = ["yes", "please", "right now"]
+              regex_values     = ["^yes$", "^please$", "^right\\snow$"]
             }
           }]
         }
@@ -125,6 +125,26 @@ module "alb" {
               value = "true"
             }]
           }]
+
+          transform = {
+            host-header-rewrite = {
+              host_header_rewrite_config = {
+                rewrite = {
+                  regex   = "^mywebsite-(.+).com$"
+                  replace = "test.$1.myweb.com"
+                }
+              }
+            }
+            my_other_tranform = {
+              type = "url-rewrite"
+              url_rewrite_config = {
+                rewrite = {
+                  regex   = "^mywebsite-(.+).net"
+                  replace = "test.$1.myweb.net"
+                }
+              }
+            }
+          }
         }
 
         ex-redirect = {

examples/complete-alb/main.tf

@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 6.5"
+      version = ">= 6.19"
     }
     null = {
       source  = "hashicorp/null"

examples/complete-alb/versions.tf

@@ -20,13 +20,13 @@ Note that this example may create resources which cost money. Run `terraform des
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5.7 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.5 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.19 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.5 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.19 |
 
 ## Modules
 

examples/complete-nlb/README.md

@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 6.5"
+      version = ">= 6.19"
     }
   }
 }

examples/complete-nlb/versions.tf

@@ -21,15 +21,15 @@ Note that this example may create resources which cost money. Run `terraform des
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5.7 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.5 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.19 |
 | <a name="requirement_null"></a> [null](#requirement\_null) | >= 2.0 |
 | <a name="requirement_tls"></a> [tls](#requirement\_tls) | >= 4.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.5 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.19 |
 | <a name="provider_null"></a> [null](#provider\_null) | >= 2.0 |
 | <a name="provider_tls"></a> [tls](#provider\_tls) | >= 4.0 |
 

examples/mutual-auth-alb/README.md

@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 6.5"
+      version = ">= 6.19"
     }
     null = {
       source  = "hashicorp/null"

examples/mutual-auth-alb/versions.tf

@@ -450,7 +450,8 @@ resource "aws_lb_listener_rule" "this" {
         for_each = condition.value.host_header != null ? [condition.value.host_header] : []
 
         content {
-          values = host_header.value.values
+          values       = host_header.value.values
+          regex_values = host_header.value.regex_values
         }
       }
 
@@ -460,6 +461,7 @@ resource "aws_lb_listener_rule" "this" {
         content {
           http_header_name = http_header.value.http_header_name
           values           = http_header.value.values
+          regex_values     = http_header.value.regex_values
         }
       }
 
@@ -475,7 +477,8 @@ resource "aws_lb_listener_rule" "this" {
         for_each = condition.value.path_pattern != null ? [condition.value.path_pattern] : []
 
         content {
-          values = path_pattern.value.values
+          values       = path_pattern.value.values
+          regex_values = path_pattern.value.regex_values
         }
       }
 
@@ -501,6 +504,45 @@ resource "aws_lb_listener_rule" "this" {
   listener_arn = try(aws_lb_listener.this[each.value.listener_key].arn, each.value.listener_arn)
   priority     = each.value.priority
 
+  dynamic "transform" {
+    for_each = each.value.transform != null ? each.value.transform : {}
+
+    content {
+      type = coalesce(transform.value.type, transform.key)
+
+      dynamic "host_header_rewrite_config" {
+        for_each = transform.value.host_header_rewrite_config != null ? [transform.value.host_header_rewrite_config] : []
+
+        content {
+
+          dynamic "rewrite" {
+            for_each = host_header_rewrite_config.value.rewrite != null ? [host_header_rewrite_config.value.rewrite] : []
+
+            content {
+              regex   = rewrite.value.regex
+              replace = rewrite.value.replace
+            }
+          }
+        }
+      }
+      dynamic "url_rewrite_config" {
+        for_each = transform.value.url_rewrite_config != null ? [transform.value.url_rewrite_config] : []
+
+        content {
+
+          dynamic "rewrite" {
+            for_each = url_rewrite_config.value.rewrite != null ? [url_rewrite_config.value.rewrite] : []
+
+            content {
+              regex   = rewrite.value.regex
+              replace = rewrite.value.replace
+            }
+          }
+        }
+      }
+    }
+  }
+
   tags = merge(
     local.tags,
     each.value.tags,