Increase idle timeout for ALB to 15m across all configs

infrastructure/dogfood/terraform/aws-tf-module/free.tf

@@ -88,7 +88,7 @@ module "free" {
       prefix  = local.customer_free
       enabled = true
     }
-    idle_timeout = 605
+    idle_timeout = 905
   }
 }
 

infrastructure/dogfood/terraform/aws-tf-module/main.tf

@@ -214,7 +214,7 @@ module "main" {
       prefix  = local.customer
       enabled = true
     }
-    idle_timeout = 605
+    idle_timeout = 905
     #    extra_target_groups = [
     #      {
     #        name             = module.saml_auth_proxy.name

infrastructure/dogfood/terraform/aws/ecs.tf

@@ -16,7 +16,7 @@ resource "aws_alb" "main" {
   internal                   = false #tfsec:ignore:aws-elb-alb-not-public
   security_groups            = [aws_security_group.lb.id, aws_security_group.backend.id]
   subnets                    = module.vpc.public_subnets
-  idle_timeout               = 605
+  idle_timeout               = 905
   name                       = "fleetdm"
   drop_invalid_header_fields = true
 }

infrastructure/dogfood/terraform/aws/percona/percona.tf

@@ -27,7 +27,7 @@ resource "aws_lb" "main" {
   internal                   = false #tfsec:ignore:aws-elb-alb-not-public
   security_groups            = [aws_security_group.lb.id, aws_security_group.backend.id]
   subnets                    = var.public_subnets
-  idle_timeout               = 605
+  idle_timeout               = 905
   drop_invalid_header_fields = true
 }
 

infrastructure/loadtesting/terraform/alb.tf

@@ -3,7 +3,7 @@ resource "aws_lb" "internal" {
   internal                   = true
   security_groups            = [data.terraform_remote_state.shared.outputs.alb_security_group.id]
   subnets                    = data.terraform_remote_state.shared.outputs.vpc.private_subnets
-  idle_timeout               = 600
+  idle_timeout               = 905
   drop_invalid_header_fields = true
   #checkov:skip=CKV_AWS_150:don't like it
 }

infrastructure/loadtesting/terraform/shared/alb.tf

@@ -3,7 +3,7 @@ resource "aws_alb" "main" {
   internal                   = false #tfsec:ignore:aws-elb-alb-not-public
   security_groups            = [aws_security_group.lb.id]
   subnets                    = module.vpc.public_subnets
-  idle_timeout               = 600
+  idle_timeout               = 905
   drop_invalid_header_fields = true
   #checkov:skip=CKV_AWS_150:don't like it
 }

