Add support for health check port and protocol version (#105)

Author: nickreynke

README.md

@@ -60,14 +60,14 @@ In order to run all checks at any point run the following command:
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.48.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.92.0 |
 
 ## Modules
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_ecs-alb"></a> [ecs-alb](#module\_ecs-alb) | cn-terraform/ecs-alb/aws | 1.0.32 |
-| <a name="module_ecs-autoscaling"></a> [ecs-autoscaling](#module\_ecs-autoscaling) | cn-terraform/ecs-service-autoscaling/aws | 1.0.6   |
+| <a name="module_ecs-alb"></a> [ecs-alb](#module\_ecs-alb) | cn-terraform/ecs-alb/aws | 1.0.33 |
+| <a name="module_ecs-autoscaling"></a> [ecs-autoscaling](#module\_ecs-autoscaling) | cn-terraform/ecs-service-autoscaling/aws | 1.0.10 |
 
 ## Resources
 
@@ -84,14 +84,15 @@ In order to run all checks at any point run the following command:
 |------|-------------|------|---------|:--------:|
 | <a name="input_access_logs_prefix"></a> [access\_logs\_prefix](#input\_access\_logs\_prefix) | (Optional) if access logging to an S3 bucket, this sets a prefix in the bucket beneath which this LB's logs will be organized. | `string` | `null` | no |
 | <a name="input_additional_certificates_arn_for_https_listeners"></a> [additional\_certificates\_arn\_for\_https\_listeners](#input\_additional\_certificates\_arn\_for\_https\_listeners) | (Optional) List of SSL server certificate ARNs for HTTPS listener. Use it if you need to set additional certificates besides default\_certificate\_arn | `list(any)` | `[]` | no |
+| <a name="input_additional_lbs"></a> [additional\_lbs](#input\_additional\_lbs) | Additional load balancers to add to ECS service | <pre>map(object<br/>    (<br/>      {<br/>        target_group_arn = string<br/>        container_port   = number<br/>      }<br/>    )<br/>  )</pre> | `{}` | no |
 | <a name="input_assign_public_ip"></a> [assign\_public\_ip](#input\_assign\_public\_ip) | (Optional) Assign a public IP address to the ENI (Fargate launch type only). If true service will be associated with public subnets. Default false. | `bool` | `false` | no |
 | <a name="input_block_s3_bucket_public_access"></a> [block\_s3\_bucket\_public\_access](#input\_block\_s3\_bucket\_public\_access) | (Optional) If true, public access to the S3 bucket will be blocked.  Ignored if log\_bucket\_id is provided. | `bool` | `true` | no |
 | <a name="input_container_name"></a> [container\_name](#input\_container\_name) | Name of the running container | `any` | n/a | yes |
 | <a name="input_custom_lb_arn"></a> [custom\_lb\_arn](#input\_custom\_lb\_arn) | ARN of the Load Balancer to use in the ECS service. If provided, this module will not create a load balancer and will use the one provided in this variable | `string` | `null` | no |
 | <a name="input_default_certificate_arn"></a> [default\_certificate\_arn](#input\_default\_certificate\_arn) | (Optional) The ARN of the default SSL server certificate. Required if var.https\_ports is set. | `string` | `null` | no |
 | <a name="input_deployment_circuit_breaker_enabled"></a> [deployment\_circuit\_breaker\_enabled](#input\_deployment\_circuit\_breaker\_enabled) | (Optional) You can enable the deployment circuit breaker to cause a service deployment to transition to a failed state if tasks are persistently failing to reach RUNNING state or are failing healthcheck. | `bool` | `false` | no |
 | <a name="input_deployment_circuit_breaker_rollback"></a> [deployment\_circuit\_breaker\_rollback](#input\_deployment\_circuit\_breaker\_rollback) | (Optional) The optional rollback option causes Amazon ECS to roll back to the last completed deployment upon a deployment failure. | `bool` | `false` | no |
-| <a name="input_deployment_controller"></a> [deployment\_controller](#input\_deployment\_controller) | (Optional) Deployment controller | `list(string)` | `[]` | no |
+| <a name="input_deployment_controller"></a> [deployment\_controller](#input\_deployment\_controller) | (Optional) Deployment controller default: 'ECS' | `list(any)` | <pre>[<br/>  {<br/>    "type": "ECS"<br/>  }<br/>]</pre> | no |
 | <a name="input_deployment_maximum_percent"></a> [deployment\_maximum\_percent](#input\_deployment\_maximum\_percent) | (Optional) The upper limit (as a percentage of the service's desiredCount) of the number of running tasks that can be running in a service during a deployment. | `number` | `200` | no |
