Skip to content

feat: Support aws_lb_listener_rule.transform, regex_values, and update docs #422

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Nov 1, 2025
Merged

feat: Support aws_lb_listener_rule.transform, regex_values, and update docs #422

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
1f72dcf
support transforms
magreenbaum Oct 31, 2025
7546bf0
feedback changes
magreenbaum Oct 31, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions README.md
View file
Open in desktop

Large diffs are not rendered by default.

1 change: 1 addition & 0 deletions docs/UPGRADE-10.0.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ Please consult the `examples` directory for reference example configurations. If
- Security group rules now use a default naming scheme of `<security-group-name>-<map-key>` unless a more specific rule name is provided.
- `rule.actions.type` has been replaced with `rule.actions.<type>`. See before/after below for more details.
- `query_string` supports a list of key:value pairs; type definition updated to support this (i.e. was `map(string)` and is now `list(map(string))`)
- `aws_lb_listener.ssl_policy` now defaults to `ELBSecurityPolicy-TLS13-1-3-2021-06`
Copy link
Member

@bryantbiggs bryantbiggs Oct 31, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thank you ❤️


### Removed

Expand Down
4 changes: 2 additions & 2 deletions examples/complete-alb/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,15 +20,15 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5.7 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.5 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.19 |
| <a name="requirement_null"></a> [null](#requirement\_null) | >= 2.0 |
| <a name="requirement_random"></a> [random](#requirement\_random) | >= 3.6 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.5 |
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.19 |
| <a name="provider_null"></a> [null](#provider\_null) | >= 2.0 |
| <a name="provider_random"></a> [random](#provider\_random) | >= 3.6 |

Expand Down
22 changes: 21 additions & 1 deletion examples/complete-alb/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -93,7 +93,7 @@ module "alb" {
conditions = [{
http_header = {
http_header_name = "x-Gimme-Fixed-Response"
values = ["yes", "please", "right now"]
regex_values = ["^yes$", "^please$", "^right\\snow$"]
}
}]
}
Expand Down Expand Up @@ -125,6 +125,26 @@ module "alb" {
value = "true"
}]
}]

transforms = {
host-header-rewrite = {
host_header_rewrite_config = {
rewrite = {
regex = "^mywebsite-(.+).com$"
replace = "test.$1.myweb.com"
}
}
}
my_other_tranform = {
type = "url-rewrite"
url_rewrite_config = {
rewrite = {
regex = "^mywebsite-(.+).net"
replace = "test.$1.myweb.net"
}
}
}
}
}

ex-redirect = {
Expand Down
2 changes: 1 addition & 1 deletion examples/complete-alb/versions.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 6.5"
version = ">= 6.19"
}
null = {
source = "hashicorp/null"
Expand Down
4 changes: 2 additions & 2 deletions examples/complete-nlb/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,13 +20,13 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5.7 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.5 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.19 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.5 |
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.19 |

## Modules

Expand Down
2 changes: 1 addition & 1 deletion examples/complete-nlb/versions.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 6.5"
version = ">= 6.19"
}
}
}
4 changes: 2 additions & 2 deletions examples/mutual-auth-alb/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,15 +21,15 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5.7 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.5 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.19 |
| <a name="requirement_null"></a> [null](#requirement\_null) | >= 2.0 |
| <a name="requirement_tls"></a> [tls](#requirement\_tls) | >= 4.0 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.5 |
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.19 |
| <a name="provider_null"></a> [null](#provider\_null) | >= 2.0 |
| <a name="provider_tls"></a> [tls](#provider\_tls) | >= 4.0 |

Expand Down
2 changes: 1 addition & 1 deletion examples/mutual-auth-alb/versions.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 6.5"
version = ">= 6.19"
}
null = {
source = "hashicorp/null"
Expand Down
46 changes: 44 additions & 2 deletions main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -450,7 +450,8 @@ resource "aws_lb_listener_rule" "this" {
for_each = condition.value.host_header != null ? [condition.value.host_header] : []

content {
values = host_header.value.values
values = host_header.value.values
regex_values = host_header.value.regex_values
}
}

