Add optional port 80 on internal LB

lucasmacedot · web-flow · commit 8f228bf7f7b9 · 2025-08-11T18:14:14.000-03:00
diff --git a/_variables.tf b/_variables.tf
@@ -14,6 +14,7 @@ variable "architecture" {
   default     = "x86_64"
   description = "Architecture to select the AMI, x86_64 or arm64"
 }
+
 variable "volume_type" {
   default     = "gp2"
   description = "The EBS volume type"
@@ -132,6 +133,12 @@ variable "alb_internal_ssl_policy" {
   description = "The name of the SSL Policy for the listener. Required if protocol is HTTPS or TLS."
 }
 
+variable "alb_internal_enable_http" {
+  type = bool
+  default = false
+  description = "If listenter in port 80 should be enable for internal LB"
+}
+
 variable "alb_drop_invalid_header_fields" {
   default     = true
   type        = bool
diff --git a/alb-internal.tf b/alb-internal.tf
@@ -33,6 +33,29 @@ resource "aws_lb" "ecs_internal" {
   )
 }
 
+
+
+resource "aws_lb_listener" "ecs_optional_http_internal" {
+  count = var.alb_internal && var.alb_internal_enable_http ? 1 : 0
+
+  load_balancer_arn = aws_lb.ecs_internal[0].arn
+  port              = "80"
+  protocol          = "HTTP"
+
+  default_action {
+    type             = "forward"
+    target_group_arn = aws_lb_target_group.ecs_default_https_internal[0].arn
+  }
+
+  tags = merge(
+    var.tags,
+    {
+      "Terraform" = true
+    },
+  )
+}
+
+
 resource "aws_lb_listener" "ecs_https_internal" {
   count = var.alb_internal ? 1 : 0
 
@@ -46,7 +69,6 @@ resource "aws_lb_listener" "ecs_https_internal" {
     type             = "forward"
     target_group_arn = aws_lb_target_group.ecs_default_https_internal[0].arn
   }
-
   tags = merge(
     var.tags,
     {
