From 28c1747628fa486f3a44a7fa2c15fe7175f3b96d Mon Sep 17 00:00:00 2001
From: IrezD <dennysben@gmail.com>
Date: Thu, 28 Dec 2023 13:44:07 +0100
Subject: [PATCH 01/11] Fix: Allowing  Port 443 to load balaner

---
 terraform/alb.tf        | 26 +++++++++++++++++++++++++-
 terraform/networking.tf |  9 +++++++++
 2 files changed, 34 insertions(+), 1 deletion(-)

diff --git a/terraform/alb.tf b/terraform/alb.tf
index ceefdaa..f615978 100644
--- a/terraform/alb.tf
+++ b/terraform/alb.tf
@@ -6,7 +6,7 @@ resource "aws_lb" "alb" {
   subnets            = var.subnets_for_ecs
 }
 
-resource "aws_lb_listener" "front_end" {
+resource "aws_lb_listener" "listerner_80" {
   load_balancer_arn = aws_lb.alb.arn
   port              = "80"
   protocol          = "HTTP"
@@ -23,4 +23,28 @@ resource "aws_lb_target_group" "target_group_P-5000" {
   protocol    = "HTTP"
   target_type = "ip"
   vpc_id      = var.vpc_id
+}
+
+resource "aws_lb_listener" "listerner_443" {
+  load_balancer_arn = aws_lb.alb.arn
+  port              = "443"
+  protocol          = "HTTPS"
+
+  default_action {
+    type             = "forward"
+    target_group_arn = aws_lb_target_group.target_group_P-5001.arn
+  }
+}
+
+resource "aws_lb_target_group" "target_group_P-5001" {
+  name        = "alb-target-group-${var.env}"
+  port        = 5000
+  protocol    = "HTTPS"
+  target_type = "ip"
+  vpc_id      = var.vpc_id
+}
+
+resource "aws_lb_listener_certificate" "example" {
+  listener_arn    = aws_lb_listener.listerner_443.arn
+  certificate_arn = "arn:aws:acm:us-east-1:806066816337:certificate/3848def8-0982-4f7e-b2be-664c6d00d101"
 }
\ No newline at end of file
diff --git a/terraform/networking.tf b/terraform/networking.tf
index 7600bf2..f66c974 100644
--- a/terraform/networking.tf
+++ b/terraform/networking.tf
@@ -11,6 +11,15 @@ resource "aws_security_group" "internet_to_ALB" {
     ipv6_cidr_blocks = ["::/0"]
   }
 
+   ingress {
+    description      = "Inbound from Internet to ALB"
+    from_port        = 443
+    to_port          = 443
+    protocol         = "tcp"
+    cidr_blocks      = ["0.0.0.0/0"]
+    ipv6_cidr_blocks = ["::/0"]
+  }
+
   egress {
     from_port        = 0
     to_port          = 0

From 1cc2d928927852cbe6a2bead9659bc57a02b00da Mon Sep 17 00:00:00 2001
From: IrezD <dennysben@gmail.com>
Date: Thu, 28 Dec 2023 13:48:20 +0100
Subject: [PATCH 02/11] Fix: Allowing  Port 443 to load balaner

---
 terraform/alb.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/terraform/alb.tf b/terraform/alb.tf
index f615978..e0810f3 100644
--- a/terraform/alb.tf
+++ b/terraform/alb.tf
@@ -37,7 +37,7 @@ resource "aws_lb_listener" "listerner_443" {
 }
 
 resource "aws_lb_target_group" "target_group_P-5001" {
-  name        = "alb-target-group-${var.env}"
+  name        = "alb-target-group-${var.env}-443"
   port        = 5000
   protocol    = "HTTPS"
   target_type = "ip"

From 8b9324e9d2cbda5bca1f2c1199313b9cb3d46acb Mon Sep 17 00:00:00 2001
From: IrezD <dennysben@gmail.com>
Date: Thu, 28 Dec 2023 13:55:32 +0100
Subject: [PATCH 03/11] Fix: Allowing  Port 443 to load balaner

---
 terraform/alb.tf | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/terraform/alb.tf b/terraform/alb.tf
index e0810f3..e4d8734 100644
--- a/terraform/alb.tf
+++ b/terraform/alb.tf
@@ -29,6 +29,8 @@ resource "aws_lb_listener" "listerner_443" {
   load_balancer_arn = aws_lb.alb.arn
   port              = "443"
   protocol          = "HTTPS"
+  ssl_policy        = "ELBSecurityPolicy-2016-08"
+  certificate_arn = "arn:aws:acm:us-east-1:806066816337:certificate/3848def8-0982-4f7e-b2be-664c6d00d101"
 
   default_action {
     type             = "forward"
@@ -43,8 +45,3 @@ resource "aws_lb_target_group" "target_group_P-5001" {
   target_type = "ip"
   vpc_id      = var.vpc_id
 }
-
-resource "aws_lb_listener_certificate" "example" {
-  listener_arn    = aws_lb_listener.listerner_443.arn
-  certificate_arn = "arn:aws:acm:us-east-1:806066816337:certificate/3848def8-0982-4f7e-b2be-664c6d00d101"
-}
\ No newline at end of file

