Describe the bug
Attempting to use a lambda function for the target group of an ALB, I get various errors. Documentation does not have a clear example of how to implement this functionality, if it is supported at all.

To Reproduce
Steps to reproduce the behavior:

1. Create a lambda function "foo"
2. Attempt to use a target group of type "LAMBDA":

module "alb" {
[...omitted for brevity...]
target_groups = [ {
name = "test"
backend_protocol = "LAMBDA"
backend_port = "3000"
} ]
target_groups_count = "1"
}

3. Run terraform apply
4. See error

Expected behavior
Creates an ALB resource with a lambda target group available for attaching functions

Actual behavior

Error: module.provider-console_lb.aws_lb_target_group.main_no_logs: expected health_check.0.protocol to be one of [HTTP HTTPS TCP], got LAMBDA

Error: module.provider-console_lb.aws_lb_target_group.main_no_logs: expected protocol to be one of [HTTP HTTPS TCP TLS], got LAMBDA

Additional context
Lambda target groups have been supported by the AWS provider since version 1.53. When specifying a lambda target group, the backend_port parameter is not required, but omitting it with this module also causes an error.

Great work on this module, really wraps this process easily.
question:
If I have 2 listeners to implement, do I just create the listener and target group pairs separately and attach to the alb arn?

Current Module version - 3.1.0

I apologize ahead of time for dragging this issue back up.

Issue

By including the access_log block like this -

access_logs {
    enabled = true
    bucket  = "${var.log_bucket_name}"
    prefix  = "${var.log_location_prefix}"
}

You are prescribing a certain resource structure instead of letting the module user decide what they want.

Background

Previous related issue - #31
Summarized outcome from issue - make access logs required

Based upon the AWS Documentation -
"Access logging is an optional feature of Elastic Load Balancing that is disabled by default."

Proposal

resource "aws_lb" "lb_without_logs" {
  count = {create if use_log var is not set}
  ...
}

resource "aws_lb" "lb_with_logs" {
  count = {create if use_log var is set}
  ...
  access_logs {
    ...
  }
}

# to dry things out a little
locals {
  lb_arn = {conditional arn based on use_log var}
}

Would you consider adding a default security group for the alb? I would think almost any app using this module would need a security group declared to actually use the alb. I'm happy to make a pull request.

Describe the bug
Unable to use a ternary conditional expression to determine the value of create_alb

To Reproduce
Steps to reproduce the behavior:

1. Add create_alb = "${local.some_var=="some val"?true:false}" to alb definition

Expected behavior
ALB to be created or not based on the interpolated value

Desktop (please complete the following information):

• OS: Amazon Linux
• Versions terraform v0.11.14, aws-alb v3.6.0

Additional context
These are the errors I get but I don't think they're particularly helpful:

Error: module.swarm-alb.aws_lb_listener.frontend_http_tcp: 1 error occurred:

• module.swarm-alb.aws_lb_listener.frontend_http_tcp: At column 32, line 1: list "var.http_tcp_listeners" does not have any elements so cannot determine type. in:

${lookup(var.http_tcp_listeners[count.index], "port")}

Error: module.swarm-alb.aws_lb_listener_certificate.https_listener: 1 error occurred:

• module.swarm-alb.aws_lb_listener_certificate.https_listener: At column 29, line 1: list "var.extra_ssl_certs" does not have any elements so cannot determine type. in:

${lookup(var.extra_ssl_certs[count.index], "certificate_arn")}

Error: module.swarm-alb.aws_lb_listener.frontend_http_tcp_no_logs: 1 error occurred:

• module.swarm-alb.aws_lb_listener.frontend_http_tcp_no_logs: At column 70, line 1: list "var.http_tcp_listeners" does not have any elements so cannot determine type. in:

${aws_lb_target_group.main_no_logs.*.id[lookup(var.http_tcp_listeners[count.index], "target_group_index", 0)]}

Error: module.swarm-alb.aws_lb_listener_certificate.https_listener_no_logs: 1 error occurred:

• module.swarm-alb.aws_lb_listener_certificate.https_listener_no_logs: At column 29, line 1: list "var.extra_ssl_certs" does not have any elements so cannot determine type. in:

${lookup(var.extra_ssl_certs[count.index], "certificate_arn")}

I'm trying to understand what the logic was behind restricting the load_balancer_name length per:

The AWS docs indicate a max length of 32 characters, so why limit that further?
Ref: https://docs.aws.amazon.com/elasticloadbalancing/2012-06-01/APIReference/API_CreateLoadBalancer.html

Describe the bug
The module throws an error when I add HTTPS listeners due to invalid attributes in the aws_lb_listener resource.

