Fixes #134 - Provides guard against referencing aws_lb_target_group.d…

…efault when disabled * disables aws_lb_listener.http_forward when default_target_group is not enabled * disables aws_lb_listener.http_redirect when default_target_group is disabled unless default http response exists * disables aws_lb_listener.https when default_target_group is disabled unless default secure https response exists Fixes this Validation error when default_target_group_enabled == 0 : ``` module.alb.aws_lb_listener.http_forward[0]: Creating... ╷ │ Error: creating ELBv2 Listener (arn:aws:elasticloadbalancing:...:...:loadbalancer/...): ValidationError: A target group ARN must be specified │ status code: 400, request id: 7cf9d727-fc77-4d32-a160-cbd175e16e20 │ │ with module.alb.aws_lb_listener.http_forward[0], │ on .terraform/modules/alb/main.tf line 150, in resource "aws_lb_listener" "http_forward": │ 150: resource "aws_lb_listener" "http_forward" { ```
cloudposse · Oct 25, 2023 · 8cb422d · 8cb422d
1 parent fb4ec8e
commit 8cb422d
Showing 1 changed file with 20 additions and 3 deletions.
diff --git a/main.tf b/main.tf
@@ -150,7 +150,13 @@ resource "aws_lb_target_group" "default" {
 resource "aws_lb_listener" "http_forward" {
   #bridgecrew:skip=BC_AWS_GENERAL_43 - Skipping Ensure that load balancer is using TLS 1.2.
   #bridgecrew:skip=BC_AWS_NETWORKING_29 - Skipping Ensure ALB Protocol is HTTPS
-  count             = module.this.enabled && var.http_enabled && var.http_redirect != true ? 1 : 0
+  count = (
+    module.this.enabled &&
+    var.http_enabled &&
+    var.http_redirect != true &&
+    (var.listener_http_fixed_response != null || var.default_target_group_enabled)
+    ? 1 : 0
+  )
   load_balancer_arn = one(aws_lb.default[*].arn)
   port              = var.http_port
   protocol          = "HTTP"
@@ -172,7 +178,13 @@ resource "aws_lb_listener" "http_forward" {
 }
 
 resource "aws_lb_listener" "http_redirect" {
-  count             = module.this.enabled && var.http_enabled && var.http_redirect == true ? 1 : 0
+  count = (
+    module.this.enabled &&
+    var.http_enabled &&
+    var.http_redirect == true &&
+    var.default_target_group_enabled
+    ? 1 : 0
+  )
   load_balancer_arn = one(aws_lb.default[*].arn)
   port              = var.http_port
   protocol          = "HTTP"
@@ -192,7 +204,12 @@ resource "aws_lb_listener" "http_redirect" {
 
 resource "aws_lb_listener" "https" {
   #bridgecrew:skip=BC_AWS_GENERAL_43 - Skipping Ensure that load balancer is using TLS 1.2.
-  count             = module.this.enabled && var.https_enabled ? 1 : 0
+  count = (
+    module.this.enabled &&
+    var.https_enabled &&
+    (var.listener_https_fixed_response != null || var.default_target_group_enabled)
+    ? 1 : 0
+  )
   load_balancer_arn = one(aws_lb.default[*].arn)
 
   port            = var.https_port