Health check config per target group (#107)

nickreynke · web-flow · commit 897be6323076 · 2025-04-02T13:14:39.000+01:00
diff --git a/README.md b/README.md
@@ -60,13 +60,13 @@ In order to run all checks at any point run the following command:
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.92.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.93.0 |
 
 ## Modules
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_ecs-alb"></a> [ecs-alb](#module\_ecs-alb) | cn-terraform/ecs-alb/aws | 1.0.33 |
+| <a name="module_ecs-alb"></a> [ecs-alb](#module\_ecs-alb) | cn-terraform/ecs-alb/aws | 1.0.35 |
 | <a name="module_ecs-autoscaling"></a> [ecs-autoscaling](#module\_ecs-autoscaling) | cn-terraform/ecs-service-autoscaling/aws | 1.0.10 |
 
 ## Resources
@@ -113,10 +113,10 @@ In order to run all checks at any point run the following command:
 | <a name="input_lb_enable_http2"></a> [lb\_enable\_http2](#input\_lb\_enable\_http2) | (Optional) Indicates whether HTTP/2 is enabled in the load balancer. Defaults to true. | `bool` | `true` | no |
 | <a name="input_lb_http_ingress_cidr_blocks"></a> [lb\_http\_ingress\_cidr\_blocks](#input\_lb\_http\_ingress\_cidr\_blocks) | List of CIDR blocks to allowed to access the Load Balancer through HTTP | `list(string)` | <pre>[<br/>  "0.0.0.0/0"<br/>]</pre> | no |
 | <a name="input_lb_http_ingress_prefix_list_ids"></a> [lb\_http\_ingress\_prefix\_list\_ids](#input\_lb\_http\_ingress\_prefix\_list\_ids) | List of prefix list IDs blocks to allowed to access the Load Balancer through HTTP | `list(string)` | `[]` | no |
-| <a name="input_lb_http_ports"></a> [lb\_http\_ports](#input\_lb\_http\_ports) | Map containing objects to define listeners behaviour based on type field. If type field is `forward`, include listener\_port and the target\_group\_port. For `redirect` type, include listener port, host, path, port, protocol, query and status\_code. For `fixed-response`, include listener\_port, content\_type, message\_body and status\_code | `map(any)` | <pre>{<br/>  "default-http": {<br/>    "listener_port": 80,<br/>    "target_group_port": 80,<br/>    "target_group_protocol": "HTTP",<br/>    "target_group_protocol_version": "HTTP1",<br/>    "type": "forward"<br/>  }<br/>}</pre> | no |
+| <a name="input_lb_http_ports"></a> [lb\_http\_ports](#input\_lb\_http\_ports) | Map containing objects to define listeners behaviour based on type field. If type field is `forward`, include listener\_port and the target\_group\_port. For `redirect` type, include listener port, host, path, port, protocol, query and status\_code. For `fixed-response`, include listener\_port, content\_type, message\_body and status\_code | <pre>map(object({<br/>    type = optional(string)<br/><br/>    listener_port     = number<br/>    target_group_port = number<br/><br/>    target_group_protocol         = optional(string, "HTTP")<br/>    target_group_protocol_version = optional(string, "HTTP1") # HTTP1, HTTP2 or GRPC<br/><br/>    # Health check options, overriding default values provided as module variables<br/>    target_group_health_check_enabled             = optional(bool)<br/>    target_group_health_check_interval            = optional(number)<br/>    target_group_health_check_path                = optional(string)<br/>    target_group_health_check_port                = optional(string)<br/>    target_group_health_check_protocol            = optional(string, "HTTP")<br/>    target_group_health_check_timeout             = optional(number)<br/>    target_group_health_check_healthy_threshold   = optional(number)<br/>    target_group_health_check_unhealthy_threshold = optional(number)<br/>    target_group_health_check_matcher             = optional(string)<br/><br/>    host         = optional(string, "#{host}")<br/>    path         = optional(string, "/#{path}")<br/>    port         = optional(string, "#{port}")<br/>    protocol     = optional(string, "#{protocol}")<br/>    query        = optional(string, "#{query}")<br/>    status_code  = optional(string) # Default for `type=redirect`: "HTTP_301". Default for `type=fixed-response`: "200".<br/>    content_type = optional(string, "text/plain")<br/>    message_body = optional(string, "Fixed response content")<br/>  }))</pre> | <pre>{<br/>  "default": {<br/>    "listener_port": 80,<br/>    "target_group_port": 80,<br/>    "type": "forward"<br/>  }<br/>}</pre> | no |
 | <a name="input_lb_https_ingress_cidr_blocks"></a> [lb\_https\_ingress\_cidr\_blocks](#input\_lb\_https\_ingress\_cidr\_blocks) | List of CIDR blocks to allowed to access the Load Balancer through HTTPS | `list(string)` | <pre>[<br/>  "0.0.0.0/0"<br/>]</pre> | no |
 | <a name="input_lb_https_ingress_prefix_list_ids"></a> [lb\_https\_ingress\_prefix\_list\_ids](#input\_lb\_https\_ingress\_prefix\_list\_ids) | List of prefix list IDs blocks to allowed to access the Load Balancer through HTTPS | `list(string)` | `[]` | no |
-| <a name="input_lb_https_ports"></a> [lb\_https\_ports](#input\_lb\_https\_ports) | Map containing objects to define listeners behaviour based on type field. If type field is `forward`, include listener\_port and the target\_group\_port. For `redirect` type, include listener port, host, path, port, protocol, query and status\_code. For `fixed-response`, include listener\_port, content\_type, message\_body and status\_code | `map(any)` | <pre>{<br/>  "default-https": {<br/>    "listener_port": 443,<br/>    "target_group_port": 443,<br/>    "target_group_protocol": "HTTP",<br/>    "target_group_protocol_version": "HTTP1",<br/>    "type": "forward"<br/>  }<br/>}</pre> | no |
