From b1d261753168305ccfc72af98225435ee815a5f2 Mon Sep 17 00:00:00 2001 From: jspark2000 Date: Fri, 23 Feb 2024 16:16:15 +0000 Subject: [PATCH] feat: attach ecs service to cloudfront --- aws/royals/cloudfront.tf | 22 ++++++++++++++++++++++ aws/royals/ec2.tf | 20 ++++++++++++-------- aws/royals/ecs-api.tf | 2 +- aws/royals/security-group.tf | 4 ++++ backend/app/src/app.controller.ts | 7 +++++-- 5 files changed, 44 insertions(+), 11 deletions(-) diff --git a/aws/royals/cloudfront.tf b/aws/royals/cloudfront.tf index 84ecc80..854ddb4 100644 --- a/aws/royals/cloudfront.tf +++ b/aws/royals/cloudfront.tf @@ -28,6 +28,18 @@ resource "aws_cloudfront_distribution" "main" { } } + origin { + domain_name = aws_lb.api.dns_name + origin_id = aws_lb.api.id + + custom_origin_config { + http_port = 80 + https_port = 443 + origin_protocol_policy = "http-only" + origin_ssl_protocols = ["TLSv1.2"] + } + } + enabled = true comment = "SKKU ROYALS CloudFront" @@ -48,6 +60,16 @@ resource "aws_cloudfront_distribution" "main" { } } + ordered_cache_behavior { + path_pattern = "/api/*" + allowed_methods = ["GET", "HEAD", "OPTIONS", "PUT", "POST", "PATCH", "DELETE"] + cached_methods = ["GET", "HEAD", "OPTIONS"] + target_origin_id = aws_lb.api.id + viewer_protocol_policy = "redirect-to-https" + cache_policy_id = data.aws_cloudfront_cache_policy.disable.id + origin_request_policy_id = data.aws_cloudfront_origin_request_policy.allow_all.id + } + restrictions { geo_restriction { restriction_type = "none" diff --git a/aws/royals/ec2.tf b/aws/royals/ec2.tf index 1d356d2..1511e24 100644 --- a/aws/royals/ec2.tf +++ b/aws/royals/ec2.tf @@ -1,8 +1,10 @@ resource "aws_instance" "database" { - ami = "ami-0c28dbbd4ed200038" - instance_type = "t4g.small" - subnet_id = aws_subnet.private_1.id - vpc_security_group_ids = [aws_security_group.ec2.id] + ami = "ami-0c28dbbd4ed200038" + instance_type = "t4g.small" + subnet_id = aws_subnet.private_1.id + key_name = "skku-royals-key-pair" + vpc_security_group_ids = [aws_security_group.ec2.id, data.aws_security_group.ssh-allow.id] + associate_public_ip_address = true root_block_device { volume_size = 50 @@ -18,10 +20,12 @@ resource "aws_instance" "database" { } resource "aws_instance" "cache" { - ami = "ami-0c28dbbd4ed200038" - instance_type = "t4g.micro" - subnet_id = aws_subnet.private_2.id - vpc_security_group_ids = [aws_security_group.ec2.id] + ami = "ami-0c28dbbd4ed200038" + instance_type = "t4g.micro" + subnet_id = aws_subnet.private_2.id + key_name = "skku-royals-key-pair" + vpc_security_group_ids = [aws_security_group.ec2.id, data.aws_security_group.ssh-allow.id] + associate_public_ip_address = true root_block_device { volume_size = 15 diff --git a/aws/royals/ecs-api.tf b/aws/royals/ecs-api.tf index 46c082d..2a65a3f 100644 --- a/aws/royals/ecs-api.tf +++ b/aws/royals/ecs-api.tf @@ -28,7 +28,7 @@ resource "aws_lb_target_group" "api" { health_check { interval = 30 - path = "/api" + path = "/api/test" healthy_threshold = 3 unhealthy_threshold = 3 matcher = "200-404" diff --git a/aws/royals/security-group.tf b/aws/royals/security-group.tf index c912adb..f096e72 100644 --- a/aws/royals/security-group.tf +++ b/aws/royals/security-group.tf @@ -102,3 +102,7 @@ resource "aws_security_group" "ecs" { Name = "skku-royals-sg-ecs" } } + +data "aws_security_group" "ssh-allow" { + id = "sg-0f79a24f880b6d5be" +} diff --git a/backend/app/src/app.controller.ts b/backend/app/src/app.controller.ts index 5a07f46..02e2227 100644 --- a/backend/app/src/app.controller.ts +++ b/backend/app/src/app.controller.ts @@ -7,8 +7,11 @@ import { AppService } from './app.service' export class AppController { constructor(private readonly appService: AppService) {} - @Get() - getHello(): string { + /** + * Used for aws ecs health-check + */ + @Get('test') + healthCheck(): string { return this.appService.getHello() } }