feat: attach ecs service to cloudfront

skku-royals · Feb 23, 2024 · b1d2617 · b1d2617
1 parent 311dd3b
commit b1d2617
Show file tree

Hide file tree

Showing 5 changed files with 44 additions and 11 deletions.
diff --git a/aws/royals/cloudfront.tf b/aws/royals/cloudfront.tf
@@ -28,6 +28,18 @@ resource "aws_cloudfront_distribution" "main" {
     }
   }
 
+  origin {
+    domain_name = aws_lb.api.dns_name
+    origin_id   = aws_lb.api.id
+
+    custom_origin_config {
+      http_port              = 80
+      https_port             = 443
+      origin_protocol_policy = "http-only"
+      origin_ssl_protocols   = ["TLSv1.2"]
+    }
+  }
+
   enabled = true
   comment = "SKKU ROYALS CloudFront"
 
@@ -48,6 +60,16 @@ resource "aws_cloudfront_distribution" "main" {
     }
   }
 
+  ordered_cache_behavior {
+    path_pattern             = "/api/*"
+    allowed_methods          = ["GET", "HEAD", "OPTIONS", "PUT", "POST", "PATCH", "DELETE"]
+    cached_methods           = ["GET", "HEAD", "OPTIONS"]
+    target_origin_id         = aws_lb.api.id
+    viewer_protocol_policy   = "redirect-to-https"
+    cache_policy_id          = data.aws_cloudfront_cache_policy.disable.id
+    origin_request_policy_id = data.aws_cloudfront_origin_request_policy.allow_all.id
+  }
+
   restrictions {
     geo_restriction {
       restriction_type = "none"

diff --git a/aws/royals/ec2.tf b/aws/royals/ec2.tf
@@ -1,8 +1,10 @@
 resource "aws_instance" "database" {
-  ami                    = "ami-0c28dbbd4ed200038"
-  instance_type          = "t4g.small"
-  subnet_id              = aws_subnet.private_1.id
-  vpc_security_group_ids = [aws_security_group.ec2.id]
+  ami                         = "ami-0c28dbbd4ed200038"
+  instance_type               = "t4g.small"
+  subnet_id                   = aws_subnet.private_1.id
+  key_name                    = "skku-royals-key-pair"
+  vpc_security_group_ids      = [aws_security_group.ec2.id, data.aws_security_group.ssh-allow.id]
+  associate_public_ip_address = true
 
   root_block_device {
     volume_size           = 50
@@ -18,10 +20,12 @@ resource "aws_instance" "database" {
 }
 
 resource "aws_instance" "cache" {
-  ami                    = "ami-0c28dbbd4ed200038"
-  instance_type          = "t4g.micro"
-  subnet_id              = aws_subnet.private_2.id
-  vpc_security_group_ids = [aws_security_group.ec2.id]
+  ami                         = "ami-0c28dbbd4ed200038"
+  instance_type               = "t4g.micro"
+  subnet_id                   = aws_subnet.private_2.id
+  key_name                    = "skku-royals-key-pair"
+  vpc_security_group_ids      = [aws_security_group.ec2.id, data.aws_security_group.ssh-allow.id]
+  associate_public_ip_address = true
 
   root_block_device {
     volume_size           = 15

diff --git a/aws/royals/ecs-api.tf b/aws/royals/ecs-api.tf
@@ -28,7 +28,7 @@ resource "aws_lb_target_group" "api" {
 
   health_check {
     interval            = 30
-    path                = "/api"
+    path                = "/api/test"
     healthy_threshold   = 3
     unhealthy_threshold = 3
     matcher             = "200-404"

diff --git a/aws/royals/security-group.tf b/aws/royals/security-group.tf
@@ -102,3 +102,7 @@ resource "aws_security_group" "ecs" {
     Name = "skku-royals-sg-ecs"
   }
 }
+
+data "aws_security_group" "ssh-allow" {
+  id = "sg-0f79a24f880b6d5be"
+}
diff --git a/backend/app/src/app.controller.ts b/backend/app/src/app.controller.ts
@@ -7,8 +7,11 @@ import { AppService } from './app.service'
 export class AppController {
   constructor(private readonly appService: AppService) {}
 
-  @Get()
-  getHello(): string {
+  /**
+   * Used for aws ecs health-check
+   */
+  @Get('test')
+  healthCheck(): string {
     return this.appService.getHello()
   }
 }