terraform/README.md

@@ -72,7 +72,7 @@ No resources.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_alb_config"></a> [alb\_config](#input\_alb\_config) | n/a | <pre>object({<br>    name                 = optional(string, "fleet")<br>    security_groups      = optional(list(string), [])<br>    access_logs          = optional(map(string), {})<br>    allowed_cidrs        = optional(list(string), ["0.0.0.0/0"])<br>    allowed_ipv6_cidrs   = optional(list(string), ["::/0"])<br>    egress_cidrs         = optional(list(string), ["0.0.0.0/0"])<br>    egress_ipv6_cidrs    = optional(list(string), ["::/0"])<br>    extra_target_groups  = optional(any, [])<br>    https_listener_rules = optional(any, [])<br>    tls_policy           = optional(string, "ELBSecurityPolicy-TLS-1-2-2017-01")<br>    idle_timeout         = optional(number, 60)<br>  })</pre> | `{}` | no |
+| <a name="input_alb_config"></a> [alb\_config](#input\_alb\_config) | n/a | <pre>object({<br>    name                 = optional(string, "fleet")<br>    security_groups      = optional(list(string), [])<br>    access_logs          = optional(map(string), {})<br>    allowed_cidrs        = optional(list(string), ["0.0.0.0/0"])<br>    allowed_ipv6_cidrs   = optional(list(string), ["::/0"])<br>    egress_cidrs         = optional(list(string), ["0.0.0.0/0"])<br>    egress_ipv6_cidrs    = optional(list(string), ["::/0"])<br>    extra_target_groups  = optional(any, [])<br>    https_listener_rules = optional(any, [])<br>    tls_policy           = optional(string, "ELBSecurityPolicy-TLS-1-2-2017-01")<br>    idle_timeout         = optional(number, 905)<br>  })</pre> | `{}` | no |
 | <a name="input_certificate_arn"></a> [certificate\_arn](#input\_certificate\_arn) | n/a | `string` | n/a | yes |
 | <a name="input_ecs_cluster"></a> [ecs\_cluster](#input\_ecs\_cluster) | The config for the terraform-aws-modules/ecs/aws module | <pre>object({<br>    autoscaling_capacity_providers = optional(any, {})<br>    cluster_configuration = optional(any, {<br>      execute_command_configuration = {<br>        logging = "OVERRIDE"<br>        log_configuration = {<br>          cloud_watch_log_group_name = "/aws/ecs/aws-ec2"<br>        }<br>      }<br>    })<br>    cluster_name = optional(string, "fleet")<br>    cluster_settings = optional(map(string), {<br>      "name" : "containerInsights",<br>      "value" : "enabled",<br>    })<br>    create                                = optional(bool, true)<br>    default_capacity_provider_use_fargate = optional(bool, true)<br>    fargate_capacity_providers = optional(any, {<br>      FARGATE = {<br>        default_capacity_provider_strategy = {<br>          weight = 100<br>        }<br>      }<br>      FARGATE_SPOT = {<br>        default_capacity_provider_strategy = {<br>          weight = 0<br>        }<br>      }<br>    })<br>    tags = optional(map(string))<br>  })</pre> | <pre>{<br>  "autoscaling_capacity_providers": {},<br>  "cluster_configuration": {<br>    "execute_command_configuration": {<br>      "log_configuration": {<br>        "cloud_watch_log_group_name": "/aws/ecs/aws-ec2"<br>      },<br>      "logging": "OVERRIDE"<br>    }<br>  },<br>  "cluster_name": "fleet",<br>  "cluster_settings": {<br>    "name": "containerInsights",<br>    "value": "enabled"<br>  },<br>  "create": true,<br>  "default_capacity_provider_use_fargate": true,<br>  "fargate_capacity_providers": {<br>    "FARGATE": {<br>      "default_capacity_provider_strategy": {<br>        "weight": 100<br>      }<br>    },<br>    "FARGATE_SPOT": {<br>      "default_capacity_provider_strategy": {<br>        "weight": 0<br>      }<br>    }<br>  },<br>  "tags": {}<br>}</pre> | no |
 | <a name="input_fleet_config"></a> [fleet\_config](#input\_fleet\_config) | The configuration object for Fleet itself. Fields that default to null will have their respective resources created if not specified. | <pre>object({<br>    task_mem                     = optional(number, null)<br>    task_cpu                     = optional(number, null)<br>    mem                          = optional(number, 4096)<br>    cpu                          = optional(number, 512)<br>    pid_mode                     = optional(string, null)<br>    image                        = optional(string, "fleetdm/fleet:v4.54.1")<br>    family                       = optional(string, "fleet")<br>    sidecars                     = optional(list(any), [])<br>    depends_on                   = optional(list(any), [])<br>    mount_points                 = optional(list(any), [])<br>    volumes                      = optional(list(any), [])<br>    extra_environment_variables  = optional(map(string), {})<br>    extra_iam_policies           = optional(list(string), [])<br>    extra_execution_iam_policies = optional(list(string), [])<br>    extra_secrets                = optional(map(string), {})<br>    security_group_name          = optional(string, "fleet")<br>    iam_role_arn                 = optional(string, null)<br>    repository_credentials       = optional(string, "")<br>    private_key_secret_name      = optional(string, "fleet-server-private-key")<br>    service = optional(object({<br>      name = optional(string, "fleet")<br>      }), {<br>      name = "fleet"<br>    })<br>    database = optional(object({<br>      password_secret_arn = string<br>      user                = string<br>      database            = string<br>      address             = string<br>      rr_address          = optional(string, null)<br>      }), {<br>      password_secret_arn = null<br>      user                = null<br>      