From 8883eb2fe430583f95a47f83d139a6ba22cacbbf Mon Sep 17 00:00:00 2001 From: Victor Pino Date: Sun, 16 Jun 2024 22:11:27 -0400 Subject: [PATCH] feat(src): comment cloud front --- .github/workflows/deploy.yml | 12 +-- terraform/fuap-backend/cloudfront.tf | 104 +++++++++++----------- terraform/fuap-backend/load_balancer.tf | 2 +- terraform/fuap-backend/outputs.tf | 12 +-- terraform/fuap-backend/security_groups.tf | 42 ++++++--- 5 files changed, 93 insertions(+), 79 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 53b50eb..f958d43 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -63,9 +63,9 @@ jobs: run: | aws ecs update-service --cluster $ECS_CLUSTER --service $ECS_SERVICE --force-new-deployment --region $AWS_REGION --desired-count 1 - - name: Invalidate CloudFront Cache - env: - DISTRIBUTION_ID: ${{ secrets.CLOUDFRONT_DISTRIBUTION_ID }} - AWS_REGION: ${{ secrets.AWS_REGION }} - run: | - aws cloudfront create-invalidation --distribution-id $DISTRIBUTION_ID --paths "/*" + # - name: Invalidate CloudFront Cache + # env: + # DISTRIBUTION_ID: ${{ secrets.CLOUDFRONT_DISTRIBUTION_ID }} + # AWS_REGION: ${{ secrets.AWS_REGION }} + # run: | + # aws cloudfront create-invalidation --distribution-id $DISTRIBUTION_ID --paths "/*" diff --git a/terraform/fuap-backend/cloudfront.tf b/terraform/fuap-backend/cloudfront.tf index 776de73..4d02a1c 100644 --- a/terraform/fuap-backend/cloudfront.tf +++ b/terraform/fuap-backend/cloudfront.tf @@ -1,52 +1,52 @@ -resource "aws_cloudfront_distribution" "main" { - origin { - domain_name = aws_lb.main.dns_name - origin_id = var.cloudfront_origin_id - - custom_origin_config { - http_port = 80 - https_port = 443 - origin_protocol_policy = "https-only" - origin_ssl_protocols = ["TLSv1.2"] # Aquí especifica los protocolos SSL permitidos para la comunicación con el origen - } - } - - enabled = true - is_ipv6_enabled = true - comment = "CDN for FUAP-DEV application" - default_root_object = "index.html" - - default_cache_behavior { - allowed_methods = ["GET", "HEAD"] - cached_methods = ["GET", "HEAD"] - target_origin_id = var.cloudfront_origin_id - - forwarded_values { - query_string = false - cookies { - forward = "none" - } - } - - viewer_protocol_policy = "redirect-to-https" - min_ttl = 0 - default_ttl = 86400 - max_ttl = 31536000 - } - - price_class = var.cloudfront_price_class - - restrictions { - geo_restriction { - restriction_type = "none" - } - } - - viewer_certificate { - cloudfront_default_certificate = true - } - - tags = { - Name = "fuap-dev-cloudfront" - } -} +# resource "aws_cloudfront_distribution" "main" { +# origin { +# domain_name = aws_lb.main.dns_name +# origin_id = var.cloudfront_origin_id + +# custom_origin_config { +# http_port = 80 +# https_port = 443 +# origin_protocol_policy = "https-only" +# origin_ssl_protocols = ["TLSv1.2"] # Aquí especifica los protocolos SSL permitidos para la comunicación con el origen +# } +# } + +# enabled = true +# is_ipv6_enabled = true +# comment = "CDN for FUAP-DEV application" +# default_root_object = "index.html" + +# default_cache_behavior { +# allowed_methods = ["GET", "HEAD"] +# cached_methods = ["GET", "HEAD"] +# target_origin_id = var.cloudfront_origin_id + +# forwarded_values { +# query_string = false +# cookies { +# forward = "none" +# } +# } + +# viewer_protocol_policy = "redirect-to-https" +# min_ttl = 0 +# default_ttl = 86400 +# max_ttl = 31536000 +# } + +# price_class = var.cloudfront_price_class + +# restrictions { +# geo_restriction { +# restriction_type = "none" +# } +# } + +# viewer_certificate { +# cloudfront_default_certificate = true +# } + +# tags = { +# Name = "fuap-dev-cloudfront" +# } +# } diff --git a/terraform/fuap-backend/load_balancer.tf b/terraform/fuap-backend/load_balancer.tf index 59febdd..f7995a3 100644 --- a/terraform/fuap-backend/load_balancer.tf +++ b/terraform/fuap-backend/load_balancer.tf @@ -30,7 +30,7 @@ resource "aws_lb_target_group" "main" { vpc_id = aws_vpc.main.id # Reemplaza con el ID de tu VPC health_check { - path = "/" + path = "/api/docs" protocol = "HTTP" timeout = 5 interval = 30 diff --git a/terraform/fuap-backend/outputs.tf b/terraform/fuap-backend/outputs.tf index 59a5e7f..ab3addb 100644 --- a/terraform/fuap-backend/outputs.tf +++ b/terraform/fuap-backend/outputs.tf @@ -33,10 +33,10 @@ output "ecs_service_name" { value = aws_ecs_service.main.name } -output "cloudfront_distribution_id" { - value = aws_cloudfront_distribution.main.id -} +# output "cloudfront_distribution_id" { +# value = aws_cloudfront_distribution.main.id +# } -output "cloudfront_distribution_domain" { - value = aws_cloudfront_distribution.main.domain_name -} +# output "cloudfront_distribution_domain" { +# value = aws_cloudfront_distribution.main.domain_name +# } diff --git a/terraform/fuap-backend/security_groups.tf b/terraform/fuap-backend/security_groups.tf index 8f1e25c..5adde69 100644 --- a/terraform/fuap-backend/security_groups.tf +++ b/terraform/fuap-backend/security_groups.tf @@ -4,20 +4,6 @@ resource "aws_security_group" "ecs" { Name = "ecs-sg" } - ingress { - from_port = 80 - to_port = 80 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - } - - ingress { - from_port = 443 - to_port = 443 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - } - ingress { from_port = 3000 to_port = 3000 @@ -54,3 +40,31 @@ resource "aws_security_group" "rds" { cidr_blocks = ["0.0.0.0/0"] } } + +resource "aws_security_group" "lb" { + vpc_id = aws_vpc.main.id + tags = { + Name = "lb-sg" + } + + ingress { + from_port = 80 + to_port = 80 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + ingress { + from_port = 4433 + to_port = 4433 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } +}