Merge pull request #17 from clouddrove/0.14

0.14
clouddrove · May 21, 2021 · 633504f · 633504f
2 parents b59c4f1 + 6e23823
commit 633504f
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 19 deletions.
diff --git a/main.tf b/main.tf
@@ -24,14 +24,14 @@ resource "aws_lb" "main" {
   internal                         = var.internal
   load_balancer_type               = var.load_balancer_type
   security_groups                  = var.security_groups
-  drop_invalid_header_fields       = var.drop_invalid_header_fields
   subnets                          = var.subnets
   enable_deletion_protection       = var.enable_deletion_protection
   idle_timeout                     = var.idle_timeout
   enable_cross_zone_load_balancing = var.enable_cross_zone_load_balancing
   enable_http2                     = var.enable_http2
   ip_address_type                  = var.ip_address_type
   tags                             = module.labels.tags
+  drop_invalid_header_fields       = true
 
   timeouts {
     create = var.load_balancer_create_timeout
@@ -61,7 +61,7 @@ resource "aws_lb_listener" "https" {
   load_balancer_arn = element(aws_lb.main.*.arn, count.index)
   port              = var.https_port
   protocol          = var.listener_protocol
-  ssl_policy        = var.listener_ssl_policy
+  ssl_policy        = "ELBSecurityPolicy-TLS-1-2-2017-01"
   certificate_arn   = var.listener_certificate_arn
   default_action {
     target_group_arn = element(aws_lb_target_group.main.*.arn, count.index)
@@ -97,7 +97,7 @@ resource "aws_lb_listener" "nhttps" {
   port              = var.https_listeners[count.index]["port"]
   protocol          = lookup(var.https_listeners[count.index], "protocol", "HTTPS")
   certificate_arn   = var.https_listeners[count.index]["certificate_arn"]
-  ssl_policy        = lookup(var.https_listeners[count.index], "ssl_policy", var.listener_ssl_policy)
+  ssl_policy        = "ELBSecurityPolicy-TLS-1-2-2017-01"
   default_action {
     target_group_arn = aws_lb_target_group.main[lookup(var.https_listeners[count.index], "target_group_index", count.index)].id
     type             = "forward"

diff --git a/variables.tf b/variables.tf
@@ -77,11 +77,6 @@ variable "load_balancer_type" {
   sensitive   = true
 }
 
-variable "drop_invalid_header_fields" {
-  type        = bool
-  default     = true
-  description = "Indicates whether HTTP headers with header fields that are not valid are removed by the load balancer (true) or routed to targets (false). The default is false. Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens. Only valid for Load Balancers of type application."
-}
 
 variable "subnet_mapping" {
   default     = []
@@ -181,12 +176,6 @@ variable "listener_type" {
   description = "The type of routing action. Valid values are forward, redirect, fixed-response, authenticate-cognito and authenticate-oidc."
 }
 
-variable "listener_ssl_policy" {
-  type        = string
-  sensitive   = true
-  default     = "ELBSecurityPolicy-TLS-1-2-2017-01"
-  description = "The security policy if using HTTPS externally on the load balancer. [See](https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-security-policy-table.html)."
-}
 
 variable "listener_certificate_arn" {
   type        = string
@@ -263,11 +252,6 @@ variable "load_balancer_update_timeout" {
   description = "Timeout value when updating the ALB."
 }
 
-variable "access_logs" {
-  type        = bool
-  default     = false
-  description = "Access logs Enable or Disable."
-}
 
 variable "http_listener_type" {
   type        = string
@@ -363,4 +347,10 @@ variable "target_type" {
   type        = string
   default     = ""
   description = "The type of target that you must specify when registering targets with this target group."
+}
+
+variable "access_logs" {
+  type        = bool
+  default     = false
+  description = "Access logs Enable or Disable."
 }