Expand All @@ -460,6 +461,7 @@ resource "aws_lb_listener_rule" "this" {
content {
http_header_name = http_header.value.http_header_name
values = http_header.value.values
regex_values = http_header.value.regex_values
}
}

Expand All @@ -475,7 +477,8 @@ resource "aws_lb_listener_rule" "this" {
for_each = condition.value.path_pattern != null ? [condition.value.path_pattern] : []

content {
values = path_pattern.value.values
values = path_pattern.value.values
regex_values = path_pattern.value.regex_values
}
}

Expand All @@ -501,6 +504,45 @@ resource "aws_lb_listener_rule" "this" {
listener_arn = try(aws_lb_listener.this[each.value.listener_key].arn, each.value.listener_arn)
priority = each.value.priority

dynamic "transform" {
for_each = each.value.transforms != null ? each.value.transforms : {}
Copy link
Member

@bryantbiggs bryantbiggs Oct 31, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I know we've been inconsistent elsewhere but lets match the API with the singular form

Suggested change
for_each = each.value.transforms != null ? each.value.transforms : {}
for_each = each.value.transform != null ? each.value.transform : {}


content {
type = coalesce(transform.value.type, transform.key)

dynamic "host_header_rewrite_config" {
for_each = transform.value.host_header_rewrite_config != null ? [transform.value.host_header_rewrite_config] : []

content {

dynamic "rewrite" {
for_each = host_header_rewrite_config.value.rewrite != null ? [host_header_rewrite_config.value.rewrite] : []

content {
regex = rewrite.value.regex
replace = rewrite.value.replace
}
}
}
}
dynamic "url_rewrite_config" {
for_each = transform.value.url_rewrite_config != null ? [transform.value.url_rewrite_config] : []

content {

dynamic "rewrite" {
for_each = url_rewrite_config.value.rewrite != null ? [url_rewrite_config.value.rewrite] : []

content {
regex = rewrite.value.regex
replace = rewrite.value.replace
}
}
}
}
}
}

tags = merge(
local.tags,
each.value.tags,
Expand Down
4 changes: 2 additions & 2 deletions modules/lb_trust_store/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,13 +30,13 @@ module "trust_store" {
| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5.7 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.5 |
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 6.19 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.5 |
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 6.19 |

## Modules

Expand Down
2 changes: 1 addition & 1 deletion modules/lb_trust_store/versions.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 6.5"
version = ">= 6.19"
}
}
}
26 changes: 22 additions & 4 deletions variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -378,17 +378,20 @@ variable "listeners" {
}))
conditions = list(object({
host_header = optional(object({
values = list(string)
values = optional(list(string))
regex_values = optional(list(string))
}))
http_header = optional(object({
http_header_name = string
values = list(string)
values = optional(list(string))
regex_values = optional(list(string))
}))
http_request_method = optional(object({
values = list(string)
}))
path_pattern = optional(object({
values = list(string)
values = optional(list(string))
regex_values = optional(list(string))
}))
query_string = optional(list(object({
key = optional(string)
Expand All @@ -401,7 +404,22 @@ variable "listeners" {
listener_arn = optional(string)
listener_key = optional(string)
priority = optional(number)
tags = optional(map(string), {})
transforms = optional(map(object({
Copy link
Member

@bryantbiggs bryantbiggs Oct 31, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
transforms = optional(map(object({
transform = optional(map(object({

type = optional(string)
host_header_rewrite_config = optional(object({
rewrite = optional(object({
regex = string
replace = string
}))
}))
url_rewrite_config = optional(object({
rewrite = optional(object({
regex = string
replace = string
}))
}))
})))
tags = optional(map(string), {})
})), {})
}))
default = {}
Expand Down
2 changes: 1 addition & 1 deletion versions.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 6.5"
version = ">= 6.19"
}
}
}
2 changes: 1 addition & 1 deletion wrappers/lb_trust_store/versions.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 6.5"
version = ">= 6.19"
}
}
}
2 changes: 1 addition & 1 deletion wrappers/versions.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 6.5"
version = ">= 6.19"
}
}
}