feat: Expose variable to control health check in ASG (#25)

PaloAltoNetworks · Apr 4, 2024 · 48f4fd4 · 48f4fd4
1 parent 236aff6
commit 48f4fd4
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 0 deletions.
diff --git a/modules/asg/README.md b/modules/asg/README.md
@@ -68,6 +68,7 @@ No modules.
 | <a name="input_ebs_kms_id"></a> [ebs\_kms\_id](#input\_ebs\_kms\_id) | Alias for AWS KMS used for EBS encryption in VM-Series | `string` | `"alias/aws/ebs"` | no |
 | <a name="input_fw_license_type"></a> [fw\_license\_type](#input\_fw\_license\_type) | Select License type (byol/payg1/payg2) | `string` | `"byol"` | no |
 | <a name="input_global_tags"></a> [global\_tags](#input\_global\_tags) | Map of AWS tags to apply to all the created resources. | `map(any)` | n/a | yes |
+| <a name="input_health_check"></a> [health\_check](#input\_health\_check) | Controls how health checking is done. | <pre>object({<br>    grace_period = number<br>    type         = string<br>  })</pre> | <pre>{<br>  "grace_period": 300,<br>  "type": "EC2"<br>}</pre> | no |
 | <a name="input_instance_refresh"></a> [instance\_refresh](#input\_instance\_refresh) | If this variable is configured (not null), then start an Instance Refresh when Auto Scaling Group is updated.<br><br>  Instance refresh is defined by attributes:<br>  - `strategy` - Strategy to use for instance refresh. The only allowed value is Rolling<br>  - `preferences` - Override default parameters for Instance Refresh:<br>    - `checkpoint_delay` - Number of seconds to wait after a checkpoint. Defaults to 3600.<br>    - `checkpoint_percentages` - List of percentages for each checkpoint. Values must be unique and in ascending order. <br>                                 To replace all instances, the final number must be 100.<br>    - `instance_warmup` - Number of seconds until a newly launched instance is configured and ready to use. <br>                          Default behavior is to use the Auto Scaling Group's health check grace period.<br>    - `min_healthy_percentage` - Amount of capacity in the Auto Scaling group that must remain healthy during an instance refresh <br>                                to allow the operation to continue, as a percentage of the desired capacity of the Auto Scaling group. <br>                                Defaults to 90.<br>    - `skip_matching` - Replace instances that already have your desired configuration. Defaults to false.<br>    - `auto_rollback` - Automatically rollback if instance refresh fails. Defaults to false. <br>                        This option may only be set to true when specifying a launch\_template or mixed\_instances\_policy.<br>    - `scale_in_protected_instances` - Behavior when encountering instances protected from scale in are found. <br>                                       Available behaviors are Refresh, Ignore, and Wait. Default is Ignore.<br>    - `standby_instances` - Behavior when encountering instances in the Standby state in are found. <br>                            Available behaviors are Terminate, Ignore, and Wait. Default is Ignore.<br>  - `trigger` - Set of additional property names that will trigger an Instance Refresh. <br>                A refresh will always be triggered by a change in any of launch\_configuration, launch\_template, or mixed\_instances\_policy. | <pre>object({<br>    strategy = string<br>    preferences = object({<br>      checkpoint_delay             = number<br>      checkpoint_percentages       = list(number)<br>      instance_warmup              = number<br>      min_healthy_percentage       = number<br>      skip_matching                = bool<br>      auto_rollback                = bool<br>      scale_in_protected_instances = string<br>      standby_instances            = string<br>    })<br>    triggers = list(string)<br>  })</pre> | `null` | no |
 | <a name="input_instance_type"></a> [instance\_type](#input\_instance\_type) | EC2 instance type. | `string` | `"m5.xlarge"` | no |
 | <a name="input_interfaces"></a> [interfaces](#input\_interfaces) | Map of the network interface specifications.<br>If "mgmt-interface-swap" bootstrap option is enabled, ensure dataplane interface `device_index` is set to 0 and the firewall management interface `device_index` is set to 1.<br>Available options:<br>- `device_index`       = (Required\|int) Determines order in which interfaces are attached to the instance. Interface with `0` is attached at boot time.<br>- `subnet_id`          = (Required\|string) Subnet ID to create the ENI in.<br>- `name`               = (Optional\|string) Name tag for the ENI. Defaults to instance name suffixed by map's key.<br>- `description`        = (Optional\|string) A descriptive name for the ENI.<br>- `create_public_ip`   = (Optional\|bool) Whether to create a public IP for the ENI. Defaults to false.<br>- `eip_allocation_id`  = (Optional\|string) Associate an existing EIP to the ENI.<br>- `private_ips`        = (Optional\|list) List of private IPs to assign to the ENI. If not set, dynamic allocation is used.<br>- `public_ipv4_pool`   = (Optional\|string) EC2 IPv4 address pool identifier.<br>- `source_dest_check`  = (Optional\|bool) Whether to enable source destination checking for the ENI. Defaults to false.<br>- `security_group_ids` = (Optional\|list) A list of Security Group IDs to assign to this interface. Defaults to null.<br><br>Example:<pre>interfaces = {<br>  mgmt = {<br>    device_index       = 0<br>    subnet_id          = aws_subnet.mgmt.id<br>    name               = "mgmt"<br>    create_public_ip   = true<br>    source_dest_check  = true<br>    security_group_ids = ["sg-123456"]<br>  },<br>  public = {<br>    device_index     = 1<br>    subnet_id        = aws_subnet.public.id<br>    name             = "public"<br>    create_public_ip = true<br>  },<br>  private = {<br>    device_index = 2<br>    subnet_id    = aws_subnet.private.id<br>    name         = "private"<br>  },<br>]</pre> | `map(any)` | n/a | yes |

diff --git a/modules/asg/main.tf b/modules/asg/main.tf
@@ -105,6 +105,9 @@ resource "aws_autoscaling_group" "this" {
   min_size            = var.min_size
   target_group_arns   = [var.target_group_arn]
 
+  health_check_grace_period = var.health_check.grace_period
+  health_check_type         = var.health_check.type
+
   dynamic "tag" {
     for_each = var.global_tags
     content {

diff --git a/modules/asg/variables.tf b/modules/asg/variables.tf
@@ -205,6 +205,22 @@ variable "min_size" {
   default     = 1
 }
 
+variable "health_check" {
+  description = "Controls how health checking is done."
+  default = {
+    grace_period = 300
+    type         = "EC2"
+  }
+  type = object({
+    grace_period = number
+    type         = string
+  })
+  validation {
+    condition     = contains(["EC2", "ELB"], var.health_check.type)
+    error_message = "The health check type value must be `EC2` or `ELB`."
+  }
+}
+
 variable "delete_timeout" {
   description = <<EOF
   Timeout needed to correctly drain autoscaling group while deleting ASG.