-
Notifications
You must be signed in to change notification settings - Fork 46
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update roadmap and add HTTPS usage example
- Loading branch information
Showing
8 changed files
with
174 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
# Base | ||
FROM node:alpine AS base | ||
ENV HOME=/home/node | ||
WORKDIR $HOME/app | ||
RUN chown -R node:node $HOME/* | ||
USER node | ||
COPY package*.json ./ | ||
|
||
# Dependencies | ||
FROM base AS dependencies | ||
RUN npm set progress=false && npm config set depth 0 | ||
RUN npm install --only=production | ||
RUN cp -R node_modules prod_node_modules | ||
RUN npm install | ||
|
||
# Release | ||
FROM dependencies as release | ||
|
||
COPY --from=dependencies $HOME/app/prod_node_modules ./node_modules | ||
COPY . . | ||
|
||
EXPOSE 3000 | ||
|
||
CMD ["node", "."] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
# HTTPS enabled example | ||
|
||
## Usage | ||
|
||
To run this example you need to execute: | ||
|
||
```bash | ||
$ terraform init | ||
$ terraform plan | ||
$ terraform apply | ||
``` | ||
|
||
Also, you will need a valid ACM certificate (SSL/TLS) and associate it to the Fargate service you would like to enable HTTPS. | ||
|
||
Note that this example create resources which can cost money (AWS Fargate Services, for example). Run `terraform destroy` when you don't need these resources. | ||
|
||
## Outputs | ||
|
||
| Name | Description | | ||
|------|-------------| | ||
| vpc | VPC created for ECS cluster | | ||
| ecr | ECR Docker registry for Docker images | | ||
| ecs_cluster | ECS cluster | | ||
| application_load_balancers | ALBs which expose ECS services | | ||
| web_security_group | Security groups attached to ALBs | | ||
| services_security_groups | Security groups attached to ECS services | | ||
| cloudwatch_log_groups | CloudWatch groups for ECS services | |
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
const express = require('express') | ||
const os = require('os') | ||
|
||
const hostname = os.hostname() | ||
const app = express() | ||
|
||
app.listen(3000, () => console.log(`Example app listening on port 3000! Host: ${hostname}`)) | ||
|
||
app.get('/', async (req, res) => res.json({ | ||
hostname, | ||
message: 'Look mommy, I\'m using HTTPS!' | ||
})) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,74 @@ | ||
terraform { | ||
required_version = "~> 0.11.11" | ||
} | ||
|
||
provider "aws" { | ||
version = "~> 1.54.0" | ||
region = "us-east-1" | ||
profile = "playground" | ||
} | ||
|
||
## Domain Aliases and SSL config | ||
|
||
data "aws_route53_zone" "this" { | ||
name = "https-example.dev." | ||
private_zone = false | ||
} | ||
|
||
resource "aws_acm_certificate" "this" { | ||
domain_name = "this-is-my.https-example.dev" | ||
validation_method = "DNS" | ||
} | ||
|
||
resource "aws_route53_record" "cert_validation" { | ||
name = "${aws_acm_certificate.this.domain_validation_options.0.resource_record_name}" | ||
type = "${aws_acm_certificate.this.domain_validation_options.0.resource_record_type}" | ||
zone_id = "${data.aws_route53_zone.this.id}" | ||
records = ["${aws_acm_certificate.this.domain_validation_options.0.resource_record_value}"] | ||
ttl = 60 | ||
} | ||
|
||
resource "aws_acm_certificate_validation" "this" { | ||
certificate_arn = "${aws_acm_certificate.this.arn}" | ||
validation_record_fqdns = ["${aws_route53_record.cert_validation.fqdn}"] | ||
} | ||
|
||
resource "aws_route53_record" "subdomain" { | ||
name = "this-is-my.https-example.dev" | ||
zone_id = "${data.aws_route53_zone.this.id}" | ||
type = "A" | ||
|
||
alias { | ||
name = "${module.fargate.application_load_balancers_dns_names[0]}" # Position 0 because we only have one Fargate service (api) | ||
zone_id = "${module.fargate.application_load_balancers_zone_ids[0]}" # Same here | ||
evaluate_target_health = true | ||
} | ||
} | ||
|
||
# Module definition here! | ||
|
||
module "fargate" { | ||
source = "../../" | ||
|
||
name = "https-example" | ||
|
||
services = { | ||
api = { | ||
task_definition = "api.json" | ||
container_port = 3000 | ||
cpu = "256" | ||
memory = "512" | ||
replicas = 3 | ||
|
||
registry_retention_count = 15 # Optional. 20 by default | ||
logs_retention_days = 14 # Optional. 30 by default | ||
|
||
# To activate SSL Listener (HTTPS) set the ARN of the ACM certificate here! 🔑 | ||
acm_certificate_arn = "${aws_acm_certificate.this.arn}" | ||
} | ||
} | ||
} | ||
|
||
## After all of this, you should be able to visit make requests to the service hitting https://this-is-my.https-example.dev | ||
## Ofc, if you were the owner of "https-exampke.dev" domain 😅 | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
# VPC | ||
output "vpc" { | ||
value = "${module.fargate.vpc}" | ||
} | ||
|
||
# ECR | ||
output "ecr" { | ||
value = "${module.fargate.ecr_repository}" | ||
} | ||
|
||
# ECS Cluster | ||
output "ecs_cluster" { | ||
value = "${module.fargate.ecs_cluster}" | ||
} | ||
|
||
# ALBs | ||
output "application_load_balancers" { | ||
value = "${module.fargate.application_load_balancers}" | ||
} | ||
|
||
# Security Groups | ||
output "web_security_group" { | ||
value = "${module.fargate.web_security_group}" | ||
} | ||
|
||
output "services_security_groups" { | ||
value = "${module.fargate.services_security_groups}" | ||
} | ||
|
||
# CloudWatch | ||
output "cloudwatch_log_groups" { | ||
value = "${module.fargate.cloudwatch_log_groups}" | ||
} |