https cert

voynow · Nov 15, 2024 · 3f54c98 · 3f54c98
1 parent d59aadf
commit 3f54c98
Show file tree

Hide file tree

Showing 4 changed files with 64 additions and 0 deletions.
diff --git a/infra/app/ecs/main.tf b/infra/app/ecs/main.tf
@@ -58,6 +58,18 @@ resource "aws_lb_listener" "http" {
   }
   depends_on = [aws_lb_target_group.this]
 }
+resource "aws_lb_listener" "https" {
+  load_balancer_arn = aws_lb.this.arn
+  port              = "443"
+  protocol          = "HTTPS"
+  ssl_policy        = "ELBSecurityPolicy-2016-08"
+  certificate_arn   = var.certificate_arn
+
+  default_action {
+    type             = "forward"
+    target_group_arn = aws_lb_target_group.this.arn
+  }
+}
 resource "aws_lb_listener_rule" "this" {
   listener_arn = aws_lb_listener.http.arn
   action {
@@ -157,6 +169,10 @@ resource "aws_ecs_task_definition" "api" {
         { 
           name = "OPENAI_API_KEY", 
           value = var.openai_api_key 
+        },
+        { 
+          name = "API_KEY", 
+          value = var.api_key 
         }
       ]
     }

diff --git a/infra/app/ecs/variable.tf b/infra/app/ecs/variable.tf
@@ -38,3 +38,13 @@ variable "openai_api_key" {
   description = "API key for the OpenAI service"
   sensitive   = true
 }
+variable "api_key" {
+  description = "API key for authentication"
+  type        = string
+  sensitive   = true
+}
+variable "certificate_arn" {
+  type        = string
+  description = "ARN of the ACM certificate for HTTPS"
+}
+
diff --git a/infra/app/main.tf b/infra/app/main.tf
@@ -13,6 +13,21 @@ module "network" {
   region   = var.region
 }
 
+resource "aws_acm_certificate" "trackflow_api" {
+  domain_name       = "api.trackflow.xyz"
+  validation_method = "DNS"
+}
+
+output "certificate_validation_records" {
+  value = {
+    for dvo in aws_acm_certificate.trackflow_api.domain_validation_options : dvo.domain_name => {
+      name   = dvo.resource_record_name
+      record = dvo.resource_record_value
+      type   = dvo.resource_record_type
+    }
+  }
+}
+
 module "ecs" {
   source             = "./ecs"
   app_name           = var.app_name
@@ -22,13 +37,25 @@ module "ecs" {
   supabase_key       = var.supabase_key
   email_api_key      = var.email_api_key
   openai_api_key     = var.openai_api_key
+  api_key            = var.api_key
+  certificate_arn    = aws_acm_certificate.trackflow_api.arn
   vpc_id             = module.network.vpc.id
   public_subnet_ids  = [for s in module.network.public_subnets : s.id]
   depends_on         = [module.network]
 }
 
+module "eventbridge" {
+  source       = "./eventbridge"
+  api_key      = var.api_key
+  api_endpoint = var.api_endpoint
+}
+
 
 # Outputs
 output "alb_dns_name" {
   value = module.ecs.alb_dns_name
 }
+
+output "certificate_arn" {
+  value = aws_acm_certificate.trackflow_api.arn
+}
diff --git a/infra/app/variable.tf b/infra/app/variable.tf
@@ -30,3 +30,14 @@ variable "openai_api_key" {
   description = "API key for the OpenAI service"
   sensitive   = true
 }
+
+variable "api_key" {
+  description = "API key for authentication"
+  type        = string
+  sensitive   = true
+}
+
+variable "api_endpoint" {
+  description = "Base URL for the API endpoint"
+  type        = string
+}