 | <a name="input_deployment_minimum_healthy_percent"></a> [deployment\_minimum\_healthy\_percent](#input\_deployment\_minimum\_healthy\_percent) | (Optional) The lower limit (as a percentage of the service's desiredCount) of the number of running tasks that must remain running and healthy in a service during a deployment. | `number` | `100` | no |
 | <a name="input_desired_count"></a> [desired\_count](#input\_desired\_count) | (Optional) The number of instances of the task definition to place and keep running. Defaults to 0. | `number` | `1` | no |
@@ -110,24 +111,25 @@ In order to run all checks at any point run the following command:
 | <a name="input_lb_enable_cross_zone_load_balancing"></a> [lb\_enable\_cross\_zone\_load\_balancing](#input\_lb\_enable\_cross\_zone\_load\_balancing) | (Optional) If true, cross-zone load balancing of the load balancer will be enabled. Defaults to false. | `bool` | `false` | no |
 | <a name="input_lb_enable_deletion_protection"></a> [lb\_enable\_deletion\_protection](#input\_lb\_enable\_deletion\_protection) | (Optional) If true, deletion of the load balancer will be disabled via the AWS API. This will prevent Terraform from deleting the load balancer. Defaults to false. | `bool` | `false` | no |
 | <a name="input_lb_enable_http2"></a> [lb\_enable\_http2](#input\_lb\_enable\_http2) | (Optional) Indicates whether HTTP/2 is enabled in the load balancer. Defaults to true. | `bool` | `true` | no |
-| <a name="input_lb_http_ingress_cidr_blocks"></a> [lb\_http\_ingress\_cidr\_blocks](#input\_lb\_http\_ingress\_cidr\_blocks) | List of CIDR blocks to allowed to access the Load Balancer through HTTP | `list(string)` | <pre>[<br>  "0.0.0.0/0"<br>]</pre> | no |
+| <a name="input_lb_http_ingress_cidr_blocks"></a> [lb\_http\_ingress\_cidr\_blocks](#input\_lb\_http\_ingress\_cidr\_blocks) | List of CIDR blocks to allowed to access the Load Balancer through HTTP | `list(string)` | <pre>[<br/>  "0.0.0.0/0"<br/>]</pre> | no |
 | <a name="input_lb_http_ingress_prefix_list_ids"></a> [lb\_http\_ingress\_prefix\_list\_ids](#input\_lb\_http\_ingress\_prefix\_list\_ids) | List of prefix list IDs blocks to allowed to access the Load Balancer through HTTP | `list(string)` | `[]` | no |
-| <a name="input_lb_http_ports"></a> [lb\_http\_ports](#input\_lb\_http\_ports) | Map containing objects to define listeners behaviour based on type field. If type field is `forward`, include listener\_port and the target\_group\_port. For `redirect` type, include listener port, host, path, port, protocol, query and status\_code. For `fixed-response`, include listener\_port, content\_type, message\_body and status\_code | `map(any)` | <pre>{<br>  "default-http": {<br>    "listener_port": 80,<br>    "target_group_port": 80,<br>    "type": "forward"<br>  }<br>}</pre> | no |
-| <a name="input_lb_https_ingress_cidr_blocks"></a> [lb\_https\_ingress\_cidr\_blocks](#input\_lb\_https\_ingress\_cidr\_blocks) | List of CIDR blocks to allowed to access the Load Balancer through HTTPS | `list(string)` | <pre>[<br>  "0.0.0.0/0"<br>]</pre> | no |
+| <a name="input_lb_http_ports"></a> [lb\_http\_ports](#input\_lb\_http\_ports) | Map containing objects to define listeners behaviour based on type field. If type field is `forward`, include listener\_port and the target\_group\_port. For `redirect` type, include listener port, host, path, port, protocol, query and status\_code. For `fixed-response`, include listener\_port, content\_type, message\_body and status\_code | `map(any)` | <pre>{<br/>  "default-http": {<br/>    "listener_port": 80,<br/>    "target_group_port": 80,<br/>    "target_group_protocol": "HTTP",<br/>    "target_group_protocol_version": "HTTP1",<br/>    "type": "forward"<br/>  }<br/>}</pre> | no |
+| <a name="input_lb_https_ingress_cidr_blocks"></a> [lb\_https\_ingress\_cidr\_blocks](#input\_lb\_https\_ingress\_cidr\_blocks) | List of CIDR blocks to allowed to access the Load Balancer through HTTPS | `list(string)` | <pre>[<br/>  "0.0.0.0/0"<br/>]</pre> | no |
 | <a name="input_lb_https_ingress_prefix_list_ids"></a> [lb\_https\_ingress\_prefix\_list\_ids](#input\_lb\_https\_ingress\_prefix\_list\_ids) | List of prefix list IDs blocks to allowed to access the Load Balancer through HTTPS | `list(string)` | `[]` | no |
