feat(src): comment cloud front

vpino · Jun 17, 2024 · 8883eb2 · 8883eb2
1 parent 67ec56a
commit 8883eb2
Show file tree

Hide file tree

Showing 5 changed files with 93 additions and 79 deletions.
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -63,9 +63,9 @@ jobs:
         run: |
           aws ecs update-service --cluster $ECS_CLUSTER --service $ECS_SERVICE --force-new-deployment --region $AWS_REGION --desired-count 1
 
-      - name: Invalidate CloudFront Cache
-        env:
-          DISTRIBUTION_ID: ${{ secrets.CLOUDFRONT_DISTRIBUTION_ID }}
-          AWS_REGION: ${{ secrets.AWS_REGION }}
-        run: |
-          aws cloudfront create-invalidation --distribution-id $DISTRIBUTION_ID --paths "/*"
+      # - name: Invalidate CloudFront Cache
+      #   env:
+      #     DISTRIBUTION_ID: ${{ secrets.CLOUDFRONT_DISTRIBUTION_ID }}
+      #     AWS_REGION: ${{ secrets.AWS_REGION }}
+      #   run: |
+      #     aws cloudfront create-invalidation --distribution-id $DISTRIBUTION_ID --paths "/*"
diff --git a/terraform/fuap-backend/cloudfront.tf b/terraform/fuap-backend/cloudfront.tf
@@ -1,52 +1,52 @@
-resource "aws_cloudfront_distribution" "main" {
-  origin {
-    domain_name = aws_lb.main.dns_name
-    origin_id   = var.cloudfront_origin_id
-
-    custom_origin_config {
-      http_port              = 80
-      https_port             = 443
-      origin_protocol_policy = "https-only"
-      origin_ssl_protocols   = ["TLSv1.2"]  # Aquí especifica los protocolos SSL permitidos para la comunicación con el origen
-    }
-  }
-
-  enabled             = true
-  is_ipv6_enabled     = true
-  comment             = "CDN for FUAP-DEV application"
-  default_root_object = "index.html"
-
-  default_cache_behavior {
-    allowed_methods  = ["GET", "HEAD"]
-    cached_methods   = ["GET", "HEAD"]
-    target_origin_id = var.cloudfront_origin_id
-
-    forwarded_values {
-      query_string = false
-      cookies {
-        forward = "none"
-      }
-    }
-
-    viewer_protocol_policy = "redirect-to-https"
-    min_ttl                = 0
-    default_ttl            = 86400
-    max_ttl                = 31536000
-  }
-
-  price_class = var.cloudfront_price_class
-
-  restrictions {
-    geo_restriction {
-      restriction_type = "none"
-    }
-  }
-
-  viewer_certificate {
-    cloudfront_default_certificate = true
-  }
-
-  tags = {
-    Name = "fuap-dev-cloudfront"
-  }
-}
+# resource "aws_cloudfront_distribution" "main" {
+#   origin {
+#     domain_name = aws_lb.main.dns_name
+#     origin_id   = var.cloudfront_origin_id
+
+#     custom_origin_config {
+#       http_port              = 80
+#       https_port             = 443
+#       origin_protocol_policy = "https-only"
+#       origin_ssl_protocols   = ["TLSv1.2"]  # Aquí especifica los protocolos SSL permitidos para la comunicación con el origen
+#     }
+#   }
+
+#   enabled             = true
+#   is_ipv6_enabled     = true
+#   comment             = "CDN for FUAP-DEV application"
+#   default_root_object = "index.html"
+
+#   default_cache_behavior {
+#     allowed_methods  = ["GET", "HEAD"]
+#     cached_methods   = ["GET", "HEAD"]
+#     target_origin_id = var.cloudfront_origin_id
+
+#     forwarded_values {
+#       query_string = false
+#       cookies {
+#         forward = "none"
+#       }
+#     }
+
+#     viewer_protocol_policy = "redirect-to-https"
+#     min_ttl                = 0
+#     default_ttl            = 86400
+#     max_ttl                = 31536000
+#   }
+
+#   price_class = var.cloudfront_price_class
+
+#   restrictions {
+#     geo_restriction {
+#       restriction_type = "none"
+#     }
+#   }
+
+#   viewer_certificate {
+#     cloudfront_default_certificate = true
+#   }
+
+#   tags = {
+#     Name = "fuap-dev-cloudfront"
+#   }
+# }
diff --git a/terraform/fuap-backend/load_balancer.tf b/terraform/fuap-backend/load_balancer.tf
@@ -30,7 +30,7 @@ resource "aws_lb_target_group" "main" {
   vpc_id = aws_vpc.main.id  # Reemplaza con el ID de tu VPC
 
   health_check {
-    path                = "/"
+    path                = "/api/docs"
     protocol            = "HTTP"
     timeout             = 5
     interval            = 30

diff --git a/terraform/fuap-backend/outputs.tf b/terraform/fuap-backend/outputs.tf
@@ -33,10 +33,10 @@ output "ecs_service_name" {
   value = aws_ecs_service.main.name
 }
 
-output "cloudfront_distribution_id" {
-  value = aws_cloudfront_distribution.main.id
-}
+# output "cloudfront_distribution_id" {
+#   value = aws_cloudfront_distribution.main.id
+# }
 
-output "cloudfront_distribution_domain" {
-  value = aws_cloudfront_distribution.main.domain_name
-}
+# output "cloudfront_distribution_domain" {
+#   value = aws_cloudfront_distribution.main.domain_name
+# }
diff --git a/terraform/fuap-backend/security_groups.tf b/terraform/fuap-backend/security_groups.tf
@@ -4,20 +4,6 @@ resource "aws_security_group" "ecs" {
     Name = "ecs-sg"
   }
 
-  ingress {
-    from_port   = 80
-    to_port     = 80
-    protocol    = "tcp"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-
-  ingress {
-    from_port   = 443
-    to_port     = 443
-    protocol    = "tcp"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-
   ingress {
     from_port   = 3000
     to_port     = 3000
@@ -54,3 +40,31 @@ resource "aws_security_group" "rds" {
     cidr_blocks = ["0.0.0.0/0"]
   }
 }
+
+resource "aws_security_group" "lb" {
+  vpc_id = aws_vpc.main.id
+  tags = {
+    Name = "lb-sg"
+  }
+
+  ingress {
+    from_port       = 80
+    to_port         = 80
+    protocol        = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  ingress {
+    from_port       = 4433
+    to_port         = 4433
+    protocol        = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}