To Reproduce
Try to create an ALB with an HTTPS listener.

Expected behavior
An ALB is created with an HTTPS listener attached

Desktop (please complete the following information):

• OS: Mac OSX High Sierra
• Versions
  • Terraform v0.11.7

Additional context
Error: Error running plan: 2 error(s) occurred:

* module.app-alb.output.https_listener_arns: Resource 'aws_lb_listener.frontend_https' does not have attribute 'arn' for variable 'aws_lb_listener.frontend_https.*.arn'
* module.app-alb.output.https_listener_ids: Resource 'aws_lb_listener.frontend_https' does not have attribute 'id' for variable 'aws_lb_listener.frontend_https.*.id'`

Describe the bug

Travis builds are failing.

To Reproduce

1. Submit a PR to this repo

2. Observe that Travis fails continually with region problems:

    Error: provider.aws: "region": required field is not set
   

3. See that the command to get the region fails with an authentication problem: An error occurred (AuthFailure) when calling the DescribeRegions operation: Authorization header or parameters are not formatted correctly.

Expected behavior

Tests should be run!

Additional context

I attempted to run that same command without the AWS_ACCESS_KEY_ID and AWS_SECRET_KEY_ID parameters set:

$ docker run --env AWS_DEFAULT_REGION=us-east-2 --env AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} --env AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} garland/aws-cli-docker aws ec2 describe-regions --query 'Regions[].{Name:RegionName}' --output text
Unable to find image 'garland/aws-cli-docker:latest' locally
latest: Pulling from garland/aws-cli-docker
605ce1bd3f31: Pulling fs layer
aae50b72bdad: Pulling fs layer
3372006e603a: Pulling fs layer
3372006e603a: Verifying Checksum
3372006e603a: Download complete
605ce1bd3f31: Verifying Checksum
605ce1bd3f31: Download complete
605ce1bd3f31: Pull complete
aae50b72bdad: Verifying Checksum
aae50b72bdad: Download complete
aae50b72bdad: Pull complete
3372006e603a: Pull complete
Digest: sha256:dfaac9a1eee5f18e854e844f3b485265644c18e5adc7a9f9888c7ce70f924fa5
Status: Downloaded newer image for garland/aws-cli-docker:latest

An error occurred (AuthFailure) when calling the DescribeRegions operation: Authorization header or parameters are not formatted correctly.

After setting them:

$ docker run --env AWS_DEFAULT_REGION=us-east-2 --env AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} --env AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} garland/aws-cli-docker aws ec2 describe-regions --query 'Regions[].{Name:RegionName}' --output text
ap-south-1
eu-west-3
eu-west-2
eu-west-1
ap-northeast-2
ap-northeast-1
sa-east-1
ca-central-1
ap-southeast-1
ap-southeast-2
eu-central-1
us-east-1
us-east-2
us-west-1
us-west-2

If soneone with admin privs to the Travis repo re-added those, I think it'd work…

I'm needing to create ALBs with multiple Target Groups (TG). The back end may and generally is the same port but are configured in my case by different paths in the URL. I have resources already built by other modules for VPC, security groups, etc. and looking to create ALBs with one or more TGs.

Can we please variabalise load_balancer_type attribute so that we can select network as the load balancer?

Here's an example: https://github.com/terraform-aws-modules/terraform-aws-alb/pull/10/files . Just need to go through and correct the final few. Will create a patch release once this is complete.

It looks like Terraform is moving to the aws_lb resource, and several new features have been added in rel 1.1.0 https://github.com/terraform-providers/terraform-provider-aws/blob/master/CHANGELOG.md#110-october-16-2017

I would be happy to submit a PR to integrate these changes.

We populate one output using a count pattern that formerly worked when no resource was created but according to the terraform 0.11.0 upgrade doc, that shoudln't work anymore: https://www.terraform.io/upgrade-guides/0-11.html#referencing-attributes-from-resources-with-count-0

Describe the bug
The aws_lb resource is created without explicitly specifying it's VPC ID. This means that even if a VPC ID is specified in the module inputs, the default VPC for the AWS account will be used anyway.

