diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 9af94cf..d921b00 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -18,7 +18,7 @@ repos:
args: ['--allow-missing-credentials']
- id: trailing-whitespace
- repo: https://github.com/antonbabenko/pre-commit-terraform
- rev: v1.77.1
+ rev: v1.79.1
hooks:
- id: terraform_fmt
- id: terraform_docs
diff --git a/README.md b/README.md
index 453405c..2443632 100644
--- a/README.md
+++ b/README.md
@@ -24,13 +24,13 @@ module "mq" {
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.3.0 |
-| [aws](#requirement\_aws) | >= 4.0 |
+| [aws](#requirement\_aws) | >= 5.0.0 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | 4.60.0 |
+| [aws](#provider\_aws) | >= 5.0.0 |
## Modules
@@ -40,8 +40,31 @@ No modules.
| Name | Type |
|------|------|
+| [aws_lb.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb) | resource |
+| [aws_lb_listener.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_listener) | resource |
+| [aws_lb_target_group.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_target_group) | resource |
+| [aws_lb_target_group_attachment.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_target_group_attachment) | resource |
| [aws_mq_broker.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/mq_broker) | resource |
| [aws_mq_configuration.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/mq_configuration) | resource |
+| [aws_security_group.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
+| [aws_security_group_rule.cidr_blocks_15671](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
+| [aws_security_group_rule.cidr_blocks_443](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
+| [aws_security_group_rule.cidr_blocks_5671](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
+| [aws_security_group_rule.cidr_blocks_61614](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
+| [aws_security_group_rule.cidr_blocks_61617](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
+| [aws_security_group_rule.cidr_blocks_61619](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
+| [aws_security_group_rule.cidr_blocks_8162](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
+| [aws_security_group_rule.cidr_blocks_8883](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
+| [aws_security_group_rule.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
+| [aws_security_group_rule.prefix_lists_15671](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
+| [aws_security_group_rule.prefix_lists_443](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
+| [aws_security_group_rule.prefix_lists_5671](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
+| [aws_security_group_rule.prefix_lists_61614](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
+| [aws_security_group_rule.prefix_lists_61617](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
+| [aws_security_group_rule.prefix_lists_61619](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
+| [aws_security_group_rule.prefix_lists_8162](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
+| [aws_security_group_rule.prefix_lists_8883](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
+| [aws_subnet.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet) | data source |
## Inputs
@@ -52,9 +75,20 @@ No modules.
| [authentication\_strategy](#input\_authentication\_strategy) | Authentication strategy used to secure the broker. Valid values are simple and ldap. ldap is not supported for engine\_type RabbitMQ. | `string` | `null` | no |
| [auto\_minor\_version\_upgrade](#input\_auto\_minor\_version\_upgrade) | Enables automatic upgrades to new minor versions for brokers, as Apache releases the versions | `bool` | `false` | no |
| [broker\_name](#input\_broker\_name) | Name of the broker | `string` | n/a | yes |
+| [cidr\_blocks\_15671](#input\_cidr\_blocks\_15671) | Cidr blocks for the Amazon MQ for RabbitMQ Console security group ingress rule | `list(string)` | `[]` | no |