-| <a name="input_lb_https_ports"></a> [lb\_https\_ports](#input\_lb\_https\_ports) | Map containing objects to define listeners behaviour based on type field. If type field is `forward`, include listener\_port and the target\_group\_port. For `redirect` type, include listener port, host, path, port, protocol, query and status\_code. For `fixed-response`, include listener\_port, content\_type, message\_body and status\_code | `map(any)` | <pre>{<br>  "default-https": {<br>    "listener_port": 443,<br>    "target_group_port": 443,<br>    "type": "forward"<br>  }<br>}</pre> | no |
+| <a name="input_lb_https_ports"></a> [lb\_https\_ports](#input\_lb\_https\_ports) | Map containing objects to define listeners behaviour based on type field. If type field is `forward`, include listener\_port and the target\_group\_port. For `redirect` type, include listener port, host, path, port, protocol, query and status\_code. For `fixed-response`, include listener\_port, content\_type, message\_body and status\_code | `map(any)` | <pre>{<br/>  "default-https": {<br/>    "listener_port": 443,<br/>    "target_group_port": 443,<br/>    "target_group_protocol": "HTTP",<br/>    "target_group_protocol_version": "HTTP1",<br/>    "type": "forward"<br/>  }<br/>}</pre> | no |
 | <a name="input_lb_idle_timeout"></a> [lb\_idle\_timeout](#input\_lb\_idle\_timeout) | (Optional) The time in seconds that the connection is allowed to be idle. Default: 60. | `number` | `60` | no |
 | <a name="input_lb_internal"></a> [lb\_internal](#input\_lb\_internal) | (Optional) If true, the LB will be internal. | `bool` | `false` | no |
 | <a name="input_lb_ip_address_type"></a> [lb\_ip\_address\_type](#input\_lb\_ip\_address\_type) | (Optional) The type of IP addresses used by the subnets for your load balancer. The possible values are ipv4 and dualstack. Defaults to ipv4 | `string` | `"ipv4"` | no |
 | <a name="input_lb_load_balancing_algorithm_type"></a> [lb\_load\_balancing\_algorithm\_type](#input\_lb\_load\_balancing\_algorithm\_type) | (Optional) Determines how the load balancer selects targets when routing requests. The value is round\_robin or least\_outstanding\_requests. The default is round\_robin. | `string` | `"round_robin"` | no |
 | <a name="input_lb_security_groups"></a> [lb\_security\_groups](#input\_lb\_security\_groups) | (Optional) A list of security group IDs to assign to the LB. | `list(string)` | `[]` | no |
 | <a name="input_lb_slow_start"></a> [lb\_slow\_start](#input\_lb\_slow\_start) | (Optional) The amount time for targets to warm up before the load balancer sends them a full share of requests. The range is 30-900 seconds or 0 to disable. The default value is 0 seconds. | `number` | `0` | no |
-| <a name="input_lb_stickiness"></a> [lb\_stickiness](#input\_lb\_stickiness) | (Optional) A Stickiness block. Provide three fields. type, the type of sticky sessions. The only current possible value is lb\_cookie. cookie\_duration, the time period, in seconds, during which requests from a client should be routed to the same target. After this time period expires, the load balancer-generated cookie is considered stale. The range is 1 second to 1 week (604800 seconds). The default value is 1 day (86400 seconds). enabled, boolean to enable / disable stickiness. Default is true. | <pre>object({<br>    type            = string<br>    cookie_duration = string<br>    enabled         = bool<br>  })</pre> | <pre>{<br>  "cookie_duration": 86400,<br>  "enabled": true,<br>  "type": "lb_cookie"<br>}</pre> | no |
+| <a name="input_lb_stickiness"></a> [lb\_stickiness](#input\_lb\_stickiness) | (Optional) A Stickiness block. Provide three fields. type, the type of sticky sessions. The only current possible value is lb\_cookie. cookie\_duration, the time period, in seconds, during which requests from a client should be routed to the same target. After this time period expires, the load balancer-generated cookie is considered stale. The range is 1 second to 1 week (604800 seconds). The default value is 1 day (86400 seconds). enabled, boolean to enable / disable stickiness. Default is true. | <pre>object({<br/>    type            = string<br/>    cookie_duration = string<br/>    enabled         = bool<br/>  })</pre> | <pre>{<br/>  "cookie_duration": 86400,<br/>  "enabled": true,<br/>  "type": "lb_cookie"<br/>}</pre> | no |
