catherine/catherine-league
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f7019403c48ad5deac9be48ed49e08988274af95
catherine-league/infra/terraform/modules/catherine-fc/main/load-balancer.tf
Hansoo aa71a7a3cc added cognito initial config
2020-09-12 15:04:39 +09:00

78 lines
2.4 KiB
HCL
Raw Blame History

resource "aws_lb" "catherine_fc_load_balancer" {
name = "catherine-fc-lb"
internal = false
load_balancer_type = "application"
security_groups = [aws_security_group.catherine_fc_lb_sg.id]
subnets = var.internal_subnet_ids
enable_deletion_protection = true
tags = var.tags
}
resource "aws_lb_listener" "catherine_fc_load_balancer_listener" {
load_balancer_arn = aws_lb.catherine_fc_load_balancer.arn
port = "443"
protocol = "HTTPS"
ssl_policy = "ELBSecurityPolicy-TLS-1-2-Ext-2018-06"
certificate_arn = "arn:aws:acm:ap-northeast-1:353699021357:certificate/df8e9911-1f45-4e3f-90cb-4c34f3ed3e50"
default_action {
type = "forward"
target_group_arn = aws_lb_target_group.target_group_web.arn
}
}
resource "aws_lb_listener_rule" "catherine_fc_alb_listener_admin" {
listener_arn = aws_lb_listener.catherine_fc_load_balancer_listener.arn
priority = 1
action {
type = "authenticate-cognito"
authenticate_cognito {
user_pool_arn = aws_cognito_user_pool.catherine_fc_admin_cognito_pool.arn
user_pool_client_id = aws_cognito_user_pool_client.catherine_fc_admin_cognito_pool_client.id
user_pool_domain = aws_cognito_user_pool_domain.catherine_fc_admin_cognito_pool_domain.domain
on_unauthenticated_request = "authenticate"
session_cookie_name = "CatherineFCAdmin"
session_timeout = 86400
}
}
action {
type = "forward"
target_group_arn = aws_lb_target_group.target_group_web.arn
}
condition {
path_pattern {
values = ["/admin*"]
}
}
}
resource "aws_lb_listener_rule" "catherine_fc_alb_listener_admin_api" {
listener_arn = aws_lb_listener.catherine_fc_load_balancer_listener.arn
priority = 2
action {
type = "authenticate-cognito"
authenticate_cognito {
user_pool_arn = aws_cognito_user_pool.catherine_fc_admin_cognito_pool.arn
user_pool_client_id = aws_cognito_user_pool_client.catherine_fc_admin_cognito_pool_client.id
user_pool_domain = aws_cognito_user_pool_domain.catherine_fc_admin_cognito_pool_domain.domain
on_unauthenticated_request = "deny"
session_cookie_name = "CatherineFCAdmin"
session_timeout = 86400
}
}
action {
type = "forward"
target_group_arn = aws_lb_target_group.target_group_web.arn
}
condition {
path_pattern {
values = ["/api/admin*"]
}
}
}
Reference in New Issue View Git Blame Copy Permalink