+| [cidr\_blocks\_443](#input\_cidr\_blocks\_443) | Cidr blocks for the Amazon MQ for RabbitMQ Console security group ingress rule | `list(string)` | `[]` | no |
+| [cidr\_blocks\_5671](#input\_cidr\_blocks\_5671) | Cidr block for connections made via SSL AMQP security group ingress rule | `list(string)` | `[]` | no |
+| [cidr\_blocks\_61614](#input\_cidr\_blocks\_61614) | Cidr blocks for the Amazon MQ Stomp SSL security group ingress rule | `list(string)` | `[]` | no |
+| [cidr\_blocks\_61617](#input\_cidr\_blocks\_61617) | Cidr blocks for the Amazon MQ SSL security group ingress rule | `list(string)` | `[]` | no |
+| [cidr\_blocks\_61619](#input\_cidr\_blocks\_61619) | Cidr block for the websocket security group ingress rule | `list(string)` | `[]` | no |
+| [cidr\_blocks\_8162](#input\_cidr\_blocks\_8162) | Cidr blocks for the ActiveMQ Console security group ingress rule | `list(string)` | `[]` | no |
+| [cidr\_blocks\_8883](#input\_cidr\_blocks\_8883) | Cidr block for the MQTT security group ingress rule | `list(string)` | `[]` | no |
| [configuration\_data](#input\_configuration\_data) | Broker configuration in XML format | `string` | `null` | no |
| [configuration\_enabled](#input\_configuration\_enabled) | Enable configuration block for broker configuration. Applies to engine\_type of ActiveMQ only | `bool` | `true` | no |
+| [create\_security\_group](#input\_create\_security\_group) | Flag to create Security Group for the broker | `bool` | `false` | no |
| [deployment\_mode](#input\_deployment\_mode) | The deployment mode of the broker. Supported: SINGLE\_INSTANCE and ACTIVE\_STANDBY\_MULTI\_AZ | `string` | `"ACTIVE_STANDBY_MULTI_AZ"` | no |
+| [enable\_cross\_zone\_load\_balancing](#input\_enable\_cross\_zone\_load\_balancing) | Flag to enable/disable cross zone load balancing of the NLB | `bool` | `true` | no |
+| [enable\_deletion\_protection](#input\_enable\_deletion\_protection) | Flag to enable/disable deletion of NLB via AWS API and Terraform | `bool` | `true` | no |
| [encryption\_enabled](#input\_encryption\_enabled) | Flag to enable/disable Amazon MQ encryption at rest | `bool` | `true` | no |
| [engine\_type](#input\_engine\_type) | Type of broker engine, `ActiveMQ` or `RabbitMQ` | `string` | `"ActiveMQ"` | no |
| [engine\_version](#input\_engine\_version) | The version of the broker engine. See https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/broker-engine.html for more details | `string` | `"5.17.1"` | no |
@@ -65,8 +99,27 @@ No modules.
| [maintenance\_time\_of\_day](#input\_maintenance\_time\_of\_day) | The maintenance time, in 24-hour format. e.g. 02:00 | `string` | `"03:00"` | no |
| [maintenance\_time\_zone](#input\_maintenance\_time\_zone) | The maintenance time zone, in either the Country/City format, or the UTC offset format. e.g. CET | `string` | `"UTC"` | no |
| [mq\_additional\_users](#input\_mq\_additional\_users) | Additional MQ users | list(object({
username = string
password = string
groups = optional(list(string), [])
console_access = optional(bool, false)
})) | `[]` | no |
+| [nlb\_certificate\_arn](#input\_nlb\_certificate\_arn) | Ceritificate ARN of NLB | `string` | `null` | no |
+| [nlb\_enabled](#input\_nlb\_enabled) | Flag to attach Network Load Balancer to Active MQ | `bool` | `false` | no |
+| [nlb\_internal](#input\_nlb\_internal) | Scheme type of the NLB, valid value is true or false where true is for internal and false for internet facing | `bool` | `true` | no |
+| [nlb\_name](#input\_nlb\_name) | Name of the NLB | `string` | `null` | no |
+| [nlb\_tags](#input\_nlb\_tags) | A mapping of additional tags to be attached to the NLB | `map(string)` | `{}` | no |
+| [nlb\_tg\_port](#input\_nlb\_tg\_port) | Target Group Port for NLB | `number` | `8883` | no |
+| [nlb\_tg\_protocol](#input\_nlb\_tg\_protocol) | Target Group Protocol for NLB | `string` | `"TCP"` | no |
