factor out elb to separate project

13 files changed, 73 insertions, 41 deletions

diff --git a/README.md b/README.md
index bde5ddf..aaad5a0 100644
--- a/README.md
+++ b/README.md
@@ -23,6 +23,10 @@ Then, create subdirectories in EFS, using `org-buetow-helper`. E.g., have someth
 /mnt/efs/ecs/audiobookshelf
 ```
 
+## Set up Application loadbalancer
+
+In `org-buetow-elb`
+
 ## Now set up Fargate/ECS
 
 In `org-buetow-ecs`
diff --git a/org-buetow-ecs/audiobookshelfservice.tf b/org-buetow-ecs/audiobookshelfservice.tf
index 50358f0..dec7668 100644
--- a/org-buetow-ecs/audiobookshelfservice.tf
+++ b/org-buetow-ecs/audiobookshelfservice.tf
@@ -4,8 +4,8 @@ resource "aws_route53_record" "my_a_record_audiobookshelf" {
   type    = "A"
 
   alias {
-    name                   = aws_lb.my_alb.dns_name
-    zone_id                = aws_lb.my_alb.zone_id
+    name                   = data.terraform_remote_state.elb.outputs.alb_dns_name
+    zone_id                = data.terraform_remote_state.elb.outputs.alb_zone_id
     evaluate_target_health = true
   }
 }
@@ -134,7 +134,7 @@ resource "aws_lb_target_group" "my_audiobookshelf_tg" {
 }
 
 resource "aws_lb_listener_rule" "my_audiobookshelf_https_listener_rule" {
-  listener_arn = aws_lb_listener.my_https_listener.arn
+  listener_arn = data.terraform_remote_state.elb.outputs.alb_https_listener_arn
   priority     = 102
 
   action {
diff --git a/org-buetow-ecs/data.tf b/org-buetow-ecs/data.tf
new file mode 100644
index 0000000..91583b3
--- /dev/null
+++ b/org-buetow-ecs/data.tf
@@ -0,0 +1,3 @@
+data "aws_route53_zone" "my_zone" {
+  name = "aws.buetow.org."
+}
diff --git a/org-buetow-ecs/ecs.tf b/org-buetow-ecs/ecs.tf
index 7c678d4..b31a46b 100644
--- a/org-buetow-ecs/ecs.tf
+++ b/org-buetow-ecs/ecs.tf
@@ -21,27 +21,3 @@ resource "aws_iam_role_policy_attachment" "ecs_execution_role_policy_attach" {
   role       = aws_iam_role.ecs_execution_role.name
   policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
 }
-
-# For EFS mounts
-#resource "aws_iam_role" "ecs_task_execution_role" {
-#  name = "ecs_task_execution_role"
-#
-#  assume_role_policy = jsonencode({
-#    Version = "2012-10-17",
-#    Statement = [
-#      {
-#        Action = "sts:AssumeRole",
-#        Effect = "Allow",
-#        Principal = {
-#          Service = "ecs-tasks.amazonaws.com"
-#        },
-#      },
-#    ],
-#  })
-#}
-#
-## For EFS mounts
-#resource "aws_iam_role_policy_attachment" "ecs_efs_access" {
-#  role       = aws_iam_role.ecs_task_execution_role.name
-#  policy_arn = "arn:aws:iam::aws:policy/AmazonElasticFileSystemFullAccess"
-#}
diff --git a/org-buetow-ecs/nginxservice.tf b/org-buetow-ecs/nginxservice.tf
index 1ea519b..f5fd40e 100644
--- a/org-buetow-ecs/nginxservice.tf
+++ b/org-buetow-ecs/nginxservice.tf
@@ -4,8 +4,8 @@ resource "aws_route53_record" "my_a_record" {
   type    = "A"
 
   alias {
-    name                   = aws_lb.my_alb.dns_name
-    zone_id                = aws_lb.my_alb.zone_id
+    name                   = data.terraform_remote_state.elb.outputs.alb_dns_name
+    zone_id                = data.terraform_remote_state.elb.outputs.alb_zone_id
     evaluate_target_health = true
   }
 }
@@ -80,7 +80,7 @@ resource "aws_lb_target_group" "my_nginx_tg" {
 }
 
 resource "aws_lb_listener_rule" "my_nginx_https_listener_rule" {
-  listener_arn = aws_lb_listener.my_https_listener.arn
+  listener_arn = data.terraform_remote_state.elb.outputs.alb_https_listener_arn
   priority     = 100
 
   action {
diff --git a/org-buetow-ecs/remotestate.tf b/org-buetow-ecs/remotestate.tf
index b66c16f..db9b321 100644
--- a/org-buetow-ecs/remotestate.tf
+++ b/org-buetow-ecs/remotestate.tf
@@ -6,3 +6,12 @@ data "terraform_remote_state" "base" {
     region = "eu-central-1"
   }
 }
+
+data "terraform_remote_state" "elb" {
+  backend = "s3"
+  config = {
+    bucket = "org-buetow-tfstate"
+    key    = "org-buetow-elb/terraform.tfstate"
+    region = "eu-central-1"
+  }
+}
diff --git a/org-buetow-ecs/vaultwarden.tf b/org-buetow-ecs/vaultwardenservice.tf
index 4346218..b8db54a 100644