To Reproduce
Steps to reproduce the behavior:

1. Set up an AWS account and region with 2 VPCs
2. Set VPC 1 to be the default VPC
3. Run this module with the vpc_id set to VPC 2
4. Observe that the associated alb.aws_lb.application is created in VPC 1 instead of VPC 2.

Expected behavior
All of the resources required for the Application Load Balancer are created with the VPC specified in the input to the module.

Desktop (please complete the following information):

• OS: Mac OS X 10.13.5
• Versions:
  Terraform v0.11.7
  provider.aws v1.25.0

Additional context
N/A

While calling custom endpoints is allowed, it does this at the provider level, which means you need to instantiate multiple providers if you are using multiple endpoints based on the resource

It would be nice to have an optional field that could pass a custom endpoint at the resource level. e.g. we need a fips alb, but the rest of the albs in the environment do not need that level of restrictiveness. Currently we would need to have multiple providers, or create the alb via the cli and import it in.

Describe the bug
The readme states that log_bucket_name and log_location_prefix are not required. Using a module with only the required parameters, these parameters are required as logging_enabled is set to true as default. Applying would result in an error in this state.

Error: Failure configuring LB attributes: ValidationError: The value of 'access_logs.s3.bucket' cannot be empty
	status code: 400, request id: 27420ad0-bd00-11e9-9575-1d4789fd3dae

To Reproduce
Steps to reproduce the behavior:

1. Use the module with only required parameters.
2. Apply the module
3. See error

Expected behavior
If I fill in all required parameters, I would expect the module to apply.

Desktop (please complete the following information):

• OS: OSX
• Versions terraform 0.12.4, module version 4.1.0

Additional context
I can make a PR for it.

Per #22 it sounds like users are struggling to make the module work for both use cases of logging and not logging. This issue is to prove out through tests and examples that this is possible given the current module OR to find a way to add it.

Tests are there and working through test kitchen. Let's wire this thing up to CI and get a badge on the README.

Hello,

Can you please add terraform code to add multiple certificates to SSL listener since ALB now supports binding of up to 25 certificates on its listener as per https://aws.amazon.com/blogs/aws/new-application-load-balancer-sni/

When I try to create an alb with just the seven mandatory variables, I get this error:

* aws_alb.main: Failure configuring ALB attributes: ValidationError: The value of 'access_logs.s3.bucket' cannot be empty
	status code: 400, request id: 266322f3-fa78-11e7-a2c3-ade7d8e52966

The problem is that that access_logs block of the aws_alb resource is always defined, even if you don't specify a bucket name.

I don't believe Terraform's configuration language can support making the access_logs block optional, because sub-blocks cannot have a count parameter. So the best "workaround" for now is probably just to mark the bucket name as a required parameter, and accept people can't use this module without specifying a log bucket.

I'm using terraform 0.12.6 to plan a recordset and an ALB, with your module:

module "alb_webserver" {
  source                   = "terraform-aws-modules/alb/aws"
  version                  = "~> 4.1"

  // required
  load_balancer_name       = module.airflow_labels_webserver.id
  security_groups          = list(module.sg_airflow.this_security_group_id)
  subnets                  = var.public_subnets
  vpc_id                   = data.aws_vpc.default.id

  // optional
  http_tcp_listeners          = var.webserver_http_tcp_listeners
  http_tcp_listeners_count    = var.webserver_http_tcp_listeners_count
  https_listeners             = var.webserver_https_listeners
  https_listeners_count       = var.webserver_https_listeners_count
  target_groups               = var.webserver_target_groups
  target_groups_count         = var.webserver_target_groups_count
  tags                        = module.airflow_labels_webserver.tags
  listener_ssl_policy_default = var.webserver_listener_ssl_policy
  logging_enabled             = false
}

data "aws_route53_zone" "webserver" {
  name = var.webserver_host_domain
}

resource "aws_route53_record" "webserver" {
  zone_id                  = data.aws_route53_zone.webserver.zone_id
  name                     = join(".", list(var.webserver_host_subdomain, var.webserver_host_domain))
  type                     = "A"
  alias {
    name                   = module.alb_webserver.dns_name
    zone_id                = module.alb_webserver.load_balancer_zone_id
    evaluate_target_health = var.webserver_evaluate_target_health
  }
}

Error message:

Error: expected length of alias.0.zone_id to be in the range (1 - 32), got

  on ../../webserver.tf line 72, in resource "aws_route53_record" "webserver":
  72: resource "aws_route53_record" "webserver" {

Error: expected length of alias.0.name to be in the range (1 - 1024), got

  on ../../webserver.tf line 72, in resource "aws_route53_record" "webserver":
  72: resource "aws_route53_record" "webserver" {

I'm not sure what exactly I'm missing, thank you for guidance.

