diff --git a/README.md b/README.md
index a4bd022..ec40ea7 100644
--- a/README.md
+++ b/README.md
@@ -224,6 +224,8 @@ Available targets:
| ip\_address\_type | The type of IP addresses used by the subnets for your load balancer. The possible values are `ipv4` and `dualstack`. | `string` | `"ipv4"` | no |
| label\_order | The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no |
| lifecycle\_rule\_enabled | A boolean that indicates whether the s3 log bucket lifecycle rule should be enabled. | `bool` | `false` | no |
+| listener\_http\_fixed\_response | Have the HTTP listener return a fixed response for the default action. | object({
content_type = string
message_body = string
status_code = string
}) | `null` | no |
+| listener\_https\_fixed\_response | Have the HTTPS listener return a fixed response for the default action. | object({
content_type = string
message_body = string
status_code = string
}) | `null` | no |
| name | Solution name, e.g. 'app' or 'jenkins' | `string` | `null` | no |
| namespace | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `null` | no |
| noncurrent\_version\_expiration\_days | Specifies when noncurrent s3 log versions expire | `number` | `90` | no |
@@ -349,7 +351,7 @@ In general, PRs are welcome. We follow the typical "fork-and-pull" Git workflow.
## Copyright
-Copyright © 2017-2020 [Cloud Posse, LLC](https://cpco.io/copyright)
+Copyright © 2017-2021 [Cloud Posse, LLC](https://cpco.io/copyright)
diff --git a/docs/terraform.md b/docs/terraform.md
index b4cea3c..c6aa1e0 100644
--- a/docs/terraform.md
+++ b/docs/terraform.md
@@ -60,6 +60,8 @@
| ip\_address\_type | The type of IP addresses used by the subnets for your load balancer. The possible values are `ipv4` and `dualstack`. | `string` | `"ipv4"` | no |
| label\_order | The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no |
| lifecycle\_rule\_enabled | A boolean that indicates whether the s3 log bucket lifecycle rule should be enabled. | `bool` | `false` | no |
+| listener\_http\_fixed\_response | Have the HTTP listener return a fixed response for the default action. | object({
content_type = string
message_body = string
status_code = string
}) | `null` | no |
+| listener\_https\_fixed\_response | Have the HTTPS listener return a fixed response for the default action. | object({
content_type = string
message_body = string
status_code = string
}) | `null` | no |
| name | Solution name, e.g. 'app' or 'jenkins' | `string` | `null` | no |
| namespace | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `null` | no |
| noncurrent\_version\_expiration\_days | Specifies when noncurrent s3 log versions expire | `number` | `90` | no |
diff --git a/main.tf b/main.tf
index 5aeab06..ce12e84 100644
--- a/main.tf
+++ b/main.tf
@@ -137,8 +137,17 @@ resource "aws_lb_listener" "http_forward" {
protocol = "HTTP"
default_action {
- target_group_arn = join("", aws_lb_target_group.default.*.arn)
- type = "forward"
+ target_group_arn = var.listener_http_fixed_response != null ? null : join("", aws_lb_target_group.default.*.arn)
+ type = var.listener_http_fixed_response != null ? "fixed-response" : "forward"
+
+ dynamic "fixed_response" {
+ for_each = var.listener_http_fixed_response != null ? [var.listener_http_fixed_response] : []
+ content {
+ content_type = fixed_response.value["content_type"]
+ message_body = fixed_response.value["message_body"]
+ status_code = fixed_response.value["status_code"]
+ }
+ }
}
}
@@ -170,10 +179,20 @@ resource "aws_lb_listener" "https" {
certificate_arn = var.certificate_arn
default_action {
- target_group_arn = join("", aws_lb_target_group.default.*.arn)
- type = "forward"
+ target_group_arn = var.listener_https_fixed_response != null ? null : join("", aws_lb_target_group.default.*.arn)
+ type = var.listener_https_fixed_response != null ? "fixed-response" : "forward"
+
+ dynamic "fixed_response" {
+ for_each = var.listener_https_fixed_response != null ? [var.listener_https_fixed_response] : []
+ content {
+ content_type = fixed_response.value["content_type"]
+ message_body = fixed_response.value["message_body"]
+ status_code = fixed_response.value["status_code"]
+ }
+ }
}
}
+
resource "aws_lb_listener_certificate" "https_sni" {
count = module.this.enabled && var.https_enabled && var.additional_certs != [] ? length(var.additional_certs) : 0
listener_arn = join("", aws_lb_listener.https.*.arn)
diff --git a/variables.tf b/variables.tf
index d698887..5d19aa8 100644
--- a/variables.tf
+++ b/variables.tf
@@ -212,6 +212,26 @@ variable "target_group_additional_tags" {
description = "The additional tags to apply to the target group"
}
+variable "listener_http_fixed_response" {
+ description = "Have the HTTP listener return a fixed response for the default action."
+ type = object({
+ content_type = string
+ message_body = string
+ status_code = string
+ })
+ default = null
+}
+
+variable "listener_https_fixed_response" {
+ description = "Have the HTTPS listener return a fixed response for the default action."
+ type = object({
+ content_type = string
+ message_body = string
+ status_code = string
+ })
+ default = null
+}
+
variable "lifecycle_rule_enabled" {
type = bool
description = "A boolean that indicates whether the s3 log bucket lifecycle rule should be enabled."