 | <a name="input_lb_target_group_health_check_enabled"></a> [lb\_target\_group\_health\_check\_enabled](#input\_lb\_target\_group\_health\_check\_enabled) | (Optional) Indicates whether health checks are enabled. Defaults to true. | `bool` | `true` | no |
 | <a name="input_lb_target_group_health_check_healthy_threshold"></a> [lb\_target\_group\_health\_check\_healthy\_threshold](#input\_lb\_target\_group\_health\_check\_healthy\_threshold) | (Optional) The number of consecutive health checks successes required before considering an unhealthy target healthy. Defaults to 3. | `number` | `3` | no |
 | <a name="input_lb_target_group_health_check_interval"></a> [lb\_target\_group\_health\_check\_interval](#input\_lb\_target\_group\_health\_check\_interval) | (Optional) The approximate amount of time, in seconds, between health checks of an individual target. Minimum value 5 seconds, Maximum value 300 seconds. Default 30 seconds. | `number` | `30` | no |
 | <a name="input_lb_target_group_health_check_matcher"></a> [lb\_target\_group\_health\_check\_matcher](#input\_lb\_target\_group\_health\_check\_matcher) | The HTTP codes to use when checking for a successful response from a target. You can specify multiple values (for example, "200,202") or a range of values (for example, "200-299"). Default is 200. | `string` | `"200"` | no |
 | <a name="input_lb_target_group_health_check_path"></a> [lb\_target\_group\_health\_check\_path](#input\_lb\_target\_group\_health\_check\_path) | The destination for the health check request. | `string` | `"/"` | no |
+| <a name="input_lb_target_group_health_check_port"></a> [lb\_target\_group\_health\_check\_port](#input\_lb\_target\_group\_health\_check\_port) | (Optional) The port to use to connect with the target. Valid values are either ports 1-65536, or traffic-port. Defaults to traffic-port. | `string` | `"traffic-port"` | no |
 | <a name="input_lb_target_group_health_check_timeout"></a> [lb\_target\_group\_health\_check\_timeout](#input\_lb\_target\_group\_health\_check\_timeout) | (Optional) The amount of time, in seconds, during which no response means a failed health check. The range is 2 to 120 seconds, and the default is 5 seconds. | `number` | `5` | no |
 | <a name="input_lb_target_group_health_check_unhealthy_threshold"></a> [lb\_target\_group\_health\_check\_unhealthy\_threshold](#input\_lb\_target\_group\_health\_check\_unhealthy\_threshold) | (Optional) The number of consecutive health check failures required before considering the target unhealthy. Defaults to 3. | `number` | `3` | no |
 | <a name="input_log_bucket_id"></a> [log\_bucket\_id](#input\_log\_bucket\_id) | (Optional) if provided, the ID of a previously-defined S3 bucket to send LB logs to. | `string` | `null` | no |
@@ -152,7 +154,7 @@ In order to run all checks at any point run the following command:
 | <a name="input_service_registries"></a> [service\_registries](#input\_service\_registries) | (Optional) The service discovery registries for the service. The maximum number of service\_registries blocks is 1. This is a map that should contain the following fields "registry\_arn", "port", "container\_port" and "container\_name" | `map(any)` | `{}` | no |
 | <a name="input_ssl_policy"></a> [ssl\_policy](#input\_ssl\_policy) | (Optional) The name of the SSL Policy for the listener. . Required if var.https\_ports is set. | `string` | `null` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Resource tags | `map(string)` | `{}` | no |
-| <a name="input_task_definition_arn"></a> [task\_definition\_arn](#input\_task\_definition\_arn) | (Required) The full ARN of the task definition that you want to run in your service. | `any` | n/a | yes |
+| <a name="input_task_definition_arn"></a> [task\_definition\_arn](#input\_task\_definition\_arn) | (Optional) The full ARN of the task definition that you want to run in your service. | `string` | `""` | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | ID of the VPC | `any` | n/a | yes |
 | <a name="input_waf_web_acl_arn"></a> [waf\_web\_acl\_arn](#input\_waf\_web\_acl\_arn) | ARN of a WAFV2 to associate with the ALB | `string` | `""` | no |
 

