From 959a48daaa215f995f42cec909e273871daf8c6f Mon Sep 17 00:00:00 2001
From: Anton Baranov <abaranov@linuxfoundation.org>
Date: Tue, 18 Jul 2023 20:16:49 -0400
Subject: [PATCH] feat: Add forward group for https listener

Signed-off-by: Anton Baranov <abaranov@linuxfoundation.org>
---
 examples/complete-alb/main.tf | 17 +++++++++++++++++
 main.tf                       | 26 +++++++++++++++++++++++++-
 2 files changed, 42 insertions(+), 1 deletion(-)

diff --git a/examples/complete-alb/main.tf b/examples/complete-alb/main.tf
index 64dfcc4..508e7a9 100644
--- a/examples/complete-alb/main.tf
+++ b/examples/complete-alb/main.tf
@@ -164,6 +164,23 @@ module "alb" {
         user_info_endpoint     = "https://${var.domain_name}/user_info"
       }
     },
+    {
+      port            = 446
+      protocol        = "HTTPS"
+      certificate_arn = module.acm.acm_certificate_arn
+      forward = {
+        target_groups = [
+          {
+            target_group_index = 0
+            weight             = 1
+          },
+          {
+            target_group_index = 1
+            weight             = 0
+          }
+        ]
+      }
+    },
   ]
 
   extra_ssl_certs = [
diff --git a/main.tf b/main.tf
index 63dc966..433b45a 100644
--- a/main.tf
+++ b/main.tf
@@ -710,7 +710,7 @@ resource "aws_lb_listener" "frontend_https" {
     # Defaults to forward action if action_type not specified
     content {
       type             = lookup(default_action.value, "action_type", "forward")
-      target_group_arn = contains([null, "", "forward"], lookup(default_action.value, "action_type", "")) ? aws_lb_target_group.main[lookup(default_action.value, "target_group_index", count.index)].id : null
+      target_group_arn = contains([null, "", "forward"], lookup(default_action.value, "action_type", "")) && length(keys(lookup(default_action.value, "forward", {}))) == 0 ? aws_lb_target_group.main[lookup(default_action.value, "target_group_index", count.index)].id : null
 
       dynamic "redirect" {
         for_each = length(keys(lookup(default_action.value, "redirect", {}))) == 0 ? [] : [lookup(default_action.value, "redirect", {})]
@@ -735,6 +735,30 @@ resource "aws_lb_listener" "frontend_https" {
         }
       }
 
+      dynamic "forward" {
+        for_each = length(keys(lookup(default_action.value, "forward", {}))) == 0 ? [] : [lookup(default_action.value, "forward", {})]
+
+        content {
+          dynamic "target_group" {
+            for_each = forward.value["target_groups"]
+
+            content {
+              arn    = aws_lb_target_group.main[target_group.value["target_group_index"]].id
+              weight = lookup(target_group.value, "weight", null)
+            }
+          }
+
+          dynamic "stickiness" {
+            for_each = length(keys(lookup(forward.value, "stickiness", {}))) == 0 ? [] : [lookup(forward.value, "stickiness", {})]
+
+            content {
+              enabled  = lookup(stickiness.value, "enabled", false)
+              duration = lookup(stickiness.value, "duration", 60)
+            }
+          }
+        }
+      }
+
       # Authentication actions only available with HTTPS listeners
       dynamic "authenticate_cognito" {
         for_each = length(keys(lookup(default_action.value, "authenticate_cognito", {}))) == 0 ? [] : [lookup(default_action.value, "authenticate_cognito", {})]