feat: Make aws_alb_listener default_action block configurable

.docs/header.md

@@ -18,10 +18,12 @@ both if need be.
 
 ## Examples
 
-**IMPORTANT:** We do not pin modules to versions in our examples because of the difficulty of keeping the versions in
-the documentation in sync with the latest released versions. We highly recommend that in your code you pin the version
-to the exact version you are using so that your infrastructure remains stable, and update versions in a systematic way
-so that they do not catch you by surprise.
+> [!IMPORTANT]
+> 
+> We do not pin modules to versions in our examples because of the difficulty of keeping the versions in
+> the documentation in sync with the latest released versions. We highly recommend that in your code you pin the version
+> to the exact version you are using so that your infrastructure remains stable, and update versions in a systematic way
+> so that they do not catch you by surprise.
 
 ```hcl
 module "container_definition_1" {

BREAKING_CHANGES.md

@@ -1,5 +1,6 @@
 # Breaking Changes
 
-## x.x.x
+## 2.0.0
 
-Breaking change description
+- The `alb_listeners` now requires a `default_action.type` whenever you are not using `alb_listeners`' default value.
+  To use previous default behaviour, use a `default_action.type` of `forward`.

README.md

@@ -19,10 +19,12 @@ both if need be.
 
 ## Examples
 
-**IMPORTANT:** We do not pin modules to versions in our examples because of the difficulty of keeping the versions in
-the documentation in sync with the latest released versions. We highly recommend that in your code you pin the version
-to the exact version you are using so that your infrastructure remains stable, and update versions in a systematic way
-so that they do not catch you by surprise.
+> [!IMPORTANT]
+>
+> We do not pin modules to versions in our examples because of the difficulty of keeping the versions in
+> the documentation in sync with the latest released versions. We highly recommend that in your code you pin the version
+> to the exact version you are using so that your infrastructure remains stable, and update versions in a systematic way
+> so that they do not catch you by surprise.
 
 ```hcl
 module "container_definition_1" {
@@ -135,7 +137,7 @@ module "ecs_app" {
 | <a name="input_alb_ingress_stickiness_cookie_duration"></a> [alb\_ingress\_stickiness\_cookie\_duration](#input\_alb\_ingress\_stickiness\_cookie\_duration) | The time period, in seconds, during which requests from a client should be routed to the same target. After this time period expires, the load balancer-generated cookie is considered stale. The range is 1 second to 1 week (604800 seconds). The default value is 1 day (86400 seconds) | `number` | `86400` | no |
 | <a name="input_alb_ingress_stickiness_enabled"></a> [alb\_ingress\_stickiness\_enabled](#input\_alb\_ingress\_stickiness\_enabled) | Boolean to enable / disable `stickiness`. | `bool` | `true` | no |
 | <a name="input_alb_ingress_stickiness_type"></a> [alb\_ingress\_stickiness\_type](#input\_alb\_ingress\_stickiness\_type) | The type of sticky sessions. The only current possible value is `lb_cookie` | `string` | `"lb_cookie"` | no |
-| <a name="input_alb_listeners"></a> [alb\_listeners](#input\_alb\_listeners) | A list of map containing a port and a protocol for all ALB listeners. | <pre>list(object({<br>    port     = number<br>    protocol = string<br>  }))</pre> | <pre>[<br>  {<br>    "port": 80,<br>    "protocol": "HTTP"<br>  }<br>]</pre> | no |
+| <a name="input_alb_listeners"></a> [alb\_listeners](#input\_alb\_listeners) | A list of map containing a port and a protocol and optionally a `default_action` for all ALB listeners. | <pre>list(object({<br>    port     = number<br>    protocol = string<br>    default_action = object({<br>      type             = string<br>      target_group_arn = optional(string)<br>      redirect = optional(object({<br>        host        = optional(string)<br>        path        = optional(string)<br>        port        = optional(string)<br>        protocol    = optional(string)<br>        query       = optional(string)<br>        status_code = string<br>      }))<br>      fixed_response = optional(object({<br>        content_type = string<br>        message_body = optional(string)<br>        status_code  = optional(string)<br>      }))<br>    })<br>  }))</pre> | <pre>[<br>  {<br>    "default_action": {<br>      "type": "forward"<br>    },<br>    "port": 80,<br>    "protocol": "HTTP"<br>  }<br>]</pre> | no |
 | <a name="input_alb_security_group_id"></a> [alb\_security\_group\_id](#input\_alb\_security\_group\_id) | ALB security group id (to allow connection from the ALB to the service). | `string` | n/a | yes |
 | <a name="input_aliases"></a> [aliases](#input\_aliases) | List of FQDN's - Used to set the Alternate Domain Names (CNAMEs). | `list(string)` | `[]` | no |
 | <a name="input_attributes"></a> [attributes](#input\_attributes) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,<br>in the order they appear in the list. New attributes are appended to the<br>end of the list. The elements of the list are joined by the `delimiter`<br>and treated as a single ID element. | `list(string)` | `[]` | no |