| [password](#input\_password) | Username for the admin user | `string` | `"adminpass123"` | no |
+| [prefix\_lists\_15671](#input\_prefix\_lists\_15671) | Prefix list ids for the Amazon MQ for RabbitMQ Console security group ingress rule | `list(string)` | `[]` | no |
+| [prefix\_lists\_443](#input\_prefix\_lists\_443) | Prefix list ids for the Amazon MQ for RabbitMQ Console security group ingress rule | `list(string)` | `[]` | no |
+| [prefix\_lists\_5671](#input\_prefix\_lists\_5671) | Prefix list ids for connections made via SSL AMQP URL security group ingress rule | `list(string)` | `[]` | no |
+| [prefix\_lists\_61614](#input\_prefix\_lists\_61614) | Prefix list ids for the Amazon MQ Stomp SSL security group ingress rule | `list(string)` | `[]` | no |
+| [prefix\_lists\_61617](#input\_prefix\_lists\_61617) | Prefix list ids for the Amazon MQ SSL security group ingress rule | `list(string)` | `[]` | no |
+| [prefix\_lists\_61619](#input\_prefix\_lists\_61619) | Prefix list ids for the websocket security group ingress rule | `list(string)` | `[]` | no |
+| [prefix\_lists\_8162](#input\_prefix\_lists\_8162) | Prefix list ids for the ActiveMQ Console security group ingress rule | `list(string)` | `[]` | no |
+| [prefix\_lists\_8883](#input\_prefix\_lists\_8883) | Prefix list ids for the MQTT security group ingress rule | `list(string)` | `[]` | no |
| [publicly\_accessible](#input\_publicly\_accessible) | Whether to enable connections from applications outside of the VPC that hosts the broker's subnets | `bool` | `false` | no |
+| [revoke\_rules\_on\_delete](#input\_revoke\_rules\_on\_delete) | Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. | `string` | `true` | no |
+| [security\_group\_description](#input\_security\_group\_description) | Description of the Security Group | `string` | `"Security Group for the AWS MQ"` | no |
+| [security\_group\_name](#input\_security\_group\_name) | Name of the Security Group | `string` | `""` | no |
+| [security\_group\_tags](#input\_security\_group\_tags) | A mapping of additional tags to be attached to the Security Group | `map(string)` | `{}` | no |
| [security\_groups](#input\_security\_groups) | List of security group IDs assigned to the broker | `list(string)` | `[]` | no |
| [storage\_type](#input\_storage\_type) | Storage type of the broker. For engine\_type ActiveMQ, the valid values are efs and ebs, and the AWS-default is efs. For engine\_type RabbitMQ, only ebs is supported. When using ebs, only the mq.m5 broker instance type family is supported. | `string` | `null` | no |
| [subnet\_ids](#input\_subnet\_ids) | List of VPC subnet IDs | `list(string)` | n/a | yes |
diff --git a/data.tf b/data.tf
new file mode 100644
index 0000000..647a8e9
--- /dev/null
+++ b/data.tf
@@ -0,0 +1,3 @@
+data "aws_subnet" "main" {
+ id = var.subnet_ids[0]
+}
diff --git a/examples/activemq-with-nlb/main.tf b/examples/activemq-with-nlb/main.tf
new file mode 100644
index 0000000..9de8b46
--- /dev/null
+++ b/examples/activemq-with-nlb/main.tf
@@ -0,0 +1,80 @@
+terraform {
+ required_version = ">= 1.3.0"
+
+ required_providers {
+ aws = ">= 5.0.0"
+ }
+}
+
+provider "aws" {
+ region = "eu-west-2"
+}
+
+data "aws_vpc" "default" {
+ id = ""
+}
+
+data "aws_subnets" "all" {
+ filter {
+ name = "vpc-id"
+ values = [data.aws_vpc.default.id]
+ }
+
+ filter {
+ name = "tag:Name"
+ values = ["*private*"]
+ }
+}
+
+locals {
+ mq_admin_user = "adminUsername"
+ mq_admin_password = "adminPassword"
+}
+
+module "active_mq" {
+ source = "../../"
+
+ broker_name = "my-active-mq-broker"
+
+ subnet_ids = data.aws_subnets.all.ids
+
+ engine_type = "ActiveMQ"
+ engine_version = "5.17.2"
+ host_instance_type = "mq.t3.micro"
+
+ apply_immediately = true
+
+ deployment_mode = "ACTIVE_STANDBY_MULTI_AZ"
+
+ encryption_enabled = false
+
+ username = local.mq_admin_user
+ password = local.mq_admin_password
+
+ general_log_enabled = true
+ audit_log_enabled = true
+
+ configuration_data = <
+
+
+
+
+
+
+
+DATA
+
+ nlb_enabled = true
+ nlb_certificate_arn = ""
+
+ create_security_group = true
+ security_group_name = "example"
+ security_group_description = "example"
+ cidr_blocks_8883 = [data.aws_vpc.default.cidr_block]
+ prefix_lists_8883 = [data.aws_ec2_managed_prefix_list.example.id]
+}
+
+data "aws_ec2_managed_prefix_list" "example" {
+ name = "example"
+}
diff --git a/examples/activemq/main.tf b/examples/activemq/main.tf
index 3e12a7d..b3569e6 100644
--- a/examples/activemq/main.tf
+++ b/examples/activemq/main.tf
@@ -2,7 +2,7 @@ terraform {
required_version = ">= 1.3.0"
required_providers {
- aws = ">= 4.0.0"
+ aws = ">= 5.0.0"
}
}
diff --git a/examples/rabbitmq/main.tf b/examples/rabbitmq/main.tf
index 6323bd3..553ba34 100644
--- a/examples/rabbitmq/main.tf
+++ b/examples/rabbitmq/main.tf
@@ -2,7 +2,7 @@ terraform {
required_version = ">= 1.3.0"
required_providers {
- aws = ">= 4.0.0"
+ aws = ">= 5.0.0"
}
}
diff --git a/lb.tf b/lb.tf
new file mode 100644
index 0000000..728b455
--- /dev/null
+++ b/lb.tf
@@ -0,0 +1,74 @@
+resource "aws_lb" "main" {
+ count = var.nlb_enabled && var.deployment_mode == "ACTIVE_STANDBY_MULTI_AZ" ? 1 : 0
+
+ name = var.nlb_name == null ? "${var.broker_name}-nlb" : var.nlb_name
+ internal = var.nlb_internal
+ load_balancer_type = "network"
+ subnets = var.subnet_ids
+
+ enable_cross_zone_load_balancing = var.enable_cross_zone_load_balancing
+ enable_deletion_protection = var.enable_deletion_protection
+
+ tags = merge(var.nlb_tags, var.tags)
+
+ depends_on = [
+ aws_mq_broker.main,
+ ]
+}
+
+resource "aws_lb_target_group" "main" {
+ count = var.nlb_enabled && var.deployment_mode == "ACTIVE_STANDBY_MULTI_AZ" ? 1 : 0
+
+ name = aws_lb.main[0].name
+ port = var.nlb_tg_port
+ protocol = var.nlb_tg_protocol
+ target_type = "ip"
+ vpc_id = data.aws_subnet.main.vpc_id
+
+ health_check {
+ enabled = true
+ port = 8162
+ protocol = "TCP"
+ interval = 10
+ healthy_threshold = 3
+ }
+
+ depends_on = [
+ aws_lb.main,
+ ]
+}
+
+resource "aws_lb_target_group_attachment" "main" {
+ # TODO check this logic
+ # for_each = toset([for instance in aws_mq_broker.main.instances : instance["ip_address"] if(var.nlb_enabled && var.deployment_mode == "ACTIVE_STANDBY_MULTI_AZ")])
+ count = (var.nlb_enabled && var.deployment_mode == "ACTIVE_STANDBY_MULTI_AZ") ? length(var.subnet_ids) : 0
+
+ target_group_arn = aws_lb_target_group.main[0].arn
+ # target_id = each.value
+ target_id = aws_mq_broker.main.instances[count.index]["ip_address"]
+ port = 8883
+
+ depends_on = [
+ aws_mq_broker.main,
+ ]
+}
+
+resource "aws_lb_listener" "main" {
+ count = var.nlb_enabled && var.deployment_mode == "ACTIVE_STANDBY_MULTI_AZ" ? 1 : 0
+
+ load_balancer_arn = aws_lb.main[0].arn
+ port = "8883"
+ protocol = "TLS"
+ certificate_arn = var.nlb_certificate_arn
+ alpn_policy = "HTTP2Preferred"
+ ssl_policy = "ELBSecurityPolicy-TLS-1-2-2017-01"
+
+ default_action {
+ type = "forward"
+ target_group_arn = aws_lb_target_group.main[0].arn
+ }
+
+ depends_on = [
+ aws_lb.main,
+ ]
+}
diff --git a/sg.tf b/sg.tf
new file mode 100644
index 0000000..6c76fa3
--- /dev/null
+++ b/sg.tf
@@ -0,0 +1,219 @@
+resource "aws_security_group" "main" {
+ count = var.create_security_group ? 1 : 0
+
+ name = var.security_group_name
+ description = var.security_group_description
+ vpc_id = data.aws_subnet.main.vpc_id
+
+ revoke_rules_on_delete = var.revoke_rules_on_delete
+
+ tags = merge(var.tags, var.security_group_tags)
+
+ lifecycle {
+ create_before_destroy = true
+ }
+}
+
+resource "aws_security_group_rule" "cidr_blocks_8883" {
+ count = var.create_security_group && length(var.cidr_blocks_8883) > 0 ? 1 : 0
+
+ type = "ingress"
+ security_group_id = aws_security_group.main[0].id
+ cidr_blocks = var.cidr_blocks_8883
+ description = "Cidr Blocks for MQTT"
+ from_port = 8883
+ to_port = 8883
+ protocol = "tcp"
+}
+
+resource "aws_security_group_rule" "prefix_lists_8883" {