Because of standards I need to make sure my ALB access logs are also encrypted.
Is this supported ? I am using standard S3 KMS as default encryption for S3 bucket .

When I try to do it I am getting this error:

aws_alb.my_alb: Failure configuring LB attributes: InvalidConfigurationRequest: Access Denied for bucket: my.bucketname. Please check S3bucket permission

Describe the bug
A clear and concise description of what the bug is.

To Reproduce
Steps to reproduce the behavior:

1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error

Expected behavior
A clear and concise description of what you expected to happen.

Desktop (please complete the following information):

• OS: [e.g. Linux]
• Versions [e.g. terraform version, kitchen-terraform version, module version, etc.]

Additional context
Add any other context about the problem here.

Scenario:
Given we have plenty of microservices, it's not cost effective to create alb per each service
Suggested:
Split to two modules: one for alb itself and one for registering microservice with alb

Is your feature request related to a problem? Please describe.
I was thinking to use the module, however I run into a problem.
If I want to enable Logs to be sent to an S3 buckt, LB will be recreated.

Describe the solution you'd like
For production usage, LB recreation that means chaning DNS name and downtime are not good at all.

Describe alternatives you've considered
Do not have alternative here.

Additional context
N/A

Can we add the aws_lb_listener_rule feature in the module

https://www.terraform.io/docs/providers/aws/r/lb_listener_rule.html

to add a listener rule to the listener is required the resource's ARN and there is no way to convert id to arn. it would nice to have boyh arn and id (also for https listener)

Terraform Version

Terraform v0.11.4

Terraform Configuration Files

module "ECS_ALB" {
  source  = "terraform-aws-modules/alb/aws"
  version = "3.1.0"

  load_balancer_name         = "${var.name}-${var.environment}"
  subnets                    = "${module.vpc.private_subnets}"
  load_balancer_is_internal  = "true"
  security_groups            = ["${module.security_groups.internal_elb}"]
  vpc_id                     = "${module.vpc.vpc_id}"
  enable_deletion_protection = true

  # Listener
  http_tcp_listeners_count = "1"
  http_tcp_listeners       = "${list(map("port", "8080", "protocol", "HTTP"))}"

  // Default Target-Group
  target_groups       = "${list(map("name", "first-${var.environment}", "backend_protocol", "HTTP", "backend_port", "8080"))}"
  target_groups_count = "1"

  #
  // Logging
  log_bucket_name = "${var.name}-${var.environment}-share-alb-logs"

  //Tagging
  tags = {
    Name = "${var.name}"

    Environment = "${var.environment}"
  }
}

Expected Behavior

The module should allow modify the default target-group (rule) associated with a listener.
For this particular example, let's suppose that I have already created a listener with the target-group first-testing as default and I want to change it to be default-testing.

Actual Behavior

Terraform apply fails with the following message:

module.stack.module.ECS_ALB.aws_lb_target_group.main: Destroying... (ID: arn:aws:elasticloadbalancing:us-west-4:...tgroup/first-testing/6f58a25341942b21)

Error: Error applying plan:

1 error(s) occurred:

* module.stack.module.ECS_ALB.aws_lb_target_group.main (destroy): 1 error(s) occurred:

* aws_lb_target_group.main: Error deleting Target Group: ResourceInUse: Target group 'arn:aws:elasticloadbalancing:us-west-4:12345678910:targetgroup/first-testing/6f58a25341942b21' is currently in use by a listener or a rule

Steps to Reproduce

1. create the resources using the configuration file above, init, plan and apply
2. modify the default target group as follow:

17c17
<   target_groups                 = "${list(map("name", "first-${var.environment}", "backend_protocol", "HTTP", "backend_port", "8080"))}"
---
>   target_groups                 = "${list(map("name", "default-${var.environment}", "backend_protocol", "HTTP", "backend_port", "8080"))}"

3. plan
4. apply

Maybe adding 'lifecycle {crate_before_destroy => true}` into aws_lb_target_group to solve it?
I will test later better

Can you tag a release? Looks like we're 6 commits ahead of the last one @ 2.4.0

Which can be set for aws_alb_target_group: https://www.terraform.io/docs/providers/aws/r/lb_target_group.html#deregistration_delay

Describe the bug
target_groups attribute is zero indexed but target_groups_count starts at 1 when slicing a list of target groups.

