6913d62648
AWS environment: - VPC (3-AZ, public + private subnets, NAT gateways, VPC endpoints for ECR/SM/CW) - ECS Fargate service (sentryagent/agentidp) — secrets from Secrets Manager - RDS PostgreSQL 14 (Multi-AZ, encrypted, VPC-internal, storage autoscaling) - ElastiCache Redis 7 (primary + replica, at-rest + in-transit encryption) - ALB with HTTPS/443, HTTP→HTTPS redirect, ACM certificate - Route 53 alias record GCP environment: - VPC + private services access + Serverless VPC connector - Cloud Run service — secrets from Secret Manager - Cloud SQL PostgreSQL 14 (private IP, no public endpoint) - Cloud Memorystore Redis 7 (VPC-internal, AUTH enabled) Shared: - 4 reusable modules: agentidp (dual AWS/GCP), rds, redis, lb - No hardcoded secrets; all sensitive vars marked sensitive=true - terraform.tfvars.example for both environments - docs/devops/deployment.md — AWS + GCP step-by-step walkthrough, rollback procedures Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
56 lines
2.6 KiB
HCL
56 lines
2.6 KiB
HCL
################################################################################
|
|
# Module: agentidp
|
|
# Outputs
|
|
################################################################################
|
|
|
|
# ── AWS Outputs ──────────────────────────────────────────────────────────────
|
|
|
|
output "aws_ecs_cluster_arn" {
|
|
description = "ARN of the ECS cluster hosting the AgentIdP service."
|
|
value = var.provider_type == "aws" ? aws_ecs_cluster.main[0].arn : null
|
|
}
|
|
|
|
output "aws_ecs_service_name" {
|
|
description = "Name of the ECS Fargate service."
|
|
value = var.provider_type == "aws" ? aws_ecs_service.app[0].name : null
|
|
}
|
|
|
|
output "aws_ecs_task_definition_arn" {
|
|
description = "ARN of the active ECS task definition revision."
|
|
value = var.provider_type == "aws" ? aws_ecs_task_definition.app[0].arn : null
|
|
}
|
|
|
|
output "aws_app_security_group_id" {
|
|
description = "Security group ID attached to the ECS tasks. Use this to add ingress rules from the ALB."
|
|
value = var.provider_type == "aws" ? aws_security_group.app[0].id : null
|
|
}
|
|
|
|
output "aws_cloudwatch_log_group_name" {
|
|
description = "CloudWatch log group name for ECS container logs."
|
|
value = var.provider_type == "aws" ? aws_cloudwatch_log_group.app[0].name : null
|
|
}
|
|
|
|
# ── GCP Outputs ──────────────────────────────────────────────────────────────
|
|
|
|
output "gcp_cloud_run_service_name" {
|
|
description = "Name of the Cloud Run service."
|
|
value = var.provider_type == "gcp" ? google_cloud_run_v2_service.app[0].name : null
|
|
}
|
|
|
|
output "gcp_cloud_run_service_url" {
|
|
description = "Publicly accessible HTTPS URL of the Cloud Run service (Google-managed TLS)."
|
|
value = var.provider_type == "gcp" ? google_cloud_run_v2_service.app[0].uri : null
|
|
}
|
|
|
|
output "gcp_cloud_run_service_id" {
|
|
description = "Full resource ID of the Cloud Run service."
|
|
value = var.provider_type == "gcp" ? google_cloud_run_v2_service.app[0].id : null
|
|
}
|
|
|
|
# ── Unified Outputs ───────────────────────────────────────────────────────────
|
|
|
|
output "service_url" {
|
|
description = "Publicly accessible service URL. Populated for GCP (Cloud Run native URL). For AWS use the ALB DNS name from the lb module."
|
|
value = var.provider_type == "gcp" ? google_cloud_run_v2_service.app[0].uri : null
|
|
}
|