+ count = var.create_security_group && length(var.prefix_lists_8883) > 0 ? 1 : 0
+
+ type = "ingress"
+ security_group_id = aws_security_group.main[0].id
+ prefix_list_ids = var.prefix_lists_8883
+ description = "Prefix Lists for MQTT"
+ from_port = 8883
+ to_port = 8883
+ protocol = "tcp"
+}
+
+resource "aws_security_group_rule" "cidr_blocks_8162" {
+ count = var.create_security_group && length(var.cidr_blocks_8162) > 0 ? 1 : 0
+
+ type = "ingress"
+ security_group_id = aws_security_group.main[0].id
+ cidr_blocks = var.cidr_blocks_8162
+ description = "Cidr Blocks for Amazon MQ for ActiveMQ console"
+ from_port = 8162
+ to_port = 8162
+ protocol = "tcp"
+}
+
+resource "aws_security_group_rule" "prefix_lists_8162" {
+ count = var.create_security_group && length(var.prefix_lists_8162) > 0 ? 1 : 0
+
+ type = "ingress"
+ security_group_id = aws_security_group.main[0].id
+ prefix_list_ids = var.prefix_lists_8162
+ description = "Prefix Lists for Amazon MQ for ActiveMQ console"
+ from_port = 8162
+ to_port = 8162
+ protocol = "tcp"
+}
+
+resource "aws_security_group_rule" "cidr_blocks_61619" {
+ count = var.create_security_group && length(var.cidr_blocks_61619) > 0 ? 1 : 0
+
+ type = "ingress"
+ security_group_id = aws_security_group.main[0].id
+ cidr_blocks = var.cidr_blocks_61619
+ description = "Cidr Blocks for ActiveMQ Websocket"
+ from_port = 61619
+ to_port = 61619
+ protocol = "tcp"
+}
+
+resource "aws_security_group_rule" "prefix_lists_61619" {
+ count = var.create_security_group && length(var.prefix_lists_61619) > 0 ? 1 : 0
+
+ type = "ingress"
+ security_group_id = aws_security_group.main[0].id
+ prefix_list_ids = var.prefix_lists_61619
+ description = "Prefix Lists for ActiveMQ Websocket"
+ from_port = 61619
+ to_port = 61619
+ protocol = "tcp"
+}
+
+resource "aws_security_group_rule" "cidr_blocks_5671" {
+ count = var.create_security_group && length(var.cidr_blocks_5671) > 0 ? 1 : 0
+
+ type = "ingress"
+ security_group_id = aws_security_group.main[0].id
+ cidr_blocks = var.cidr_blocks_5671
+ description = "Cidr block for connections made via SSL AMQP"
+ from_port = 5671
+ to_port = 5671
+ protocol = "tcp"
+}
+
+resource "aws_security_group_rule" "prefix_lists_5671" {
+ count = var.create_security_group && length(var.prefix_lists_5671) > 0 ? 1 : 0
+
+ type = "ingress"
+ security_group_id = aws_security_group.main[0].id
+ prefix_list_ids = var.prefix_lists_5671
+ description = "Prefix Lists for connections made via SSL AMQP"
+ from_port = 5671
+ to_port = 5671
+ protocol = "tcp"
+}
+
+resource "aws_security_group_rule" "cidr_blocks_443" {
+ count = var.create_security_group && length(var.cidr_blocks_443) > 0 ? 1 : 0
+
+ type = "ingress"
+ security_group_id = aws_security_group.main[0].id
+ cidr_blocks = var.cidr_blocks_443
+ description = "Cidr Blocks for Amazon MQ RabbitMQ console"
+ from_port = 443
+ to_port = 443
+ protocol = "tcp"
+}
+
+resource "aws_security_group_rule" "prefix_lists_443" {
+ count = var.create_security_group && length(var.prefix_lists_443) > 0 ? 1 : 0
+
+ type = "ingress"
+ security_group_id = aws_security_group.main[0].id
+ prefix_list_ids = var.prefix_lists_443
+ description = "Prefix Lists for Amazon MQ RabbitMQ console"
+ from_port = 443
+ to_port = 443
+ protocol = "tcp"
+}
+
+resource "aws_security_group_rule" "cidr_blocks_15671" {
+ count = var.create_security_group && length(var.cidr_blocks_15671) > 0 ? 1 : 0
+
+ type = "ingress"
+ security_group_id = aws_security_group.main[0].id
+ cidr_blocks = var.cidr_blocks_15671
+ description = "Cidr blocks for Amazon MQ RabbitMQ console"
+ from_port = 15671
+ to_port = 15671
+ protocol = "tcp"
+}
+
+resource "aws_security_group_rule" "prefix_lists_15671" {
+ count = var.create_security_group && length(var.prefix_lists_15671) > 0 ? 1 : 0
+
+ type = "ingress"
+ security_group_id = aws_security_group.main[0].id
+ prefix_list_ids = var.prefix_lists_15671
+ description = "Prefix Lists for Amazon MQ RabbitMQ console"