+| <a name="input_lb_https_ports"></a> [lb\_https\_ports](#input\_lb\_https\_ports) | Map containing objects to define listeners behaviour based on type field. If type field is `forward`, include listener\_port and the target\_group\_port. For `redirect` type, include listener port, host, path, port, protocol, query and status\_code. For `fixed-response`, include listener\_port, content\_type, message\_body and status\_code | <pre>map(object({<br/>    type = optional(string)<br/><br/>    listener_port     = number<br/>    target_group_port = number<br/><br/>    target_group_protocol         = optional(string, "HTTP")<br/>    target_group_protocol_version = optional(string, "HTTP1") # HTTP1, HTTP2 or GRPC<br/><br/>    # Health check options, overriding default values provided as module variables<br/>    target_group_health_check_enabled             = optional(bool)<br/>    target_group_health_check_interval            = optional(number)<br/>    target_group_health_check_path                = optional(string)<br/>    target_group_health_check_port                = optional(string)<br/>    target_group_health_check_protocol            = optional(string, "HTTP")<br/>    target_group_health_check_timeout             = optional(number)<br/>    target_group_health_check_healthy_threshold   = optional(number)<br/>    target_group_health_check_unhealthy_threshold = optional(number)<br/>    target_group_health_check_matcher             = optional(string)<br/><br/>    host         = optional(string, "#{host}")<br/>    path         = optional(string, "/#{path}")<br/>    port         = optional(string, "#{port}")<br/>    protocol     = optional(string, "#{protocol}")<br/>    query        = optional(string, "#{query}")<br/>    status_code  = optional(string) # Default for `type=redirect`: "HTTP_301". Default for `type=fixed-response`: "200".<br/>    content_type = optional(string, "text/plain")<br/>    message_body = optional(string, "Fixed response content")<br/>  }))</pre> | <pre>{<br/>  "default-https": {<br/>    "listener_port": 443,<br/>    "target_group_port": 443,<br/>    "type": "forward"<br/>  }<br/>}</pre> | no |
 | <a name="input_lb_idle_timeout"></a> [lb\_idle\_timeout](#input\_lb\_idle\_timeout) | (Optional) The time in seconds that the connection is allowed to be idle. Default: 60. | `number` | `60` | no |
 | <a name="input_lb_internal"></a> [lb\_internal](#input\_lb\_internal) | (Optional) If true, the LB will be internal. | `bool` | `false` | no |
 | <a name="input_lb_ip_address_type"></a> [lb\_ip\_address\_type](#input\_lb\_ip\_address\_type) | (Optional) The type of IP addresses used by the subnets for your load balancer. The possible values are ipv4 and dualstack. Defaults to ipv4 | `string` | `"ipv4"` | no |
@@ -130,6 +130,7 @@ In order to run all checks at any point run the following command:
 | <a name="input_lb_target_group_health_check_matcher"></a> [lb\_target\_group\_health\_check\_matcher](#input\_lb\_target\_group\_health\_check\_matcher) | The HTTP codes to use when checking for a successful response from a target. You can specify multiple values (for example, "200,202") or a range of values (for example, "200-299"). Default is 200. | `string` | `"200"` | no |
 | <a name="input_lb_target_group_health_check_path"></a> [lb\_target\_group\_health\_check\_path](#input\_lb\_target\_group\_health\_check\_path) | The destination for the health check request. | `string` | `"/"` | no |
 | <a name="input_lb_target_group_health_check_port"></a> [lb\_target\_group\_health\_check\_port](#input\_lb\_target\_group\_health\_check\_port) | (Optional) The port to use to connect with the target. Valid values are either ports 1-65536, or traffic-port. Defaults to traffic-port. | `string` | `"traffic-port"` | no |
+| <a name="input_lb_target_group_health_check_protocol"></a> [lb\_target\_group\_health\_check\_protocol](#input\_lb\_target\_group\_health\_check\_protocol) | (Optional) The protocol the load balancer uses when performing health checks on targets. Valid values are HTTP and HTTPS. Defaults to HTTP. | `string` | `"HTTP"` | no |
 | <a name="input_lb_target_group_health_check_timeout"></a> [lb\_target\_group\_health\_check\_timeout](#input\_lb\_target\_group\_health\_check\_timeout) | (Optional) The amount of time, in seconds, during which no response means a failed health check. The range is 2 to 120 seconds, and the default is 5 seconds. | `number` | `5` | no |
 | <a name="input_lb_target_group_health_check_unhealthy_threshold"></a> [lb\_target\_group\_health\_check\_unhealthy\_threshold](#input\_lb\_target\_group\_health\_check\_unhealthy\_threshold) | (Optional) The number of consecutive health check failures required before considering the target unhealthy. Defaults to 3. | `number` | `3` | no |
 | <a name="input_log_bucket_id"></a> [log\_bucket\_id](#input\_log\_bucket\_id) | (Optional) if provided, the ID of a previously-defined S3 bucket to send LB logs to. | `string` | `null` | no |
@@ -139,7 +140,7 @@ In order to run all checks at any point run the following command:
 | <a name="input_min_cpu_evaluation_period"></a> [min\_cpu\_evaluation\_period](#input\_min\_cpu\_evaluation\_period) | The number of periods over which data is compared to the specified threshold for min cpu metric alarm | `string` | `"3"` | no |
 | <a name="input_min_cpu_period"></a> [min\_cpu\_period](#input\_min\_cpu\_period) | The period in seconds over which the specified statistic is applied for min cpu metric alarm | `string` | `"60"` | no |
 | <a name="input_min_cpu_threshold"></a> [min\_cpu\_threshold](#input\_min\_cpu\_threshold) | Threshold for min CPU usage | `string` | `"10"` | no |
-| <a name="input_name_prefix"></a> [name\_prefix](#input\_name\_prefix) | Name prefix for resources on AWS | `any` | n/a | yes |
+| <a name="input_name_prefix"></a> [name\_prefix](#input\_name\_prefix) | Name prefix for resources on AWS. Max length is 15 characters. | `string` | n/a | yes |
 | <a name="input_ordered_placement_strategy"></a> [ordered\_placement\_strategy](#input\_ordered\_placement\_strategy) | (Optional) Service level strategy rules that are taken into consideration during task placement. List from top to bottom in order of precedence. The maximum number of ordered\_placement\_strategy blocks is 5. This is a list of maps where each map should contain "id" and "field" | `list(any)` | `[]` | no |
 | <a name="input_placement_constraints"></a> [placement\_constraints](#input\_placement\_constraints) | (Optional) rules that are taken into consideration during task placement. Maximum number of placement\_constraints is 10. This is a list of maps, where each map should contain "type" and "expression" | `list(any)` | `[]` | no |
 | <a name="input_platform_version"></a> [platform\_version](#input\_platform\_version) | (Optional) The platform version on which to run your service. Defaults to 1.4.0. More information about Fargate platform versions can be found in the AWS ECS User Guide. | `string` | `"1.4.0"` | no |
diff --git a/main.tf b/main.tf
@@ -5,7 +5,7 @@ module "ecs-alb" {
   count = var.custom_lb_arn == null ? 1 : 0
 
