feat(phase-2): workstream 8 — Multi-Region Terraform Deployment
AWS environment: - VPC (3-AZ, public + private subnets, NAT gateways, VPC endpoints for ECR/SM/CW) - ECS Fargate service (sentryagent/agentidp) — secrets from Secrets Manager - RDS PostgreSQL 14 (Multi-AZ, encrypted, VPC-internal, storage autoscaling) - ElastiCache Redis 7 (primary + replica, at-rest + in-transit encryption) - ALB with HTTPS/443, HTTP→HTTPS redirect, ACM certificate - Route 53 alias record GCP environment: - VPC + private services access + Serverless VPC connector - Cloud Run service — secrets from Secret Manager - Cloud SQL PostgreSQL 14 (private IP, no public endpoint) - Cloud Memorystore Redis 7 (VPC-internal, AUTH enabled) Shared: - 4 reusable modules: agentidp (dual AWS/GCP), rds, redis, lb - No hardcoded secrets; all sensitive vars marked sensitive=true - terraform.tfvars.example for both environments - docs/devops/deployment.md — AWS + GCP step-by-step walkthrough, rollback procedures Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
SentryAgent.ai Developer
84
terraform/environments/aws/outputs.tf
Normal file
84
terraform/environments/aws/outputs.tf
Normal file
@@ -0,0 +1,84 @@
|
||||
################################################################################
|
||||
# Environment: aws
|
||||
# Outputs
|
||||
################################################################################
|
||||
|
||||
output "alb_dns_name" {
|
||||
description = "DNS name of the Application Load Balancer."
|
||||
value = module.lb.alb_dns_name
|
||||
}
|
||||
|
||||
output "service_url" {
|
||||
description = "Public HTTPS URL of the AgentIdP service."
|
||||
value = "https://${var.domain_name}"
|
||||
}
|
||||
|
||||
output "ecs_cluster_arn" {
|
||||
description = "ARN of the ECS cluster."
|
||||
value = module.agentidp.aws_ecs_cluster_arn
|
||||
}
|
||||
|
||||
output "ecs_service_name" {
|
||||
description = "Name of the ECS Fargate service."
|
||||
value = module.agentidp.aws_ecs_service_name
|
||||
}
|
||||
|
||||
output "ecs_task_definition_arn" {
|
||||
description = "Active ECS task definition ARN."
|
||||
value = module.agentidp.aws_ecs_task_definition_arn
|
||||
}
|
||||
|
||||
output "rds_endpoint" {
|
||||
description = "RDS PostgreSQL endpoint hostname."
|
||||
value = module.rds.endpoint
|
||||
}
|
||||
|
||||
output "rds_port" {
|
||||
description = "RDS PostgreSQL port."
|
||||
value = module.rds.port
|
||||
}
|
||||
|
||||
output "rds_instance_id" {
|
||||
description = "RDS instance identifier."
|
||||
value = module.rds.instance_id
|
||||
}
|
||||
|
||||
output "redis_primary_endpoint" {
|
||||
description = "ElastiCache Redis primary endpoint hostname."
|
||||
value = module.redis.primary_endpoint
|
||||
}
|
||||
|
||||
output "redis_reader_endpoint" {
|
||||
description = "ElastiCache Redis reader endpoint."
|
||||
value = module.redis.reader_endpoint
|
||||
}
|
||||
|
||||
output "vpc_id" {
|
||||
description = "ID of the VPC created for this deployment."
|
||||
value = aws_vpc.main.id
|
||||
}
|
||||
|
||||
output "private_subnet_ids" {
|
||||
description = "IDs of the private subnets (ECS, RDS, Redis)."
|
||||
value = aws_subnet.private[*].id
|
||||
}
|
||||
|
||||
output "public_subnet_ids" {
|
||||
description = "IDs of the public subnets (ALB)."
|
||||
value = aws_subnet.public[*].id
|
||||
}
|
||||
|
||||
output "cloudwatch_log_group" {
|
||||
description = "CloudWatch log group for ECS container logs."
|
||||
value = module.agentidp.aws_cloudwatch_log_group_name
|
||||
}
|
||||
|
||||
output "secrets_manager_database_url_arn" {
|
||||
description = "ARN of the Secrets Manager secret holding DATABASE_URL."
|
||||
value = aws_secretsmanager_secret.database_url.arn
|
||||
}
|
||||
|
||||
output "secrets_manager_redis_url_arn" {
|
||||
description = "ARN of the Secrets Manager secret holding REDIS_URL."
|
||||
value = aws_secretsmanager_secret.redis_url.arn
|
||||
}
|
||||
Reference in New Issue
Block a user