elb.Certificate(
CertificateArn=
"arn:aws:acm:ap-northeast-2:540379673889:certificate/3202b1b0-7446-420e-99d2-4b175ecd6310"
)
]))
t.add_resource(
elb.Listener("HTTPListener",
Port="80",
Protocol="HTTP",
LoadBalancerArn=Ref("LoadBalancer"),
DefaultActions=[
elb.Action(Type="redirect",
RedirectConfig=elb.RedirectConfig(
Protocol='HTTPS',
StatusCode='HTTP_301',
Port='443',
))
]))
t.add_output(
Output(
"TargetGroup",
Description="TargetGroup",
Value=Ref("TargetGroup"),
Export=Export(Sub("${AWS::StackName}-target-group")),
))
t.add_output(
Output("URL",
Description="community-mother-api URL",
def main():
template = Template()
subnetA = template.add_parameter(Parameter("subnetA", Type="String"))
subnetB = template.add_parameter(Parameter("subnetB", Type="String"))
alb = template.add_resource(
elb.LoadBalancer(
"ALB",
Scheme="internet-facing",
Subnets=[subnetA.ref(), subnetB.ref()],
))
listener = template.add_resource(
elb.Listener(
"Listener",
Port="80",
Protocol="HTTP",
LoadBalancerArn=alb.ref(),
DefaultActions=[
elb.Action(
Type="fixed-response",
FixedResponseConfig=elb.FixedResponseConfig(
StatusCode="200",
MessageBody=(
"This is a fixed response for the default "
"ALB action"),
ContentType="text/plain",
),
)
],
))
template.add_resource([
elb.ListenerRule(
"ListenerRuleApi",
ListenerArn=listener.ref(),
Conditions=[
elb.Condition(Field="host-header", Values=["api.example.com"]),
elb.Condition(
Field="http-header",
HttpHeaderConfig=elb.HttpHeaderConfig(
HttpHeaderName="X-Action", Values=["Create"]),
),
elb.Condition(
Field="path-pattern",
PathPatternConfig=elb.PathPatternConfig(Values=["/api/*"]),
),
elb.Condition(
Field="http-request-method",
HttpRequestMethodConfig=elb.HttpRequestMethodConfig(
Values=["POST"]),
),
],
Actions=[
elb.Action(
Type="fixed-response",
FixedResponseConfig=elb.FixedResponseConfig(
StatusCode="200",
MessageBody=(
"This is a fixed response for any API POST "
"request with header X-Action: Create"),
ContentType="text/plain",
),
)
],
Priority="10",
),
elb.ListenerRule(
"ListenerRuleWeb",
ListenerArn=listener.ref(),
Conditions=[
elb.Condition(
Field="host-header",
HostHeaderConfig=elb.HostHeaderConfig(
Values=["www.example.com"]),
),
elb.Condition(
Field="path-pattern",
PathPatternConfig=elb.PathPatternConfig(Values=["/web/*"]),
),
],
Actions=[
elb.Action(
Type="fixed-response",
FixedResponseConfig=elb.FixedResponseConfig(
StatusCode="200",
MessageBody=("This is a fixed response for any WEB "
"request"),
ContentType="text/plain",
),
)
],
Priority="20",
),
elb.ListenerRule(
"ListenerRuleMetrics",
ListenerArn=listener.ref(),
Conditions=[
elb.Condition(Field="path-pattern", Values=["/metrics/*"])
],
Actions=[
elb.Action(
Type="redirect",
RedirectConfig=elb.RedirectConfig(StatusCode="HTTP_301",
Protocol="HTTPS",
Port="443"),
)
],
Priority="30",
),
elb.ListenerRule(
"ListenerRuleSourceIp",
ListenerArn=listener.ref(),
Conditions=[
elb.Condition(
Field="source-ip",
SourceIpConfig=elb.SourceIpConfig(
Values=["52.30.12.16/28"]),
)
],
Actions=[
elb.Action(
Type="fixed-response",
FixedResponseConfig=elb.FixedResponseConfig(
StatusCode="200",
MessageBody=("The request came from IP range "
"52.30.12.16/28"),
ContentType="text/plain",
),
)
],
Priority="40",
),
])
print(template.to_json())
def generate_app_load_balancer(self, lb_name, typ, port, cert_arn, log_bucket):
lb_name = self.cfn_name(lb_name)
if len(lb_name) >= 32:
alb_name = lb_name[0:31]
else:
alb_name = lb_name
if len(lb_name + 'TG') >= 32:
tg_name = '{}TG'.format(lb_name[0:29])
else:
tg_name = '{}TG'.format(lb_name)
if typ not in ['internal', 'internet-facing']:
raise NameError("Load balancer type must be of type internal, internet-facing")
# Use the system security groups (automatic) if internal, else use the limited external security group
sg = self.security_groups if typ == 'internal' else [Ref(self.elb_external_security_group)]
_alb = elasticloadbalancingv2.LoadBalancer(
alb_name,
Name=alb_name,
IpAddressType='ipv4',
LoadBalancerAttributes=[
elasticloadbalancingv2.LoadBalancerAttributes(
Key='access_logs.s3.enabled',
Value='true'
),
elasticloadbalancingv2.LoadBalancerAttributes(
Key='access_logs.s3.bucket',
Value=log_bucket
),
elasticloadbalancingv2.LoadBalancerAttributes(
Key='access_logs.s3.prefix',
Value="ELB/{}/{}".format(self.env, lb_name)
),
elasticloadbalancingv2.LoadBalancerAttributes(
Key='deletion_protection.enabled',
Value='false'
),
elasticloadbalancingv2.LoadBalancerAttributes(
Key='idle_timeout.timeout_seconds',
Value='60'
),
elasticloadbalancingv2.LoadBalancerAttributes(
Key='routing.http.drop_invalid_header_fields.enabled',
Value='false'
),
elasticloadbalancingv2.LoadBalancerAttributes(
Key='routing.http2.enabled',
Value='true'
)
],
Scheme=typ,
SecurityGroups=sg,
Subnets=[s['SubnetId'] for s in self.get_subnets('private' if typ == 'internal' else 'public')],
Type='application',
Tags=self.get_tags(
service_override="InternalALB" if typ == 'internal' else "ExternalALB",
role_override=lb_name
) + [ec2.Tag('Name', lb_name)]
)
_target_group = elasticloadbalancingv2.TargetGroup(
tg_name,
Name=tg_name,
HealthCheckIntervalSeconds=30,
HealthCheckPath='/ping',
HealthCheckPort=port,
HealthCheckProtocol='HTTP',
HealthCheckTimeoutSeconds=5,
HealthyThresholdCount=5,
UnhealthyThresholdCount=2,
Matcher=elasticloadbalancingv2.Matcher(
HttpCode='200'
),
Port=port,
Protocol='HTTP',
TargetGroupAttributes=[
elasticloadbalancingv2.TargetGroupAttribute(
Key='deregistration_delay.timeout_seconds',
Value='300'
),
elasticloadbalancingv2.TargetGroupAttribute(
Key='stickiness.enabled',
Value='false'
),
elasticloadbalancingv2.TargetGroupAttribute(
Key='stickiness.type',
Value='lb_cookie'
),
elasticloadbalancingv2.TargetGroupAttribute(
Key='load_balancing.algorithm.type',
Value='least_outstanding_requests'
)
],
TargetType='instance',
VpcId=self.vpc_id,
Tags=self.get_tags(
service_override="InternalALB" if typ == 'internal' else "ExternalALB",
role_override=lb_name
) + [ec2.Tag('Name', '{}TG'.format(lb_name))]
)
_listener_80 = self.add_resource(elasticloadbalancingv2.Listener(
'{}80Listener'.format(lb_name),
Port='80',
Protocol='HTTP',
LoadBalancerArn=Ref(_alb),
DefaultActions=[
elasticloadbalancingv2.Action(
Type='redirect',
RedirectConfig=elasticloadbalancingv2.RedirectConfig(
Host='#{host}',
Path='/#{path}',
Port='443',
Protocol='HTTPS',
Query='#{query}',
StatusCode='HTTP_301'
)
)
],
))
_listener_443 = self.add_resource(elasticloadbalancingv2.Listener(
'{}443Listener'.format(lb_name),
Port='443',
Protocol='HTTPS',
LoadBalancerArn=Ref(_alb),
SslPolicy='ELBSecurityPolicy-2016-08',
Certificates=[
elasticloadbalancingv2.Certificate(
CertificateArn=cert_arn
)
],
DefaultActions=[
elasticloadbalancingv2.Action(
Type='forward',
TargetGroupArn=Ref(_target_group)
)
],
))
return _alb, _target_group