feat: Support aws_lb.enable_zonal_shift and `aws_lb_listener.tcp_id…

…le_timeout_seconds` (#385)
terraform-aws-modules · Oct 25, 2024 · f332dfd · f332dfd
1 parent 46852b8
commit f332dfd
Show file tree

Hide file tree

Showing 16 changed files with 35 additions and 24 deletions.
diff --git a/README.md b/README.md
@@ -352,13 +352,13 @@ See [patterns.md](https://github.com/terraform-aws-modules/terraform-aws-alb/blo
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.62 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.73 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.62 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.73 |
 
 ## Modules
 
@@ -406,6 +406,7 @@ No modules.
 | <a name="input_enable_tls_version_and_cipher_suite_headers"></a> [enable\_tls\_version\_and\_cipher\_suite\_headers](#input\_enable\_tls\_version\_and\_cipher\_suite\_headers) | Indicates whether the two headers (`x-amzn-tls-version` and `x-amzn-tls-cipher-suite`), which contain information about the negotiated TLS version and cipher suite, are added to the client request before sending it to the target. Only valid for Load Balancers of type `application`. Defaults to `false` | `bool` | `null` | no |
 | <a name="input_enable_waf_fail_open"></a> [enable\_waf\_fail\_open](#input\_enable\_waf\_fail\_open) | Indicates whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. Defaults to `false` | `bool` | `null` | no |
 | <a name="input_enable_xff_client_port"></a> [enable\_xff\_client\_port](#input\_enable\_xff\_client\_port) | Indicates whether the X-Forwarded-For header should preserve the source port that the client used to connect to the load balancer in `application` load balancers. Defaults to `false` | `bool` | `null` | no |
+| <a name="input_enable_zonal_shift"></a> [enable\_zonal\_shift](#input\_enable\_zonal\_shift) | Whether zonal shift is enabled | `bool` | `null` | no |
 | <a name="input_enforce_security_group_inbound_rules_on_private_link_traffic"></a> [enforce\_security\_group\_inbound\_rules\_on\_private\_link\_traffic](#input\_enforce\_security\_group\_inbound\_rules\_on\_private\_link\_traffic) | Indicates whether inbound security group rules are enforced for traffic originating from a PrivateLink. Only valid for Load Balancers of type network. The possible values are on and off. | `string` | `null` | no |
 | <a name="input_idle_timeout"></a> [idle\_timeout](#input\_idle\_timeout) | The time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type `application`. Default: `60` | `number` | `null` | no |
 | <a name="input_internal"></a> [internal](#input\_internal) | If true, the LB will be internal. Defaults to `false` | `bool` | `null` | no |

diff --git a/examples/complete-alb/README.md b/examples/complete-alb/README.md
@@ -20,15 +20,15 @@ Note that this example may create resources which cost money. Run `terraform des
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.62 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.73 |
 | <a name="requirement_null"></a> [null](#requirement\_null) | >= 2.0 |
 | <a name="requirement_random"></a> [random](#requirement\_random) | >= 3.6 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.62 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.73 |
 | <a name="provider_null"></a> [null](#provider\_null) | >= 2.0 |
 | <a name="provider_random"></a> [random](#provider\_random) | >= 3.6 |
 

diff --git a/examples/complete-alb/versions.tf b/examples/complete-alb/versions.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.62"
+      version = ">= 5.73"
     }
     null = {
       source  = "hashicorp/null"

diff --git a/examples/complete-nlb/README.md b/examples/complete-nlb/README.md
@@ -20,13 +20,13 @@ Note that this example may create resources which cost money. Run `terraform des
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.62 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.73 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.62 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.73 |
 
 ## Modules
 

diff --git a/examples/complete-nlb/main.tf b/examples/complete-nlb/main.tf
@@ -92,8 +92,9 @@ module "nlb" {
     }
 
     ex-three = {
-      port     = 83
-      protocol = "TCP"
+      port                     = 83
+      protocol                 = "TCP"
+      tcp_idle_timeout_seconds = 60
       forward = {
         target_group_key = "ex-target-three"
       }

diff --git a/examples/complete-nlb/versions.tf b/examples/complete-nlb/versions.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.62"
+      version = ">= 5.73"
     }
   }
 }
diff --git a/examples/mutual-auth-alb/README.md b/examples/mutual-auth-alb/README.md
@@ -21,15 +21,15 @@ Note that this example may create resources which cost money. Run `terraform des
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.62 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.73 |
 | <a name="requirement_null"></a> [null](#requirement\_null) | >= 2.0 |
 | <a name="requirement_tls"></a> [tls](#requirement\_tls) | >= 4.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.62 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.73 |
 | <a name="provider_null"></a> [null](#provider\_null) | >= 2.0 |
 | <a name="provider_tls"></a> [tls](#provider\_tls) | >= 4.0 |
 

