Redirect HTTP traffic to HTTPS (#925)

lorenyu · web-flow · commit dd77e1021909 · 2025-04-18T10:19:56.000-07:00
- Add HTTP to HTTPS redirect rule with priority 50 (lower than the
forward rule) when certificate_arn is not null
diff --git a/infra/modules/service/load_balancer.tf b/infra/modules/service/load_balancer.tf
@@ -56,7 +56,33 @@ resource "aws_lb_listener" "alb_listener_http" {
   }
 }
 
+resource "aws_lb_listener_rule" "http_to_https_redirect" {
+  count = var.certificate_arn != null ? 1 : 0
+
+  listener_arn = aws_lb_listener.alb_listener_http.arn
+  priority     = 50
+
+  action {
+    type = "redirect"
+    redirect {
+      port        = "443"
+      protocol    = "HTTPS"
+      status_code = "HTTP_301"
+      host        = "#{host}"
+      path        = "/#{path}"
+      query       = "#{query}"
+    }
+  }
+  condition {
+    path_pattern {
+      values = ["/*"]
+    }
+  }
+}
+
 resource "aws_lb_listener_rule" "app_http_forward" {
+  count = var.certificate_arn == null ? 1 : 0
+
   listener_arn = aws_lb_listener.alb_listener_http.arn
   priority     = 100
 