From 3d6f9f5805f01b6f606efc427bb4657ce2372adf Mon Sep 17 00:00:00 2001
From: IrezD <dennysben@gmail.com>
Date: Thu, 28 Dec 2023 14:10:31 +0100
Subject: [PATCH 04/11] Fix: Allowing  Port 443 to load balaner

---
 terraform/acm.tf  | 7 +++++++
 terraform/ecr.tf  | 2 +-
 terraform/main.tf | 2 +-
 3 files changed, 9 insertions(+), 2 deletions(-)
 create mode 100644 terraform/acm.tf

diff --git a/terraform/acm.tf b/terraform/acm.tf
new file mode 100644
index 0000000..42cf6e4
--- /dev/null
+++ b/terraform/acm.tf
@@ -0,0 +1,7 @@
+resource "aws_acm_certificate" "cert" {
+  provider = aws.secondary_region
+
+  domain_name       = var.fqdn
+  validation_method = "EMAIL"
+
+}
\ No newline at end of file
diff --git a/terraform/ecr.tf b/terraform/ecr.tf
index dbf4837..c470481 100644
--- a/terraform/ecr.tf
+++ b/terraform/ecr.tf
@@ -1,5 +1,5 @@
 resource "aws_ecrpublic_repository" "fastapi-ecr-public" {
-  provider = aws.ecr_region
+  provider = aws.secondary_region
 
   repository_name = var.repo_name
 
diff --git a/terraform/main.tf b/terraform/main.tf
index 7892be9..7d3f568 100644
--- a/terraform/main.tf
+++ b/terraform/main.tf
@@ -22,7 +22,7 @@ provider "aws" {
 }
 
 provider "aws" {
-  alias  = "ecr_region"
+  alias  = "secondary_region"
   region = var.secondary_region
 
   default_tags {

From acae117781a2f0d609924f993d95edb39527dbbc Mon Sep 17 00:00:00 2001
From: IrezD <dennysben@gmail.com>
Date: Thu, 28 Dec 2023 14:14:54 +0100
Subject: [PATCH 05/11] Fix: Allowing  Port 443 to load balaner

---
 terraform/alb.tf        | 2 +-
 terraform/ecs.tf        | 2 +-
 terraform/networking.tf | 2 +-
 terraform/variables.tf  | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/terraform/alb.tf b/terraform/alb.tf
index e4d8734..6bf36eb 100644
--- a/terraform/alb.tf
+++ b/terraform/alb.tf
@@ -30,7 +30,7 @@ resource "aws_lb_listener" "listerner_443" {
   port              = "443"
   protocol          = "HTTPS"
   ssl_policy        = "ELBSecurityPolicy-2016-08"
-  certificate_arn = "arn:aws:acm:us-east-1:806066816337:certificate/3848def8-0982-4f7e-b2be-664c6d00d101"
+  certificate_arn   = aws_acm_certificate.cert.arn
 
   default_action {
     type             = "forward"
diff --git a/terraform/ecs.tf b/terraform/ecs.tf
index 4794e21..31005be 100644
--- a/terraform/ecs.tf
+++ b/terraform/ecs.tf
@@ -59,7 +59,7 @@ resource "aws_ecs_service" "fastapi-service" {
     container_port   = 5000
   }
 
-  
+
 
 }
 
diff --git a/terraform/networking.tf b/terraform/networking.tf
index f66c974..be90b46 100644
--- a/terraform/networking.tf
+++ b/terraform/networking.tf
@@ -11,7 +11,7 @@ resource "aws_security_group" "internet_to_ALB" {
     ipv6_cidr_blocks = ["::/0"]
   }
 
-   ingress {
+  ingress {
     description      = "Inbound from Internet to ALB"
     from_port        = 443
     to_port          = 443
diff --git a/terraform/variables.tf b/terraform/variables.tf
index 98b5de8..f00def6 100644
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@@ -44,6 +44,6 @@ variable "fqdn" {
 }
 
 variable "hosted_zone_id" {
-  
+
 }
 

From 36cdedacbddb92949c85139a4f7fcef0cc3aa48e Mon Sep 17 00:00:00 2001
From: IrezD <dennysben@gmail.com>
Date: Thu, 28 Dec 2023 14:40:28 +0100
Subject: [PATCH 06/11] Fix: Allowing  Port 443 to load balaner