+ from_port = 15671
+ to_port = 15671
+ protocol = "tcp"
+}
+
+resource "aws_security_group_rule" "cidr_blocks_61617" {
+ count = var.create_security_group && length(var.cidr_blocks_61617) > 0 ? 1 : 0
+
+ type = "ingress"
+ security_group_id = aws_security_group.main[0].id
+ cidr_blocks = var.cidr_blocks_61617
+ description = "Cidr block for Amazon MQ SSL"
+ from_port = 61617
+ to_port = 61617
+ protocol = "tcp"
+}
+
+resource "aws_security_group_rule" "prefix_lists_61617" {
+ count = var.create_security_group && length(var.prefix_lists_61617) > 0 ? 1 : 0
+
+ type = "ingress"
+ security_group_id = aws_security_group.main[0].id
+ prefix_list_ids = var.prefix_lists_61617
+ description = "Prefix Lists for Amazon MQ SSL"
+ from_port = 61617
+ to_port = 61617
+ protocol = "tcp"
+}
+
+resource "aws_security_group_rule" "cidr_blocks_61614" {
+ count = var.create_security_group && length(var.cidr_blocks_61614) > 0 ? 1 : 0
+
+ type = "ingress"
+ security_group_id = aws_security_group.main[0].id
+ cidr_blocks = var.cidr_blocks_61614
+ description = "Cidr block for Amazon MQ Stomp + SSL"
+ from_port = 61614
+ to_port = 61614
+ protocol = "tcp"
+}
+
+resource "aws_security_group_rule" "prefix_lists_61614" {
+ count = var.create_security_group && length(var.prefix_lists_61614) > 0 ? 1 : 0
+
+ type = "ingress"
+ security_group_id = aws_security_group.main[0].id
+ prefix_list_ids = var.prefix_lists_61614
+ description = "Prefix Lists for Amazon MQ Stomp + SSL"
+ from_port = 61614
+ to_port = 61614
+ protocol = "tcp"
+}
+
+resource "aws_security_group_rule" "main" {
+ count = var.create_security_group ? 1 : 0
+
+ type = "egress"
+ description = "Egress Rule for ${aws_mq_broker.main.broker_name}"
+ protocol = "-1"
+ from_port = -1
+ to_port = -1
+ cidr_blocks = ["0.0.0.0/0"]
+ security_group_id = aws_security_group.main[0].id
+}
diff --git a/variables.tf b/variables.tf
index e8e23a5..940b2b3 100644
--- a/variables.tf
+++ b/variables.tf
@@ -157,3 +157,183 @@ variable "tags" {
type = map(string)
default = {}
}
+
+variable "nlb_enabled" {
+ description = "Flag to attach Network Load Balancer to Active MQ"
+ type = bool
+ default = false
+}
+
+variable "nlb_name" {
+ description = "Name of the NLB"
+ type = string
+ default = null
+}
+
+variable "nlb_internal" {
+ description = "Scheme type of the NLB, valid value is true or false where true is for internal and false for internet facing"
+ type = bool
+ default = true
+}
+
+variable "enable_cross_zone_load_balancing" {
+ description = "Flag to enable/disable cross zone load balancing of the NLB"
+ type = bool
+ default = true
+}
+
+variable "enable_deletion_protection" {
+ description = "Flag to enable/disable deletion of NLB via AWS API and Terraform"
+ type = bool
+ default = true
+}
+
+variable "nlb_certificate_arn" {
+ description = "Ceritificate ARN of NLB"
+ type = string
+ default = null
+}
+
+variable "nlb_tg_port" {
+ description = "Target Group Port for NLB"
+ type = number
+ default = 8883
+}
+
+variable "nlb_tg_protocol" {
+ description = "Target Group Protocol for NLB"
+ type = string
+ default = "TCP"
+}
+
+variable "nlb_tags" {
+ description = "A mapping of additional tags to be attached to the NLB"
+ type = map(string)
+ default = {}
+}
+
+variable "create_security_group" {
+ description = "Flag to create Security Group for the broker"
+ type = bool
+ default = false
+}
+
+variable "security_group_name" {
+ description = "Name of the Security Group"
+ type = string
+ default = ""
+}
+
+variable "security_group_description" {
+ description = "Description of the Security Group"
+ type = string
+ default = "Security Group for the AWS MQ"
+}
+
+variable "security_group_tags" {
+ description = "A mapping of additional tags to be attached to the Security Group"
+ type = map(string)
+ default = {}
+}
+
+variable "revoke_rules_on_delete" {
+ description = "Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself."