main.tf

@@ -5,7 +5,7 @@ module "ecs-alb" {
   count = var.custom_lb_arn == null ? 1 : 0
 
   source  = "cn-terraform/ecs-alb/aws"
-  version = "1.0.32"
+  version = "1.0.33"
 
   name_prefix = var.name_prefix
   vpc_id      = var.vpc_id
@@ -48,6 +48,7 @@ module "ecs-alb" {
   target_group_health_check_enabled             = var.lb_target_group_health_check_enabled
   target_group_health_check_interval            = var.lb_target_group_health_check_interval
   target_group_health_check_path                = var.lb_target_group_health_check_path
+  target_group_health_check_port                = var.lb_target_group_health_check_port
   target_group_health_check_timeout             = var.lb_target_group_health_check_timeout
   target_group_health_check_healthy_threshold   = var.lb_target_group_health_check_healthy_threshold
   target_group_health_check_unhealthy_threshold = var.lb_target_group_health_check_unhealthy_threshold

variables.tf

@@ -305,9 +305,12 @@ variable "lb_http_ports" {
   type        = map(any)
   default = {
     default-http = {
-      type              = "forward"
-      listener_port     = 80
-      target_group_port = 80
+      type                  = "forward"
+      listener_port         = 80
+      target_group_port     = 80
+      target_group_protocol = "HTTP"
+      # HTTP1, HTTP2 or GRPC
+      target_group_protocol_version = "HTTP1"
     }
   }
 }
@@ -329,9 +332,12 @@ variable "lb_https_ports" {
   type        = map(any)
   default = {
     default-https = {
-      type              = "forward"
-      listener_port     = 443
-      target_group_port = 443
+      type                  = "forward"
+      listener_port         = 443
+      target_group_port     = 443
+      target_group_protocol = "HTTP"
+      # HTTP1, HTTP2 or GRPC
+      target_group_protocol_version = "HTTP1"
     }
   }
 }
@@ -401,6 +407,12 @@ variable "lb_target_group_health_check_path" {
   default     = "/"
 }
 
+variable "lb_target_group_health_check_port" {
+  description = "(Optional) The port to use to connect with the target. Valid values are either ports 1-65536, or traffic-port. Defaults to traffic-port."
+  type        = string
+  default     = "traffic-port"
+}
+
 variable "lb_target_group_health_check_timeout" {
   description = "(Optional) The amount of time, in seconds, during which no response means a failed health check. The range is 2 to 120 seconds, and the default is 5 seconds."
   type        = number