Fix: Allowing Port 443 to load balancer (Prod)

Fix: Allowing Port 443 to load balancer
IrezD · Dec 28, 2023 · 6ce7821 · 6ce7821
2 parents 0072fba + bde4bda
commit 6ce7821
Show file tree

Hide file tree

Showing 7 changed files with 31 additions and 12 deletions.
diff --git a/terraform/acm.tf b/terraform/acm.tf
@@ -0,0 +1,6 @@
+resource "aws_acm_certificate" "cert" {
+
+  domain_name       = var.fqdn
+  validation_method = "EMAIL"
+
+}
diff --git a/terraform/alb.tf b/terraform/alb.tf
@@ -6,21 +6,25 @@ resource "aws_lb" "alb" {
   subnets            = var.subnets_for_ecs
 }
 
-resource "aws_lb_listener" "front_end" {
+resource "aws_lb_listener" "listerner" {
   load_balancer_arn = aws_lb.alb.arn
-  port              = "80"
-  protocol          = "HTTP"
+  port              = "443"
+  protocol          = "HTTPS"
+  ssl_policy        = "ELBSecurityPolicy-TLS13-1-2-2021-06"
+  certificate_arn   = aws_acm_certificate.cert.arn
 
   default_action {
     type             = "forward"
-    target_group_arn = aws_lb_target_group.target_group_P-5000.arn
+    target_group_arn = aws_lb_target_group.target_group.arn
   }
 }
 
-resource "aws_lb_target_group" "target_group_P-5000" {
+resource "aws_lb_target_group" "target_group" {
   name        = "alb-target-group-${var.env}"
   port        = 5000
   protocol    = "HTTP"
   target_type = "ip"
   vpc_id      = var.vpc_id
-}
+}
+
+
diff --git a/terraform/ecr.tf b/terraform/ecr.tf
@@ -1,5 +1,5 @@
 resource "aws_ecrpublic_repository" "fastapi-ecr-public" {
-  provider = aws.ecr_region
+  provider = aws.secondary_region
 
   repository_name = var.repo_name
 

diff --git a/terraform/ecs.tf b/terraform/ecs.tf
@@ -54,12 +54,12 @@ resource "aws_ecs_service" "fastapi-service" {
   }
 
   load_balancer {
-    target_group_arn = aws_lb_target_group.target_group_P-5000.arn
+    target_group_arn = aws_lb_target_group.target_group.arn
     container_name   = "${var.env}_FastAPI_image"
     container_port   = 5000
   }
 
-  
+
 
 }
 

diff --git a/terraform/main.tf b/terraform/main.tf
@@ -22,7 +22,7 @@ provider "aws" {
 }
 
 provider "aws" {
-  alias  = "ecr_region"
+  alias  = "secondary_region"
   region = var.secondary_region
 
   default_tags {

diff --git a/terraform/networking.tf b/terraform/networking.tf
@@ -3,7 +3,16 @@ resource "aws_security_group" "internet_to_ALB" {
   description = "Inbound traffic from the internet into ALB for ${var.env} FastAPI environment"
 
   ingress {
-    description      = "Inbound from Internet to ALB"
+    description      = "Allowing https traffic to ALB from the internet"
+    from_port        = 443
+    to_port          = 443
+    protocol         = "tcp"
+    cidr_blocks      = ["0.0.0.0/0"]
+    ipv6_cidr_blocks = ["::/0"]
+  }
+
+  ingress {
+    description      = "Allowing http traffic to ALB from the internet"
     from_port        = 80
     to_port          = 80
     protocol         = "tcp"

diff --git a/terraform/variables.tf b/terraform/variables.tf
@@ -44,6 +44,6 @@ variable "fqdn" {
 }
 
 variable "hosted_zone_id" {
-
+  description = "Hosted zone ID for Route53"
 }
-Original file line number
+Diff line change
@@ Expand Up / @@ -44,6 +44,6 @@ variable "fqdn" { @@
     }
     variable "hosted_zone_id" {
+      description = "Hosted zone ID for Route53"
     }