+ type = string
+ default = true
+}
+
+variable "cidr_blocks_8883" {
+ description = "Cidr block for the MQTT security group ingress rule"
+ type = list(string)
+ default = []
+}
+
+variable "prefix_lists_8883" {
+ description = "Prefix list ids for the MQTT security group ingress rule"
+ type = list(string)
+ default = []
+}
+
+variable "cidr_blocks_8162" {
+ description = "Cidr blocks for the ActiveMQ Console security group ingress rule"
+ type = list(string)
+ default = []
+}
+
+variable "prefix_lists_8162" {
+ description = "Prefix list ids for the ActiveMQ Console security group ingress rule"
+ type = list(string)
+ default = []
+}
+
+variable "cidr_blocks_61619" {
+ description = "Cidr block for the websocket security group ingress rule"
+ type = list(string)
+ default = []
+}
+
+variable "prefix_lists_61619" {
+ description = "Prefix list ids for the websocket security group ingress rule"
+ type = list(string)
+ default = []
+}
+
+variable "cidr_blocks_5671" {
+ description = "Cidr block for connections made via SSL AMQP security group ingress rule"
+ type = list(string)
+ default = []
+}
+
+variable "prefix_lists_5671" {
+ description = "Prefix list ids for connections made via SSL AMQP URL security group ingress rule"
+ type = list(string)
+ default = []
+}
+
+variable "cidr_blocks_443" {
+ description = "Cidr blocks for the Amazon MQ for RabbitMQ Console security group ingress rule"
+ type = list(string)
+ default = []
+}
+
+variable "prefix_lists_443" {
+ description = "Prefix list ids for the Amazon MQ for RabbitMQ Console security group ingress rule"
+ type = list(string)
+ default = []
+}
+
+variable "cidr_blocks_15671" {
+ description = "Cidr blocks for the Amazon MQ for RabbitMQ Console security group ingress rule"
+ type = list(string)
+ default = []
+}
+
+variable "prefix_lists_15671" {
+ description = "Prefix list ids for the Amazon MQ for RabbitMQ Console security group ingress rule"
+ type = list(string)
+ default = []
+}
+
+variable "cidr_blocks_61617" {
+ description = "Cidr blocks for the Amazon MQ SSL security group ingress rule"
+ type = list(string)
+ default = []
+}
+
+variable "prefix_lists_61617" {
+ description = "Prefix list ids for the Amazon MQ SSL security group ingress rule"
+ type = list(string)
+ default = []
+}
+
+variable "cidr_blocks_61614" {
+ description = "Cidr blocks for the Amazon MQ Stomp SSL security group ingress rule"
+ type = list(string)
+ default = []
+}
+
+variable "prefix_lists_61614" {
+ description = "Prefix list ids for the Amazon MQ Stomp SSL security group ingress rule"
+ type = list(string)
+ default = []
+}
diff --git a/versions.tf b/versions.tf
index 4c8603d..a9e6407 100644
--- a/versions.tf
+++ b/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 4.0"
+ version = ">= 5.0.0"
}
}
}