6913d62648
AWS environment: - VPC (3-AZ, public + private subnets, NAT gateways, VPC endpoints for ECR/SM/CW) - ECS Fargate service (sentryagent/agentidp) — secrets from Secrets Manager - RDS PostgreSQL 14 (Multi-AZ, encrypted, VPC-internal, storage autoscaling) - ElastiCache Redis 7 (primary + replica, at-rest + in-transit encryption) - ALB with HTTPS/443, HTTP→HTTPS redirect, ACM certificate - Route 53 alias record GCP environment: - VPC + private services access + Serverless VPC connector - Cloud Run service — secrets from Secret Manager - Cloud SQL PostgreSQL 14 (private IP, no public endpoint) - Cloud Memorystore Redis 7 (VPC-internal, AUTH enabled) Shared: - 4 reusable modules: agentidp (dual AWS/GCP), rds, redis, lb - No hardcoded secrets; all sensitive vars marked sensitive=true - terraform.tfvars.example for both environments - docs/devops/deployment.md — AWS + GCP step-by-step walkthrough, rollback procedures Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
50 lines
1.5 KiB
HCL
50 lines
1.5 KiB
HCL
################################################################################
|
|
# Module: lb
|
|
# Outputs
|
|
################################################################################
|
|
|
|
output "alb_dns_name" {
|
|
description = "DNS name of the Application Load Balancer. Create a CNAME or alias record in Route 53 pointing your domain here."
|
|
value = aws_lb.main.dns_name
|
|
}
|
|
|
|
output "alb_zone_id" {
|
|
description = "Hosted zone ID of the ALB. Use with aws_route53_record alias records."
|
|
value = aws_lb.main.zone_id
|
|
}
|
|
|
|
output "alb_arn" {
|
|
description = "ARN of the Application Load Balancer."
|
|
value = aws_lb.main.arn
|
|
}
|
|
|
|
output "alb_arn_suffix" {
|
|
description = "ARN suffix of the ALB for use in CloudWatch metrics."
|
|
value = aws_lb.main.arn_suffix
|
|
}
|
|
|
|
output "target_group_arn" {
|
|
description = "ARN of the target group. Pass to the agentidp module as aws_target_group_arn."
|
|
value = aws_lb_target_group.app.arn
|
|
}
|
|
|
|
output "target_group_arn_suffix" {
|
|
description = "ARN suffix of the target group for use in CloudWatch metrics."
|
|
value = aws_lb_target_group.app.arn_suffix
|
|
}
|
|
|
|
output "https_listener_arn" {
|
|
description = "ARN of the HTTPS listener."
|
|
value = aws_lb_listener.https.arn
|
|
}
|
|
|
|
output "http_redirect_listener_arn" {
|
|
description = "ARN of the HTTP→HTTPS redirect listener."
|
|
value = aws_lb_listener.http_redirect.arn
|
|
}
|
|
|
|
output "alb_security_group_id" {
|
|
description = "Security group ID of the ALB. Add this as an allowed source in the app task security group."
|
|
value = aws_security_group.alb.id
|
|
}
|