database            = null<br>      address             = null<br>      rr_address          = null<br>    })<br>    redis = optional(object({<br>      address = string<br>      use_tls = optional(bool, true)<br>      }), {<br>      address = null<br>      use_tls = true<br>    })<br>    awslogs = optional(object({<br>      name      = optional(string, null)<br>      region    = optional(string, null)<br>      create    = optional(bool, true)<br>      prefix    = optional(string, "fleet")<br>      retention = optional(number, 5)<br>      }), {<br>      name      = null<br>      region    = null<br>      prefix    = "fleet"<br>      retention = 5<br>    })<br>    loadbalancer = optional(object({<br>      arn = string<br>      }), {<br>      arn = null<br>    })<br>    extra_load_balancers = optional(list(any), [])<br>    networking = optional(object({<br>      subnets         = optional(list(string), null)<br>      security_groups = optional(list(string), null)<br>      ingress_sources = optional(object({<br>        cidr_blocks      = optional(list(string), [])<br>        ipv6_cidr_blocks = optional(list(string), [])<br>        security_groups  = optional(list(string), [])<br>        prefix_list_ids  = optional(list(string), [])<br>        }), {<br>        cidr_blocks      = []<br>        ipv6_cidr_blocks = []<br>        security_groups  = []<br>        prefix_list_ids  = []<br>      })<br>      }), {<br>      subnets         = null<br>      security_groups = null<br>      ingress_sources = {<br>        cidr_blocks      = []<br>        ipv6_cidr_blocks = []<br>        security_groups  = []<br>        prefix_list_ids  = []<br>      }<br>    })<br>    autoscaling = optional(object({<br>      max_capacity                 = optional(number, 5)<br>      min_capacity                 = optional(number, 1)<br>      memory_tracking_target_value = optional(number, 80)<br>      cpu_tracking_target_value    = optional(number, 80)<br>      }), {<br>      max_capacity                 = 5<br>      min_capacity                 = 1<br>      memory_tracking_target_value = 80<br>      cpu_tracking_target_value    = 80<br>    })<br>    iam = optional(object({<br>      role = optional(object({<br>        name        = optional(string, "fleet-role")<br>        policy_name = optional(string, "fleet-iam-policy")<br>        }), {<br>        name        = "fleet-role"<br>        policy_name = "fleet-iam-policy"<br>      })<br>      execution = optional(object({<br>        name        = optional(string, "fleet-execution-role")<br>        policy_name = optional(string, "fleet-execution-role")<br>        }), {<br>        name        = "fleet-execution-role"<br>        policy_name = "fleet-iam-policy-execution"<br>      })<br>      }), {<br>      name = "fleetdm-execution-role"<br>    })<br>    software_installers = optional(object({<br>      create_bucket    = optional(bool, true)<br>      bucket_name      = optional(string, null)<br>      bucket_prefix    = optional(string, "fleet-software-installers-")<br>      s3_object_prefix = optional(string, "")<br>      }), {<br>      create_bucket    = true<br>      bucket_name      = null<br>      bucket_prefix    = "fleet-software-installers-"<br>      s3_object_prefix = ""<br>    })<br>  })</pre> | <pre>{<br>  "autoscaling": {<br>    "cpu_tracking_target_value": 80,<br>    "max_capacity": 5,<br>    "memory_tracking_target_value": 80,<br>    "min_capacity": 1<br>  },<br>  "awslogs": {<br>    "create": true,<br>    "name": null,<br>    "prefix": "fleet",<br>    "region": null,<br>    "retention": 5<br>  },<br>  "cpu": 256,<br>  "database": {<br>    "address": null,<br>    "database": null,<br>    "password_secret_arn": null,<br>    "rr_address": null,<br>    "user": null<br>  },<br>  "depends_on": [],<br>  "extra_environment_variables": {},<br>  "extra_execution_iam_policies": [],<br>  "extra_iam_policies": [],<br>  "extra_load_balancers": [],<br>  "extra_secrets": {},<br>  "family": "fleet",<br>  "iam": {<br>    "execution": {<br>      "name": "fleet-execution-role",<br>      "policy_name": "fleet-iam-policy-execution"<br>    },<br>    "role": {<br>      "name": "fleet-role",<br>      "policy_name": "fleet-iam-policy"<br>    }<br>  },<br>  "iam_role_arn": null,<br>  "image": "fleetdm/fleet:v4.54.1",<br>  "loadbalancer": {<br>    "arn": null<br>  },<br>  "mem": 512,<br>  "mount_points": [],<br>  "networking": {<br>    "ingress_sources": {<br>      "cidr_blocks": [],<br>      "ipv6_cidr_blocks": [],<br>      "prefix_list_ids": [],<br>      "security_groups": []<br>    },<br>    "security_groups": null,<br>    "subnets": null<br>  },<br>  "pid_mode": null,<br>  "private_key_secret_name": "fleet-server-private-key",<br>  "redis": {<br>    "address": null,<br>    "use_tls": true<br>  },<br>  "repository_credentials": "",<br>  "security_group_name": "fleet",<br>  "security_groups": null,<br>  "service": {<br>    "name": "fleet"<br>  },<br>  "sidecars": [],<br>  "software_installers": {<br>    "bucket_name": null,<br>    "bucket_prefix": "fleet-software-installers-",<br>    "create_bucket": true,<br>    "s3_object_prefix": ""<br>  },<br>  "task_cpu": null,<br>  "task_mem": null,<br>  "volumes": []<br>}</pre> | no |

terraform/addons/mdmproxy/variables.tf

@@ -79,7 +79,7 @@ variable "alb_config" {
     extra_target_groups  = optional(any, [])
     https_listener_rules = optional(any, [])
     tls_policy           = optional(string, "ELBSecurityPolicy-TLS-1-2-2017-01")
-    idle_timeout         = optional(number, 60)
+    idle_timeout         = optional(number, 905)
   })
 }