Example error:

• module.sage_ess_alb.output.target_group_names: slice: to index must be <= length of the input list in:

${slice(concat(aws_lb_target_group.main..name, aws_lb_target_group.main_no_logs..name), 0, var.target_groups_count)}

Relevant attribute states upon getting this error:
target_groups = "${list(map( "name", "vague-ess", "backend_protocol", "HTTPS", "backend_port", "1234"), map( "name", "vague-ess-app", "backend_protocol", "HTTPS", "backend_port", "4321"))}"
target_groups_count = "2"

Setting target_groups_count to 1 results in it successfully running the plan and picking up both target groups in the list.

To Reproduce
Steps to reproduce the behavior:

1. Create an ALB module
2. Add two (or more) target groups
3. Set target_groups_count to equal list length
4. Run a tf plan

Expected behavior
Plan succeeds

Desktop (please complete the following information):

• OS:Debian Stretch
• Versions:
  TF 0.11.10
  3.5.0 of terraform-aws-modules/alb/aws

Is your feature request related to a problem? Please describe.

ALB and NLB are rather close in terms of API in AWS and Terraform AWS providers, so maybe extend this module and allow users to specify load_balancer_type here:

Describe alternatives you've considered

Alternatively, this module can be renamed to terraform-aws-lb and support both ALB and NLB.

Additional context

I have not heard requests about NLB so often to consider this as an urgent feature. What do you think @brandoconnor ?

Is your feature request related to a problem? Please describe.
I'm trying to redirect http to https but I can't see any option in the documentation

Describe the solution you'd like
Set those somewhere: https://www.terraform.io/docs/providers/aws/r/lb_listener.html#redirect-action

Describe alternatives you've considered
Manually changing the ALB after creation

I have set up with the terragrunt and I am following instructions from terraform-aws-alb/main.tf . So how I can manage the autoscaling module and the terraform-aws-alb module are instantiated in the same state?
I have tried with *.auto.tfvars as well as with

terragrunt = {
terraform {
source = [
source = "git::[email protected]:terraform-aws-modules/terraform-aws-alb.git"
"git::[email protected]:terraform-aws-modules/terraform-aws-autoscaling.git?ref=v2.9.1"
]
}

but no luck yet.

Failure configuring ALB attributes: ValidationError: The value of 'access_logs.s3.bucket' cannot be empty status code: 400, request id: cd69fceb-bb12-11e7-a276-19494eb0aecb
I get the above message when I do not set any value for log_bucket. Currently I can see that 'enabled' for access_logs is based on setting the log_bucket:
access_logs { bucket = "${var.log_bucket}" prefix = "${var.log_prefix}" enabled = "${var.log_bucket != ""}" }
I think it would be better to have this as a separate value (enable_access_logs ?) so it is possible to pass the log_bucket but not enable the access_logs. What do you think about this?

Also, the job failed when setting the log_bucket to a chosen one when it has just been created - I think s3 didn't converge fully before the bucket assignement to ALB - maybe a backoff timer or something. Don't know if terraform actually has something to fix this

Describe the bug
Usedthe module to create an ALB. I used a previous module state as a data source. ALB gets created.
When it times out due to provisioning [no tgs currently], it eventually went and deleted my whole vpc!

Expected behavior
If the ALB times out, dont go delete the vpc

Desktop (please complete the following information):
MAC, TF 0.11.13, AWS-CLI 1.16.140

Additional context
I created a vpc using the official TF vpc module, but stripped the SG and Routes out for my own reasons.
I used the tfstate that was outputted to S3 for some vars for the ALB.
I manually entered the default SG.

AWS announced a new feature: Elastic Load Balancing Announces Support for Redirects and Fixed Responses for Application Load Balancer.
link:
https://aws.amazon.com/about-aws/whats-new/2018/07/elastic-load-balancing-announces-support-for-redirects-and-fixed-responses-for-application-load-balancer/

any idea when this is going to supported in terraform?

