sparse-intern-71089
09/16/2022, 6:02 AMmillions-furniture-75402
09/16/2022, 1:28 PMconst albSecurityGroup = new awsx.ec2.SecurityGroup(`${appName}-lb-sg`, {
egress: [
{
fromPort: 443,
toPort: 443,
protocol: "tcp",
cidrBlocks: ["0.0.0.0/0"],
description: `For ${appName} load balancer`,
},
],
ingress: [
{
fromPort: 443,
toPort: 443,
protocol: "tcp",
cidrBlocks: ["0.0.0.0/0"],
description: `For ${appName} load balancer`,
},
],
vpc,
});
const alb = new awsx.lb.ApplicationLoadBalancer(`${appName}-lb`, {
loadBalancer: new aws.lb.LoadBalancer(`${appName}-alb`, {
accessLogs: {
bucket: logBucketId,
enabled: true,
prefix: appName,
},
dropInvalidHeaderFields: true,
external: true,
securityGroups: [albSecurityGroup.id],
subnets: publicSubnetIds,
}),
vpc,
});
alb.createListener(`${appName}-http`, {
defaultAction: {
type: "redirect",
redirect: {
protocol: "HTTPS",
port: "443",
statusCode: "HTTP_301",
},
},
external: false,
port: 80,
protocol: "HTTP",
vpc,
});
const https = alb.createListener(`${appName}-https`, {
certificateArn,
defaultActions: [
{
fixedResponse: {
contentType: "text/plain",
messageBody: "404 Site Not Found",
statusCode: "404",
},
type: "fixed-response",
},
],
external: false,
port: 443,
protocol: "HTTPS",
sslPolicy: "ELBSecurityPolicy-TLS-1-2-Ext-2018-06",
vpc: vpc.vpc,
});
const appTargetGroup = new awsx.lb.ApplicationTargetGroup(`${appName}-tg`, {
deregistrationDelay: 0,
healthCheck: {
path: "/",
port: "443",
protocol: "HTTPS",
matcher: "200",
},
loadBalancer: alb,
port: 443,
protocol: "HTTPS",
vpc,
});
new awsx.lb.ListenerRule(`${appName}-lr`, https, {
actions: [
{
targetGroupArn: appTargetGroup.targetGroup.arn.apply(v => v),
type: "forward",
},
],
conditions: [
{
hostHeader: {
values: [`${appName}.*`],
},
},
],
priority: 1,
});
new aws.route53.Record(`${appName}-www`, {
aliases: [
{
evaluateTargetHealth: true,
name: alb.loadBalancer.dnsName,
zoneId: zoneId,
},
],
name: appName,
type: "A",
zoneId: hostedZoneId,
});
And the service has:
portMappings: [appTargetGroup],
fast-island-38778
09/16/2022, 1:41 PMfast-island-38778
09/16/2022, 1:41 PMconst httpsListener = alb.createListener(withAppNamePrefix('https-listener'), {
port: 443,
protocol: 'HTTPS',
external: true,
certificateArn: apiCertificateArn,
targetGroup: httpListener.defaultTargetGroup,
});