--- a/org-buetow-ecs/vaultwarden.tf
+++ b/org-buetow-ecs/vaultwardenservice.tf
@@ -4,8 +4,8 @@ resource "aws_route53_record" "my_a_record_vaultwarden" {
   type    = "A"
 
   alias {
-    name                   = aws_lb.my_alb.dns_name
-    zone_id                = aws_lb.my_alb.zone_id
+    name                   = data.terraform_remote_state.elb.outputs.alb_dns_name
+    zone_id                = data.terraform_remote_state.elb.outputs.alb_zone_id
     evaluate_target_health = true
   }
 }
@@ -95,7 +95,7 @@ resource "aws_lb_target_group" "my_vaultwarden_tg" {
 }
 
 resource "aws_lb_listener_rule" "my_vaultwarden_https_listener_rule" {
-  listener_arn = aws_lb_listener.my_https_listener.arn
+  listener_arn = data.terraform_remote_state.elb.outputs.alb_https_listener_arn
   priority     = 103
 
   action {
diff --git a/org-buetow-ecs/wallabagservice.tf b/org-buetow-ecs/wallabagservice.tf
index 715c777..9c0e1b8 100644
--- a/org-buetow-ecs/wallabagservice.tf
+++ b/org-buetow-ecs/wallabagservice.tf
@@ -4,8 +4,8 @@ resource "aws_route53_record" "my_a_record_wallabag" {
   type    = "A"
 
   alias {
-    name                   = aws_lb.my_alb.dns_name
-    zone_id                = aws_lb.my_alb.zone_id
+    name                   = data.terraform_remote_state.elb.outputs.alb_dns_name
+    zone_id                = data.terraform_remote_state.elb.outputs.alb_zone_id
     evaluate_target_health = true
   }
 }
@@ -117,7 +117,7 @@ resource "aws_lb_target_group" "my_wallabag_tg" {
 }
 
 resource "aws_lb_listener_rule" "my_wallabag_https_listener_rule" {
-  listener_arn = aws_lb_listener.my_https_listener.arn
+  listener_arn = data.terraform_remote_state.elb.outputs.alb_https_listener_arn
   priority     = 101
 
   action {
diff --git a/org-buetow-ecs/elb.tf b/org-buetow-elb/alb.tf
index 5ba57ca..cf9d5a2 100644
--- a/org-buetow-ecs/elb.tf
+++ b/org-buetow-elb/alb.tf
@@ -54,10 +54,6 @@ resource "aws_lb_listener" "my_http_listener" {
   }
 }
 
-data "aws_route53_zone" "my_zone" {
-  name = "aws.buetow.org."
-}
-
 resource "aws_lb_listener" "my_https_listener" {
   load_balancer_arn = aws_lb.my_alb.arn
   port              = "443"
@@ -67,6 +63,15 @@ resource "aws_lb_listener" "my_https_listener" {
 
   default_action {
     type             = "forward"
-    target_group_arn = aws_lb_target_group.my_nginx_tg.arn
+    target_group_arn = aws_lb_target_group.default_tg.arn
   }
 }
+
+resource "aws_lb_target_group" "default_tg" {
+  name        = "my-default-tg"
+  port        = 80
+  protocol    = "HTTP"
+  vpc_id      = data.terraform_remote_state.base.outputs.my_vpc_id
+  target_type = "ip"
+}
+
diff --git a/org-buetow-elb/data.tf b/org-buetow-elb/data.tf
new file mode 100644
index 0000000..91583b3
--- /dev/null
+++ b/org-buetow-elb/data.tf
@@ -0,0 +1,3 @@
+data "aws_route53_zone" "my_zone" {
+  name = "aws.buetow.org."
+}
diff --git a/org-buetow-elb/main.tf b/org-buetow-elb/main.tf
new file mode 100644
index 0000000..b83c53f
--- /dev/null
+++ b/org-buetow-elb/main.tf
@@ -0,0 +1,13 @@
+terraform {
+  backend "s3" {
+    bucket = "org-buetow-tfstate"
+    key    = "org-buetow-elb/terraform.tfstate"
+    region = "eu-central-1"
+    # Optional, if you enabled server-side encryption
+    encrypt = true
+  }
+}
+
+provider "aws" {
+  region = "eu-central-1" # or your preferred AWS region
+}
diff --git a/org-buetow-elb/outputs.tf b/org-buetow-elb/outputs.tf
new file mode 100644
index 0000000..39925a2
--- /dev/null
+++ b/org-buetow-elb/outputs.tf
@@ -0,0 +1,11 @@
+output "alb_dns_name" {
+  value = aws_lb.my_alb.dns_name
+}
+
+output "alb_zone_id" {
+  value = aws_lb.my_alb.zone_id
+}
+
+output "alb_https_listener_arn" {
+  value = aws_lb_listener.my_https_listener.arn
+}
diff --git a/org-buetow-elb/remotestate.tf b/org-buetow-elb/remotestate.tf
new file mode 100644
index 0000000..b66c16f
--- /dev/null
+++ b/org-buetow-elb/remotestate.tf
@@ -0,0 +1,8 @@
+data "terraform_remote_state" "base" {
+  backend = "s3"
+  config = {
+    bucket = "org-buetow-tfstate"
+    key    = "org-buetow-base/terraform.tfstate"
+    region = "eu-central-1"
+  }
+}