feat(phase-2): workstream 8 — Multi-Region Terraform Deployment
AWS environment: - VPC (3-AZ, public + private subnets, NAT gateways, VPC endpoints for ECR/SM/CW) - ECS Fargate service (sentryagent/agentidp) — secrets from Secrets Manager - RDS PostgreSQL 14 (Multi-AZ, encrypted, VPC-internal, storage autoscaling) - ElastiCache Redis 7 (primary + replica, at-rest + in-transit encryption) - ALB with HTTPS/443, HTTP→HTTPS redirect, ACM certificate - Route 53 alias record GCP environment: - VPC + private services access + Serverless VPC connector - Cloud Run service — secrets from Secret Manager - Cloud SQL PostgreSQL 14 (private IP, no public endpoint) - Cloud Memorystore Redis 7 (VPC-internal, AUTH enabled) Shared: - 4 reusable modules: agentidp (dual AWS/GCP), rds, redis, lb - No hardcoded secrets; all sensitive vars marked sensitive=true - terraform.tfvars.example for both environments - docs/devops/deployment.md — AWS + GCP step-by-step walkthrough, rollback procedures Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
SentryAgent.ai Developer
64
terraform/environments/gcp/outputs.tf
Normal file
64
terraform/environments/gcp/outputs.tf
Normal file
@@ -0,0 +1,64 @@
|
||||
################################################################################
|
||||
# Environment: gcp
|
||||
# Outputs
|
||||
################################################################################
|
||||
|
||||
output "service_url" {
|
||||
description = "Public HTTPS URL of the AgentIdP Cloud Run service (Google-managed TLS)."
|
||||
value = module.agentidp.gcp_cloud_run_service_url
|
||||
}
|
||||
|
||||
output "cloud_run_service_name" {
|
||||
description = "Name of the Cloud Run service."
|
||||
value = module.agentidp.gcp_cloud_run_service_name
|
||||
}
|
||||
|
||||
output "cloud_run_service_id" {
|
||||
description = "Full resource ID of the Cloud Run service."
|
||||
value = module.agentidp.gcp_cloud_run_service_id
|
||||
}
|
||||
|
||||
output "cloud_sql_instance_name" {
|
||||
description = "Cloud SQL instance name."
|
||||
value = google_sql_database_instance.main.name
|
||||
}
|
||||
|
||||
output "cloud_sql_private_ip" {
|
||||
description = "Private IP address of the Cloud SQL instance."
|
||||
value = google_sql_database_instance.main.private_ip_address
|
||||
}
|
||||
|
||||
output "cloud_sql_connection_name" {
|
||||
description = "Cloud SQL instance connection name (project:region:name) for Cloud SQL Proxy."
|
||||
value = google_sql_database_instance.main.connection_name
|
||||
}
|
||||
|
||||
output "memorystore_host" {
|
||||
description = "IP address of the Memorystore Redis primary endpoint."
|
||||
value = google_redis_instance.main.host
|
||||
}
|
||||
|
||||
output "memorystore_port" {
|
||||
description = "Port of the Memorystore Redis instance."
|
||||
value = google_redis_instance.main.port
|
||||
}
|
||||
|
||||
output "memorystore_id" {
|
||||
description = "Fully-qualified resource ID of the Memorystore Redis instance."
|
||||
value = google_redis_instance.main.id
|
||||
}
|
||||
|
||||
output "vpc_network_name" {
|
||||
description = "Name of the VPC network created for this deployment."
|
||||
value = google_compute_network.main.name
|
||||
}
|
||||
|
||||
output "vpc_connector_name" {
|
||||
description = "Serverless VPC Access connector name used by Cloud Run."
|
||||
value = google_vpc_access_connector.main.name
|
||||
}
|
||||
|
||||
output "cloud_run_service_account_email" {
|
||||
description = "Email of the service account attached to the Cloud Run service."
|
||||
value = google_service_account.cloud_run.email
|
||||
}
|
||||
Reference in New Issue
Block a user