This message was deleted Pulumi Community #aws

Join Slack

This message was deleted.

# aws

sparse-intern-71089

09/16/2022, 6:02 AM

This message was deleted.

millions-furniture-75402

09/16/2022, 1:28 PM

Copy code

const albSecurityGroup = new awsx.ec2.SecurityGroup(`${appName}-lb-sg`, {
  egress: [
    {
      fromPort: 443,
      toPort: 443,
      protocol: "tcp",
      cidrBlocks: ["0.0.0.0/0"],
      description: `For ${appName} load balancer`,
    },
  ],
  ingress: [
    {
      fromPort: 443,
      toPort: 443,
      protocol: "tcp",
      cidrBlocks: ["0.0.0.0/0"],
      description: `For ${appName} load balancer`,
    },
  ],
  vpc,
});

const alb = new awsx.lb.ApplicationLoadBalancer(`${appName}-lb`, {
  loadBalancer: new aws.lb.LoadBalancer(`${appName}-alb`, {
    accessLogs: {
      bucket: logBucketId,
      enabled: true,
      prefix: appName,
    },
    dropInvalidHeaderFields: true,
    external: true,
    securityGroups: [albSecurityGroup.id],
    subnets: publicSubnetIds,
  }),
  vpc,
});

alb.createListener(`${appName}-http`, {
  defaultAction: {
    type: "redirect",
    redirect: {
      protocol: "HTTPS",
      port: "443",
      statusCode: "HTTP_301",
    },
  },
  external: false,
  port: 80,
  protocol: "HTTP",
  vpc,
});

const https = alb.createListener(`${appName}-https`, {
  certificateArn,
  defaultActions: [
    {
      fixedResponse: {
        contentType: "text/plain",
        messageBody: "404 Site Not Found",
        statusCode: "404",
      },
      type: "fixed-response",
    },
  ],
  external: false,
  port: 443,
  protocol: "HTTPS",
  sslPolicy: "ELBSecurityPolicy-TLS-1-2-Ext-2018-06",
  vpc: vpc.vpc,
});

const appTargetGroup = new awsx.lb.ApplicationTargetGroup(`${appName}-tg`, {
  deregistrationDelay: 0,
  healthCheck: {
    path: "/",
    port: "443",
    protocol: "HTTPS",
    matcher: "200",
  },
  loadBalancer: alb,
  port: 443,
  protocol: "HTTPS",
  vpc,
});

new awsx.lb.ListenerRule(`${appName}-lr`, https, {
  actions: [
    {
      targetGroupArn: appTargetGroup.targetGroup.arn.apply(v => v),
      type: "forward",
    },
  ],
  conditions: [
    {
      hostHeader: {
        values: [`${appName}.*`],
      },
    },
  ],
  priority: 1,
});

new aws.route53.Record(`${appName}-www`, {
  aliases: [
    {
      evaluateTargetHealth: true,
      name: alb.loadBalancer.dnsName,
      zoneId: zoneId,
    },
  ],
  name: appName,
  type: "A",
  zoneId: hostedZoneId,
});

And the service has:

Copy code

portMappings: [appTargetGroup],

fast-island-38778

09/16/2022, 1:41 PM

thanks for the thorough answer

fast-island-38778

09/16/2022, 1:41 PM

all i had to do was adding httpListener’s default target group to the httpsListener like this

Copy code

const httpsListener = alb.createListener(withAppNamePrefix('https-listener'), {
  port: 443,
  protocol: 'HTTPS',
  external: true,
  certificateArn: apiCertificateArn,
  targetGroup: httpListener.defaultTargetGroup,
});

👍 1

4 Views

Open in Slack

Previous Next