---
 terraform/acm.tf | 1 -
 1 file changed, 1 deletion(-)

diff --git a/terraform/acm.tf b/terraform/acm.tf
index 42cf6e4..1f80356 100644
--- a/terraform/acm.tf
+++ b/terraform/acm.tf
@@ -1,5 +1,4 @@
 resource "aws_acm_certificate" "cert" {
-  provider = aws.secondary_region
 
   domain_name       = var.fqdn
   validation_method = "EMAIL"

From 25288886ee403c459a76838c574b005809a948d7 Mon Sep 17 00:00:00 2001
From: IrezD <dennysben@gmail.com>
Date: Thu, 28 Dec 2023 15:35:30 +0100
Subject: [PATCH 07/11] Fix: Allowing  Port 443 to load balaner

---
 terraform/ecs.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/terraform/ecs.tf b/terraform/ecs.tf
index 31005be..a5e5cf9 100644
--- a/terraform/ecs.tf
+++ b/terraform/ecs.tf
@@ -54,7 +54,7 @@ resource "aws_ecs_service" "fastapi-service" {
   }
 
   load_balancer {
-    target_group_arn = aws_lb_target_group.target_group_P-5000.arn
+    target_group_arn = ["aws_lb_target_group.target_group_P-5000.arn", "aws_lb_target_group.target_group_P-5001.arn"]
     container_name   = "${var.env}_FastAPI_image"
     container_port   = 5000
   }

From b38f0ec2db74dda4c68a193d22cb69c271827a76 Mon Sep 17 00:00:00 2001
From: IrezD <dennysben@gmail.com>
Date: Thu, 28 Dec 2023 15:37:26 +0100
Subject: [PATCH 08/11] Fix: Allowing  Port 443 to load balaner

---
 terraform/ecs.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/terraform/ecs.tf b/terraform/ecs.tf
index a5e5cf9..01e7e88 100644
--- a/terraform/ecs.tf
+++ b/terraform/ecs.tf
@@ -54,7 +54,7 @@ resource "aws_ecs_service" "fastapi-service" {
   }
 
   load_balancer {
-    target_group_arn = ["aws_lb_target_group.target_group_P-5000.arn", "aws_lb_target_group.target_group_P-5001.arn"]
+    target_group_arn = [aws_lb_target_group.target_group_P-5000.arn, aws_lb_target_group.target_group_P-5001.arn]
     container_name   = "${var.env}_FastAPI_image"
     container_port   = 5000
   }

From cd8f4b370a4ea6645a3eb5b621eb525548c9adb4 Mon Sep 17 00:00:00 2001
From: IrezD <dennysben@gmail.com>
Date: Thu, 28 Dec 2023 16:25:21 +0100
Subject: [PATCH 09/11] Fix: Allowing  Port 443 to load balaner

---
 terraform/alb.tf        | 28 +++++-----------------------
 terraform/ecs.tf        |  2 +-
 terraform/networking.tf |  9 ---------
 terraform/variables.tf  |  2 +-
 4 files changed, 7 insertions(+), 34 deletions(-)

diff --git a/terraform/alb.tf b/terraform/alb.tf
index 6bf36eb..ac9ca46 100644
--- a/terraform/alb.tf
+++ b/terraform/alb.tf
@@ -6,26 +6,7 @@ resource "aws_lb" "alb" {
   subnets            = var.subnets_for_ecs
 }
 
-resource "aws_lb_listener" "listerner_80" {
-  load_balancer_arn = aws_lb.alb.arn
-  port              = "80"
-  protocol          = "HTTP"
-
-  default_action {
-    type             = "forward"
-    target_group_arn = aws_lb_target_group.target_group_P-5000.arn
-  }
-}
-
-resource "aws_lb_target_group" "target_group_P-5000" {
-  name        = "alb-target-group-${var.env}"
-  port        = 5000
-  protocol    = "HTTP"
-  target_type = "ip"
-  vpc_id      = var.vpc_id
-}
-
-resource "aws_lb_listener" "listerner_443" {
+resource "aws_lb_listener" "listerner" {
   load_balancer_arn = aws_lb.alb.arn
   port              = "443"
   protocol          = "HTTPS"
@@ -34,14 +15,15 @@ resource "aws_lb_listener" "listerner_443" {
 
   default_action {
     type             = "forward"
-    target_group_arn = aws_lb_target_group.target_group_P-5001.arn
+    target_group_arn = aws_lb_target_group.target_group.arn
   }
 }
 
