Merge pull request #9 from mxfactorial/feature/internal-lb

jnonino · web-flow · commit 7fcda293d8ea · 2020-03-01T17:26:14.000Z
support internal lb
diff --git a/README.md b/README.md
@@ -58,6 +58,7 @@ Check the section "Other modules that you may need to use this module" for detai
 * security_groups: (Optional) The security groups associated with the task or service. If you do not specify a security group, the default security group for the VPC is used.
 * assign_public_ip: (Optional) Assign a public IP address to the ENI (Fargate launch type only). Valid values are true or false. Default false.
 * lb_health_check_path: (Optional) Health check path for the Load Balancer
+* internal_lb: (Optional) Sets ECS service load balancer to internal and disables ECS service public ip assignment. Default false
 
 ## Output values
 
diff --git a/main.tf b/main.tf
@@ -72,7 +72,7 @@ resource "aws_ecs_service" "service" {
   network_configuration {
     security_groups  = concat([aws_security_group.ecs_tasks_sg.id], var.security_groups)
     subnets          = var.private_subnets
-    assign_public_ip = var.assign_public_ip
+    assign_public_ip = var.internal_lb ? false : var.assign_public_ip
   }
   load_balancer {
     target_group_arn = aws_lb_target_group.lb_tg.arn
@@ -216,9 +216,9 @@ resource "aws_security_group" "lb_sg" {
 # ---------------------------------------------------------------------------------------------------------------------
 resource "aws_lb" "lb" {
   name                             = "${var.name_preffix}-lb"
-  internal                         = false
+  internal                         = var.internal_lb
   load_balancer_type               = "application"
-  subnets                          = var.public_subnets
+  subnets                          = var.internal_lb ? var.private_subnets : var.public_subnets
   security_groups                  = [aws_security_group.lb_sg.id]
   enable_deletion_protection       = false
   enable_cross_zone_load_balancing = true
diff --git a/variables.tf b/variables.tf
@@ -130,4 +130,10 @@ variable "lb_health_check_path" {
   description = "(Optional) Health check path for the Load Balancer"
   type        = string
   default     = "/"
-}
+}
+
+variable "internal_lb" {
+  description = "(Optional) Sets ECS service load balancer to internal and disables ECS service public ip assignment. Default false"
+  type        = bool
+  default     = false
+}