main.tf

@@ -7,6 +7,9 @@ locals {
   enabled                  = module.this.enabled
   ecs_service_task_sg_name = "${module.this.id}-ecs-service-task"
   health_check_path        = var.healthcheck_path != null ? var.healthcheck_path : var.health_check_path
+
+  listener_target_group_arns = [for listener in var.alb_listeners : listener.default_action.target_group_arn]
+  default_action_types       = [for listener in var.alb_listeners : listener.default_action.type]
 }
 
 data "aws_lb" "alb" {
@@ -83,9 +86,42 @@ resource "aws_lb_listener" "app" {
   protocol          = var.alb_listeners[count.index].protocol
   certificate_arn   = var.alb_listeners[count.index].protocol == "HTTPS" ? module.acm_certificate.arn : null
 
-  default_action {
-    type             = "forward"
-    target_group_arn = module.alb_ingress.target_group_arn
+  dynamic "default_action" {
+    # This for_each basically acts as an if statement.
+    for_each = local.default_action_types[count.index] == "forward" ? range(1) : range(0)
+    content {
+      type             = var.alb_listeners[count.index].default_action.type
+      target_group_arn = try(length(local.listener_target_group_arns[count.index]) > 0, false) ? local.listener_target_group_arns[count.index] : module.alb_ingress.target_group_arn
+    }
+  }
+
+  dynamic "default_action" {
+    # This for_each basically acts as an if statement.
+    for_each = local.default_action_types[count.index] == "fixed_response" ? range(1) : range(0)
+    content {
+      type = var.alb_listeners[count.index].default_action.type
+      fixed_response {
+        content_type = var.alb_listeners[count.index].default_action.fixed_response["content_type"]
+        message_body = lookup(var.alb_listeners[count.index].default_action.fixed_response, "message_body", null)
+        status_code  = lookup(var.alb_listeners[count.index].default_action.fixed_response, "status_code", null)
+      }
+    }
+  }
+
+  dynamic "default_action" {
+    # This for_each basically acts as an if statement.
+    for_each = local.default_action_types[count.index] == "redirect" ? range(1) : range(0)
+    content {
+      type = var.alb_listeners[count.index].default_action.type
+      redirect {
+        host        = lookup(var.alb_listeners[count.index].default_action.redirect, "host", null)
+        path        = lookup(var.alb_listeners[count.index].default_action.redirect, "path", null)
+        port        = lookup(var.alb_listeners[count.index].default_action.redirect, "port", null)
+        protocol    = lookup(var.alb_listeners[count.index].default_action.redirect, "protocol", null)
+        query       = lookup(var.alb_listeners[count.index].default_action.redirect, "query", null)
+        status_code = var.alb_listeners[count.index].default_action.redirect["status_code"]
+      }
+    }
   }
 
   lifecycle {

variables.tf

@@ -187,9 +187,36 @@ variable "alb_listeners" {
   type = list(object({
     port     = number
     protocol = string
+    default_action = object({
+      type             = string
+      target_group_arn = optional(string)
+      redirect = optional(object({
+        host        = optional(string)
+        path        = optional(string)
+        port        = optional(string)
+        protocol    = optional(string)
+        query       = optional(string)
+        status_code = string
+      }))
+      fixed_response = optional(object({
+        content_type = string
+        message_body = optional(string)
+        status_code  = optional(string)
+      }))
+    })
   }))
-  default     = [{ port = 80, protocol = "HTTP" }]
-  description = "A list of map containing a port and a protocol for all ALB listeners."
+  default = [{
+    port     = 80,
+    protocol = "HTTP"
+    default_action = {
+      type = "forward"
+    }
+  }]
+  validation {
+    condition     = alltrue([for listener in var.alb_listeners : contains(["forward", "redirect", "fixed_response"], listener.default_action.type)])
+    error_message = "The ALB listeners `default_action.type` must be one of `forward`, `redirect` or `fixed_response`."
+  }
+  description = "A list of map containing a port and a protocol and optionally a `default_action` for all ALB listeners."
 }
 
 variable "alb_security_group_id" {