Describe the bug

Re-destroying throws module.alb.output.target_group_arns: slice: to index must be <= length of the input list.

To Reproduce

1. Add an ALB and set target_groups_count = "1"
2. Run a destroy
3. Run a second destroy

See e.g.:

data.null_data_source.lambda_archive: Refreshing state...
data.null_data_source.lambda_file: Refreshing state...
data.null_data_source.lambda_archive: Refreshing state...
data.null_data_source.lambda_file: Refreshing state...
data.archive_file.notify_slack: Refreshing state...
data.archive_file.notify_slack: Refreshing state...
data.aws_elb_service_account.default: Refreshing state...
data.aws_route53_zone.api2vpc2: Refreshing state...
data.aws_availability_zones.available: Refreshing state...
data.aws_ami.ubuntu: Refreshing state...
data.aws_iam_policy_document.assume_role: Refreshing state...
data.aws_ami.ubuntu: Refreshing state...
data.aws_region.current: Refreshing state...
data.aws_iam_policy_document.lambda_basic: Refreshing state...
data.aws_region.current: Refreshing state...
data.aws_caller_identity.eu-west-2: Refreshing state...
data.aws_iam_policy_document.notify_slack_role_doc: Refreshing state...
data.aws_caller_identity.us-east-2: Refreshing state...
data.aws_region.current: Refreshing state...
data.aws_elb_service_account.default: Refreshing state...
data.aws_route53_zone.api2vpc2: Refreshing state...
data.aws_region.current: Refreshing state...
data.aws_iam_policy_document.notify_slack_role_doc: Refreshing state...
data.aws_ami.ubuntu: Refreshing state...
data.aws_ami.ubuntu: Refreshing state...
data.aws_iam_policy_document.lambda_basic: Refreshing state...
data.aws_availability_zones.available: Refreshing state...
data.aws_iam_policy_document.assume_role: Refreshing state...

Error: Error applying plan:

2 error(s) occurred:

* module.region_us-east-2.module.connectivity.module.alb.output.target_group_arns: slice: to index must be <= length of the input list in:

${slice(concat(aws_lb_target_group.main.*.arn, aws_lb_target_group.main_no_logs.*.arn), 0, var.target_groups_count)}
* module.region_eu-west-2.module.connectivity.module.alb.output.target_group_arns: slice: to index must be <= length of the input list in:

${slice(concat(aws_lb_target_group.main.*.arn, aws_lb_target_group.main_no_logs.*.arn), 0, var.target_groups_count)}

Set target_groups_count = "0", run another destory, see:

Destroy complete! Resources: 0 destroyed.

Expected behavior

I'd like destroys to be idempotent. So far they have been but the alb module is preventing this now it seems. Although to be fair, it could also very well be that the problem exists between keyboard and chair :) If anything, I hope to learn from submitting this issue.

Desktop (please complete the following information):

• OS: Ubuntu 18.04.1 LTS
• Versions: Terraform v0.11.8, alb module 3.4.0, aws provider 1.35.0

Additional context

Thanks for an awesome module! 💯

From @hasbro-ielo :

The documentation says that log_prefix, certificate_arn are optional. If I don't set them I get the following:

| => tf validate && tf plan
1 error(s) occurred:

* module root: 
    module alb: required variable "certificate_arn" not set
    module alb: required variable "log_prefix" not set

Here's how I'm using the module

module "alb" {
  source = "modules/terraform-community-modules/tf_aws_alb/alb"

  //alb_is_internal = ""
  //alb_name
  //alb_protocols
  alb_security_groups = "${module.alb_sg.security_group_id_web}"
  aws_region  = "${var.region}"
  aws_account_id = "${var.account_id}"
  //backend_port
  //backend_protocol
  //certificate_arn
  //cookie_duration
  //health_check_path
  log_bucket = "${var.alb_logs_bucket}"
  //log_prefix
  //principal_account_id
  subnets = "${var.alb_subnets}"
  vpc_id = "${module.vpc.vpc_id}"
  //tags
}

Build stages are a beta feature that can be used for this. The kitchen-terraform project is a good example.