-resource "aws_lb_target_group" "target_group_P-5001" {
-  name        = "alb-target-group-${var.env}-443"
+resource "aws_lb_target_group" "target_group" {
+  name        = "alb-target-group-${var.env}"
   port        = 5000
   protocol    = "HTTPS"
   target_type = "ip"
   vpc_id      = var.vpc_id
 }
+ 
\ No newline at end of file
diff --git a/terraform/ecs.tf b/terraform/ecs.tf
index 01e7e88..b88f59d 100644
--- a/terraform/ecs.tf
+++ b/terraform/ecs.tf
@@ -54,7 +54,7 @@ resource "aws_ecs_service" "fastapi-service" {
   }
 
   load_balancer {
-    target_group_arn = [aws_lb_target_group.target_group_P-5000.arn, aws_lb_target_group.target_group_P-5001.arn]
+    target_group_arn = aws_lb_target_group.target_group.arn
     container_name   = "${var.env}_FastAPI_image"
     container_port   = 5000
   }
diff --git a/terraform/networking.tf b/terraform/networking.tf
index be90b46..8fc0144 100644
--- a/terraform/networking.tf
+++ b/terraform/networking.tf
@@ -2,15 +2,6 @@ resource "aws_security_group" "internet_to_ALB" {
   name        = "internet-to-alb-${var.env}"
   description = "Inbound traffic from the internet into ALB for ${var.env} FastAPI environment"
 
-  ingress {
-    description      = "Inbound from Internet to ALB"
-    from_port        = 80
-    to_port          = 80
-    protocol         = "tcp"
-    cidr_blocks      = ["0.0.0.0/0"]
-    ipv6_cidr_blocks = ["::/0"]
-  }
-
   ingress {
     description      = "Inbound from Internet to ALB"
     from_port        = 443
diff --git a/terraform/variables.tf b/terraform/variables.tf
index f00def6..02471b0 100644
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@@ -44,6 +44,6 @@ variable "fqdn" {
 }
 
 variable "hosted_zone_id" {
-
+  description = "Hosted zone ID for Route53"
 }
 

From 1c825c3710d319cd4b60ff0b18a3ad2aab405743 Mon Sep 17 00:00:00 2001
From: IrezD <dennysben@gmail.com>
Date: Thu, 28 Dec 2023 16:45:21 +0100
Subject: [PATCH 10/11] Fix: Allowing  Port 443 to load balaner

---
 terraform/alb.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/terraform/alb.tf b/terraform/alb.tf
index ac9ca46..ff3d81a 100644
--- a/terraform/alb.tf
+++ b/terraform/alb.tf
@@ -10,7 +10,7 @@ resource "aws_lb_listener" "listerner" {
   load_balancer_arn = aws_lb.alb.arn
   port              = "443"
   protocol          = "HTTPS"
-  ssl_policy        = "ELBSecurityPolicy-2016-08"
+  ssl_policy        = "ELBSecurityPolicy-TLS13-1-2-2021-06"
   certificate_arn   = aws_acm_certificate.cert.arn
 
   default_action {

From bde4bda7ef11360c58c9786d69ef0353ebb1bb8b Mon Sep 17 00:00:00 2001
From: IrezD <dennysben@gmail.com>
Date: Thu, 28 Dec 2023 21:03:36 +0100
Subject: [PATCH 11/11] configured listener to 443 which forwards to 80

---
 terraform/alb.tf        |  3 ++-
 terraform/networking.tf | 11 ++++++++++-
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/terraform/alb.tf b/terraform/alb.tf
index ff3d81a..700d17f 100644
--- a/terraform/alb.tf
+++ b/terraform/alb.tf
@@ -22,8 +22,9 @@ resource "aws_lb_listener" "listerner" {
 resource "aws_lb_target_group" "target_group" {
   name        = "alb-target-group-${var.env}"
   port        = 5000
-  protocol    = "HTTPS"
+  protocol    = "HTTP"
   target_type = "ip"
   vpc_id      = var.vpc_id
 }
+
  
\ No newline at end of file
diff --git a/terraform/networking.tf b/terraform/networking.tf
index 8fc0144..37b47df 100644
--- a/terraform/networking.tf
+++ b/terraform/networking.tf
@@ -3,7 +3,7 @@ resource "aws_security_group" "internet_to_ALB" {
   description = "Inbound traffic from the internet into ALB for ${var.env} FastAPI environment"
 
   ingress {
-    description      = "Inbound from Internet to ALB"
+    description      = "Allowing https traffic to ALB from the internet"
     from_port        = 443
     to_port          = 443
     protocol         = "tcp"
@@ -11,6 +11,15 @@ resource "aws_security_group" "internet_to_ALB" {
     ipv6_cidr_blocks = ["::/0"]
   }
 
+  ingress {
+    description      = "Allowing http traffic to ALB from the internet"
+    from_port        = 80
+    to_port          = 80
+    protocol         = "tcp"
+    cidr_blocks      = ["0.0.0.0/0"]
+    ipv6_cidr_blocks = ["::/0"]
+  }
+
   egress {
     from_port        = 0
     to_port          = 0