   source  = "cn-terraform/ecs-alb/aws"
-  version = "1.0.34"
+  version = "1.0.35"
 
   name_prefix = var.name_prefix
   vpc_id      = var.vpc_id
@@ -49,6 +49,7 @@ module "ecs-alb" {
   target_group_health_check_interval            = var.lb_target_group_health_check_interval
   target_group_health_check_path                = var.lb_target_group_health_check_path
   target_group_health_check_port                = var.lb_target_group_health_check_port
+  target_group_health_check_protocol            = var.lb_target_group_health_check_protocol
   target_group_health_check_timeout             = var.lb_target_group_health_check_timeout
   target_group_health_check_healthy_threshold   = var.lb_target_group_health_check_healthy_threshold
   target_group_health_check_unhealthy_threshold = var.lb_target_group_health_check_unhealthy_threshold
diff --git a/variables.tf b/variables.tf
@@ -2,7 +2,12 @@
 # Misc
 #------------------------------------------------------------------------------
 variable "name_prefix" {
-  description = "Name prefix for resources on AWS"
+  description = "Name prefix for resources on AWS. Max length is 15 characters."
+  type        = string
+  validation {
+    condition     = length(var.name_prefix) <= 15
+    error_message = "The name prefix must be 15 characters or less."
+  }
 }
 