diff --git a/examples/mutual-auth-alb/versions.tf b/examples/mutual-auth-alb/versions.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.62"
+      version = ">= 5.73"
     }
     null = {
       source  = "hashicorp/null"

diff --git a/main.tf b/main.tf
@@ -42,6 +42,7 @@ resource "aws_lb" "this" {
   enable_tls_version_and_cipher_suite_headers                  = var.enable_tls_version_and_cipher_suite_headers
   enable_waf_fail_open                                         = var.enable_waf_fail_open
   enable_xff_client_port                                       = var.enable_xff_client_port
+  enable_zonal_shift                                           = var.enable_zonal_shift
   enforce_security_group_inbound_rules_on_private_link_traffic = var.enforce_security_group_inbound_rules_on_private_link_traffic
   idle_timeout                                                 = var.idle_timeout
   internal                                                     = var.internal
@@ -215,11 +216,12 @@ resource "aws_lb_listener" "this" {
     }
   }
 
-  load_balancer_arn = aws_lb.this[0].arn
-  port              = try(each.value.port, var.default_port)
-  protocol          = try(each.value.protocol, var.default_protocol)
-  ssl_policy        = contains(["HTTPS", "TLS"], try(each.value.protocol, var.default_protocol)) ? try(each.value.ssl_policy, "ELBSecurityPolicy-TLS13-1-2-Res-2021-06") : try(each.value.ssl_policy, null)
-  tags              = merge(local.tags, try(each.value.tags, {}))
+  load_balancer_arn        = aws_lb.this[0].arn
+  port                     = try(each.value.port, var.default_port)
+  protocol                 = try(each.value.protocol, var.default_protocol)
+  ssl_policy               = contains(["HTTPS", "TLS"], try(each.value.protocol, var.default_protocol)) ? try(each.value.ssl_policy, "ELBSecurityPolicy-TLS13-1-2-Res-2021-06") : try(each.value.ssl_policy, null)
+  tcp_idle_timeout_seconds = try(each.value.tcp_idle_timeout_seconds, null)
+  tags                     = merge(local.tags, try(each.value.tags, {}))
 }
 
 ################################################################################

diff --git a/modules/lb_trust_store/README.md b/modules/lb_trust_store/README.md
@@ -30,13 +30,13 @@ module "trust_store" {
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.62 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.73 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.62 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.73 |
 
 ## Modules
 

diff --git a/modules/lb_trust_store/versions.tf b/modules/lb_trust_store/versions.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.62"
+      version = ">= 5.73"
     }
   }
 }
diff --git a/variables.tf b/variables.tf
@@ -92,6 +92,12 @@ variable "enable_xff_client_port" {
   default     = null
 }
 
+variable "enable_zonal_shift" {
+  description = "Whether zonal shift is enabled"
+  type        = bool
+  default     = null
+}
+
 variable "idle_timeout" {
   description = "The time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type `application`. Default: `60`"
   type        = number

diff --git a/versions.tf b/versions.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.62"
+      version = ">= 5.73"
     }
   }
 }
diff --git a/wrappers/lb_trust_store/versions.tf b/wrappers/lb_trust_store/versions.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.62"
+      version = ">= 5.73"
     }
   }
 }
diff --git a/wrappers/main.tf b/wrappers/main.tf
@@ -22,6 +22,7 @@ module "wrapper" {
   enable_tls_version_and_cipher_suite_headers                  = try(each.value.enable_tls_version_and_cipher_suite_headers, var.defaults.enable_tls_version_and_cipher_suite_headers, null)
   enable_waf_fail_open                                         = try(each.value.enable_waf_fail_open, var.defaults.enable_waf_fail_open, null)
   enable_xff_client_port                                       = try(each.value.enable_xff_client_port, var.defaults.enable_xff_client_port, null)
+  enable_zonal_shift                                           = try(each.value.enable_zonal_shift, var.defaults.enable_zonal_shift, null)
   enforce_security_group_inbound_rules_on_private_link_traffic = try(each.value.enforce_security_group_inbound_rules_on_private_link_traffic, var.defaults.enforce_security_group_inbound_rules_on_private_link_traffic, null)
   idle_timeout                                                 = try(each.value.idle_timeout, var.defaults.idle_timeout, null)
   internal                                                     = try(each.value.internal, var.defaults.internal, null)

diff --git a/wrappers/versions.tf b/wrappers/versions.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.62"
+      version = ">= 5.73"
     }
   }
 }