feat: Support HTTPS request headers renaming (#402)

ViktorOrda · web-flow · commit 0cb7affd6aba · 2025-04-01T11:39:07.000-05:00
diff --git a/README.md b/README.md
@@ -352,13 +352,13 @@ See [patterns.md](https://github.com/terraform-aws-modules/terraform-aws-alb/blo
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.89 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.93 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.89 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.93 |
 
 ## Modules
 
diff --git a/examples/complete-alb/main.tf b/examples/complete-alb/main.tf
@@ -384,6 +384,28 @@ module "alb" {
       routing_http_response_x_content_type_options_header_value           = "nosniff"
       routing_http_response_x_frame_options_header_value                  = "SAMEORIGIN"
     }
+
+    ex-request-headers = {
+      port            = "443"
+      protocol        = "HTTPS"
+      ssl_policy      = "ELBSecurityPolicy-TLS13-1-2-Res-2021-06"
+      certificate_arn = module.acm.acm_certificate_arn
+
+      fixed_response = {
+        content_type = "text/plain"
+        message_body = "Fixed message"
+        status_code  = "200"
+      }
+
+      routing_http_request_x_amzn_tls_version_header_name                   = "X-Amzn-Tls-Version-Custom"
+      routing_http_request_x_amzn_tls_cipher_suite_header_name              = "X-Amzn-Tls-Cipher-Suite-Custom"
+      routing_http_request_x_amzn_mtls_clientcert_header_name               = "X-Amzn-Mtls-Clientcert-Custom"
+      routing_http_request_x_amzn_mtls_clientcert_serial_number_header_name = "X-Amzn-Mtls-Clientcert-Serial-Number-Custom"
+      routing_http_request_x_amzn_mtls_clientcert_issuer_header_name        = "X-Amzn-Mtls-Clientcert-Issuer-Custom"
+      routing_http_request_x_amzn_mtls_clientcert_subject_header_name       = "X-Amzn-Mtls-Clientcert-Subject-Custom"
+      routing_http_request_x_amzn_mtls_clientcert_validity_header_name      = "X-Amzn-Mtls-Clientcert-Validity-Custom"
+      routing_http_request_x_amzn_mtls_clientcert_leaf_header_name          = "X-Amzn-Mtls-Clientcert-Leaf-Custom"
+    }
   }
 
   target_groups = {
diff --git a/main.tf b/main.tf
@@ -229,6 +229,15 @@ resource "aws_lb_listener" "this" {
   routing_http_response_x_content_type_options_header_value           = try(each.value.routing_http_response_x_content_type_options_header_value, null)
   routing_http_response_x_frame_options_header_value                  = try(each.value.routing_http_response_x_frame_options_header_value, null)
 
+  routing_http_request_x_amzn_tls_version_header_name                   = try(each.value.protocol, var.default_protocol, null) == "HTTPS" ? try(each.value.routing_http_request_x_amzn_tls_version_header_name, null) : null
+  routing_http_request_x_amzn_tls_cipher_suite_header_name              = try(each.value.protocol, var.default_protocol, null) == "HTTPS" ? try(each.value.routing_http_request_x_amzn_tls_cipher_suite_header_name, null) : null
+  routing_http_request_x_amzn_mtls_clientcert_header_name               = try(each.value.protocol, var.default_protocol, null) == "HTTPS" ? try(each.value.routing_http_request_x_amzn_mtls_clientcert_header_name, null) : null
+  routing_http_request_x_amzn_mtls_clientcert_serial_number_header_name = try(each.value.protocol, var.default_protocol, null) == "HTTPS" ? try(each.value.routing_http_request_x_amzn_mtls_clientcert_serial_number_header_name, null) : null
+  routing_http_request_x_amzn_mtls_clientcert_issuer_header_name        = try(each.value.protocol, var.default_protocol, null) == "HTTPS" ? try(each.value.routing_http_request_x_amzn_mtls_clientcert_issuer_header_name, null) : null
+  routing_http_request_x_amzn_mtls_clientcert_subject_header_name       = try(each.value.protocol, var.default_protocol, null) == "HTTPS" ? try(each.value.routing_http_request_x_amzn_mtls_clientcert_subject_header_name, null) : null
+  routing_http_request_x_amzn_mtls_clientcert_validity_header_name      = try(each.value.protocol, var.default_protocol, null) == "HTTPS" ? try(each.value.routing_http_request_x_amzn_mtls_clientcert_validity_header_name, null) : null
+  routing_http_request_x_amzn_mtls_clientcert_leaf_header_name          = try(each.value.protocol, var.default_protocol, null) == "HTTPS" ? try(each.value.routing_http_request_x_amzn_mtls_clientcert_leaf_header_name, null) : null
+
   load_balancer_arn        = aws_lb.this[0].arn
   port                     = try(each.value.port, var.default_port)
   protocol                 = try(each.value.protocol, var.default_protocol)
diff --git a/versions.tf b/versions.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.89"
+      version = ">= 5.93"
     }
   }
 }
diff --git a/wrappers/versions.tf b/wrappers/versions.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.89"
+      version = ">= 5.93"
     }
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -4,7 +4,7 @@ terraform {`
`4`	`4`	`required_providers {`
`5`	`5`	`aws = {`
`6`	`6`	`source = "hashicorp/aws"`
`7`		`- version = ">= 5.89"`
	`7`	`+ version = ">= 5.93"`
`8`	`8`	`}`
`9`	`9`	`}`
`10`	`10`	`}`