 #------------------------------------------------------------------------------
@@ -302,15 +307,40 @@ variable "waf_web_acl_arn" {
 #------------------------------------------------------------------------------
 variable "lb_http_ports" {
   description = "Map containing objects to define listeners behaviour based on type field. If type field is `forward`, include listener_port and the target_group_port. For `redirect` type, include listener port, host, path, port, protocol, query and status_code. For `fixed-response`, include listener_port, content_type, message_body and status_code"
-  type        = map(any)
+  type = map(object({
+    type = optional(string)
+
+    listener_port     = number
+    target_group_port = number
+
+    target_group_protocol         = optional(string, "HTTP")
+    target_group_protocol_version = optional(string, "HTTP1") # HTTP1, HTTP2 or GRPC
+
+    # Health check options, overriding default values provided as module variables
+    target_group_health_check_enabled             = optional(bool)
+    target_group_health_check_interval            = optional(number)
+    target_group_health_check_path                = optional(string)
+    target_group_health_check_port                = optional(string)
+    target_group_health_check_protocol            = optional(string, "HTTP")
+    target_group_health_check_timeout             = optional(number)
+    target_group_health_check_healthy_threshold   = optional(number)
+    target_group_health_check_unhealthy_threshold = optional(number)
+    target_group_health_check_matcher             = optional(string)
+
+    host         = optional(string, "#{host}")
+    path         = optional(string, "/#{path}")
+    port         = optional(string, "#{port}")
+    protocol     = optional(string, "#{protocol}")
+    query        = optional(string, "#{query}")
+    status_code  = optional(string) # Default for `type=redirect`: "HTTP_301". Default for `type=fixed-response`: "200".
+    content_type = optional(string, "text/plain")
+    message_body = optional(string, "Fixed response content")
+  }))
   default = {
-    default-http = {
-      type                  = "forward"
-      listener_port         = 80
-      target_group_port     = 80
-      target_group_protocol = "HTTP"
-      # HTTP1, HTTP2 or GRPC
-      target_group_protocol_version = "HTTP1"
+    default = {
+      type              = "forward"
+      listener_port     = 80
+      target_group_port = 80
     }
   }
 }
@@ -329,15 +359,40 @@ variable "lb_http_ingress_prefix_list_ids" {
 
 variable "lb_https_ports" {
   description = "Map containing objects to define listeners behaviour based on type field. If type field is `forward`, include listener_port and the target_group_port. For `redirect` type, include listener port, host, path, port, protocol, query and status_code. For `fixed-response`, include listener_port, content_type, message_body and status_code"
-  type        = map(any)
+  type = map(object({
+    type = optional(string)
+
+    listener_port     = number
+    target_group_port = number
+
+    target_group_protocol         = optional(string, "HTTP")
+    target_group_protocol_version = optional(string, "HTTP1") # HTTP1, HTTP2 or GRPC
+
+    # Health check options, overriding default values provided as module variables
+    target_group_health_check_enabled             = optional(bool)
+    target_group_health_check_interval            = optional(number)
+    target_group_health_check_path                = optional(string)
+    target_group_health_check_port                = optional(string)
+    target_group_health_check_protocol            = optional(string, "HTTP")
+    target_group_health_check_timeout             = optional(number)
+    target_group_health_check_healthy_threshold   = optional(number)
+    target_group_health_check_unhealthy_threshold = optional(number)
+    target_group_health_check_matcher             = optional(string)
+
+    host         = optional(string, "#{host}")
+    path         = optional(string, "/#{path}")
+    port         = optional(string, "#{port}")
+    protocol     = optional(string, "#{protocol}")
+    query        = optional(string, "#{query}")
+    status_code  = optional(string) # Default for `type=redirect`: "HTTP_301". Default for `type=fixed-response`: "200".
+    content_type = optional(string, "text/plain")
+    message_body = optional(string, "Fixed response content")
+  }))
   default = {
     default-https = {
-      type                  = "forward"
-      listener_port         = 443
-      target_group_port     = 443
-      target_group_protocol = "HTTP"
-      # HTTP1, HTTP2 or GRPC
-      target_group_protocol_version = "HTTP1"
+      type              = "forward"
+      listener_port     = 443
+      target_group_port = 443
     }
   }
 }
@@ -413,6 +468,12 @@ variable "lb_target_group_health_check_port" {
   default     = "traffic-port"
 }
 
+variable "lb_target_group_health_check_protocol" {
+  description = "(Optional) The protocol the load balancer uses when performing health checks on targets. Valid values are HTTP and HTTPS. Defaults to HTTP."
+  type        = string
+  default     = "HTTP"
+}
+
 variable "lb_target_group_health_check_timeout" {
   description = "(Optional) The amount of time, in seconds, during which no response means a failed health check. The range is 2 to 120 seconds, and the default is 5 seconds."
   type        = number
