We have a beanstalk
resource "aws_elastic_beanstalk_environment"
and we need the HTTP listener to redirect to HTTPS now normally you'd just create a load balancer listener rule (as the answers on here suggest) like this
resource "aws_lb_listener_rule" "redirect_http_to_https" {
listener_arn = XXX
action {
type = "redirect"
redirect {
port = "443"
protocol = "HTTPS"
host = "#{host}"
path = "/#{path}"
query = "#{query}"
status_code = "HTTP_301"
}
}
condition {}
}
However we, for reasons, have to use the built in beanstalk load balancer and not create our own load balancer resource, and as you see above i can't see that it's possible to target the beanstalks-loadbalancers-listener. Instead i've tried to manipulate the settings options to configure the load balancer like this
setting {
namespace = "aws:elbv2:listener:default"
name = "Rules"
value = "redirect"
}
setting {
namespace = "aws:elbv2:listenerrule:redirect"
name = "Process"
value = "443"
}
setting {
namespace = "aws:elbv2:listenerrule:redirect"
name = "Priority"
value = "1"
}
setting {
namespace = "aws:elbv2:listener:443"
name = "Protocol"
value = "HTTPS"
}
but none take effect. has anyone done it this way before? if not we'll have to do the redirection on the server probably in code.
This of course is so easy in the UI, took me less than 2 mins, but in terraform it's proving difficult
I've already did not exactly it, but it works for us. My redirect response are made by nginx inside the EC2 instances, created using ebextension file.
files:
"/etc/nginx/conf.d/000_https_redirect.conf":
mode: "000755"
owner: root
group: root
content: |
server {
listen 80;
return 301 https://$host$request_uri;
}
Already referenced by @jang00 in the comment above, but I think it deserves to be posted explicitly:
resource "aws_elastic_beanstalk_environment" "main" {
name = var.environment
application = aws_elastic_beanstalk_application.main.name
solution_stack_name = data.aws_elastic_beanstalk_solution_stack.multi_container_docker.name
setting {
namespace = "aws:ec2:vpc"
name = "VPCId"
value = var.vpc_id
resource = ""
}
setting {
namespace = "aws:ec2:vpc"
name = "Subnets"
value = join(", ", [var.private_a_subnet_id, var.private_b_subnet_id])
resource = ""
}
setting {
namespace = "aws:ec2:vpc"
name = "ELBSubnets"
value = join(", ", [var.public_a_subnet_id, var.public_b_subnet_id])
resource = ""
}
setting {
namespace = "aws:autoscaling:launchconfiguration"
name = "IamInstanceProfile"
value = "${var.application_name}-service-elasticbeanstalk-instance-${var.environment}"
}
setting {
namespace = "aws:autoscaling:launchconfiguration"
name = "InstanceType"
value = var.instance_type
}
setting {
namespace = "aws:elasticbeanstalk:environment"
name = "LoadBalancerType"
value = "application"
}
setting {
namespace = "aws:elasticbeanstalk:healthreporting:system"
name = "SystemType"
value = "enhanced"
}
setting {
namespace = "aws:elbv2:listener:443"
name = "ListenerEnabled"
value = var.acm_eu_west_2.arn == "" ? "false" : "true"
}
setting {
namespace = "aws:elbv2:listener:443"
name = "Protocol"
value = "HTTPS"
}
setting {
namespace = "aws:elbv2:listener:443"
name = "SSLCertificateArns"
value = var.acm_eu_west_2.arn
}
}
data "aws_lb_listener" "http_listener" {
load_balancer_arn = aws_elastic_beanstalk_environment.main.load_balancers[0]
port = 80
}
resource "aws_lb_listener_rule" "redirect_http_to_https" {
listener_arn = data.aws_lb_listener.http_listener.arn
priority = 1
action {
type = "redirect"
redirect {
port = "443"
protocol = "HTTPS"
status_code = "HTTP_301"
}
}
condition {
path_pattern {
values = ["/*"]
}
}
}
See this comment in the terraform-aws-elastic-beanstalk-environment repo.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.