Would it be possible to have a new variable (defaulted to 80) to be able to change the port for the HTTP listener for other than 80?
This is specially useful in my usecase when using this module to create an Internal ALB.
We dont use the default port for internal ones.
If you agree I can create the PR to have it done

Module input "enable_cross_zone_load_balancing" is not a valid argument says Terraform. It seems to be too silly to be a bug, however I can run successfully terraform plan as soon as I comment out this input arg.

To Reproduce
Steps to reproduce the behavior:

module "alb" {
# add mandatory inputs
  enable_cross_zone_load_balancing = "true"
}

Terraform output:

Error: module "alb": "enable_cross_zone_load_balancing" is not a valid argument

Expected behavior
terraform plan will give usual output

Desktop (please complete the following information):

• OS: Linux
• Versions Terraform v0.11.8 provider.aws v1.41.0

Is your feature request related to a problem? Please describe.
We need a way vai this module to change the slow_start attribute on the Target Groups. Currently it's defaulting to 0.

Describe the solution you'd like
Just adding a variable to the target_groups_defaults for slow_start so it can be changed from it's default value of 0

https://www.terraform.io/docs/providers/aws/r/lb_target_group.html#slow_start

Is your feature request related to a problem? Please describe.

I'm trying to use the terraform-aws-alb in a conditional fashion. In my configuration, I only want to create an ALB in certain cases. Unfortunately, Terraform doesn't support the count parameter for modules (hashicorp/terraform#953), and there's no variable in this module to control whether it creates resources or not.

Describe the solution you'd like

The terraform-aws-vpc module has a variable named create_vpc that controls whether or not it creates actually creates VPC resources. I'd like something similar (e.g., create_alb) in this module.

https://github.com/terraform-aws-modules/terraform-aws-vpc/blob/master/variables.tf#L1

Describe alternatives you've considered

I couldn't find any alternative ways to conditionally enable/disable this module.

Additional context

None.

Hi, is there a reason this module isn't in the terraform module registry? Is there an issue that needs to be fixed?

Is your feature request related to a problem? Please describe.
if you want to modify a single property in the target_groups_defaults map do you have to then pass the whole thing back in?

I want to do something like to modify a single key from defaults map and keep the rest

  target_groups_defaults = "${list(map("health_check_path", "/health"))}"

but when I do that I get

module.services.module.alb.aws_lb_target_group.main_no_logs: lookup: lookup failed to find 'health_check_matcher' in:

${lookup(var.target_groups[count.index], "health_check_matcher", lookup(var.target_groups_defaults, "health_check_matcher"))}

making it seem like I would have to do something like the following

  target_groups_defaults   = "${list(map("health_check_path", "/health", "cookie_duration", 86400, "deregistration_delay", 300, "health_check_interval", 10, "health_check_healthy_threshold", 3, "health_check_path", "/", "health_check_port", "traffic-port", "health_check_timeout", 5, "health_check_unhealthy_threshold", 3, "health_check_matcher", "200-299", "stickiness_enabled", true, "target_type", "instance"))})"

Describe the solution you'd like
a change to the argument or arguments to make this easier

Describe alternatives you've considered
the above re-passing of the entire map

Additional context
new to terraform so I feel like I may be just missing something?

Describe the bug
the target_group param is listed as optional but if you don't pass it then the module will always fail with

Error: Invalid index

  on .terraform/modules/alb/terraform-aws-modules-terraform-aws-alb-61e7316/alb_no_logs.tf line 130, in resource "aws_lb_listener" "frontend_http_tcp_no_logs":
 130:     target_group_arn = aws_lb_target_group.main_no_logs[lookup(var.http_tcp_listeners[count.index], "target_group_index", 0)].id
    |----------------
    | aws_lb_target_group.main_no_logs is empty tuple
    | count.index is 0
    | var.http_tcp_listeners is list of map of string with 1 element

The given key does not identify an element in this collection value.

because the counton this resource doesn't check for the target_group length, only for var.create_alb and it always tries to add a TG in the default_action{} of the aws_lb_listener

This applies to the log enabled version of the ALB too

Desktop (please complete the following information):

• OS: Linux
• Terraform 0.12.8 and terrafor-aws-alb 4.1.0

Additional context
I can open a PR to try to fix this but the best solution is not that clear to me. A default_action{} must be provided for any listener so it should be either a TG or some of the new targets ALB now permits (like a fixed response). WDYT?