diff --git a/roles/aws/aws_ec2_autoscale_cluster/defaults/main.yml b/roles/aws/aws_ec2_autoscale_cluster/defaults/main.yml index b6aedd0b2..e6378a6b2 100644 --- a/roles/aws/aws_ec2_autoscale_cluster/defaults/main.yml +++ b/roles/aws/aws_ec2_autoscale_cluster/defaults/main.yml @@ -271,6 +271,24 @@ aws_ec2_autoscale_cluster: create_cert: false create_distribution: false cf_certificate_ARN: "" # Certificate must be in us-east-1 for CloudFront. Define a certificate to build a distribution. + listeners_http: + rules: + - Conditions: + - Field: host-header + Values: + - "example-redirect.com" + Priority: '4' + Actions: + - Type: redirect + RedirectConfig: + Host: "codeenigma.com" + Port: "#{port}" + Protocol: "HTTPS" + Path: "/#{path}" + Query: "#{query}" + StatusCode: "HTTP_301" + listeners_https: + rules: [] # Add custom listeners. See https://docs.ansible.com/ansible/latest/collections/community/aws/elb_application_lb_module.html listeners: [] alb_ssl_policy: "ELBSecurityPolicy-TLS-1-2-2017-01" # Sets the ALB SSL policy to only accect TLSv1.2 and apply more secure ciphers. diff --git a/roles/aws/aws_ec2_autoscale_cluster/tasks/main.yml b/roles/aws/aws_ec2_autoscale_cluster/tasks/main.yml index 77b0e0a11..fdc8384c6 100644 --- a/roles/aws/aws_ec2_autoscale_cluster/tasks/main.yml +++ b/roles/aws/aws_ec2_autoscale_cluster/tasks/main.yml @@ -349,6 +349,7 @@ DefaultActions: - Type: forward TargetGroupName: "{{ aws_ec2_autoscale_cluster.name }}" + Rules: "{{ aws_ec2_autoscale_cluster.listeners_http.rules }}" _aws_ec2_autoscale_cluster_listeners_redirect: Protocol: HTTP Port: "{{ aws_ec2_autoscale_cluster.alb_http_port }}" @@ -370,6 +371,7 @@ DefaultActions: - Type: forward TargetGroupName: "{{ aws_ec2_autoscale_cluster.name }}" + Rules: "{{ aws_ec2_autoscale_cluster.listeners_https.rules }}" when: aws_ec2_autoscale_cluster.create_elb # @TODO - we can use the aws_acm_obsolete_certificate_arn variable to tidy up previous ACM certs, if it is defined.