Convert compose.tf to aws@emory
Closed this issue · 2 comments
SolomonHD commented
This is one of the longest files, it creates roles and attaches policies, creates security groups. Additionally this is home to various environment variables, some of which are for the rails app. Also there are local commands for the user running terraform to start the docker build in CodeBuild.
The roles in this file may need the same treatment as build.tf
Add extra environment variables for omniauth-saml integration
70-71, Remove SES from policy
125-127, Replace this with a set input, make SSH IP whitelisting into a variable that could have multiple inputs.
0.0.0.0/0 as default.
160 Change public to private subnet
194,241 Change public to private dns
198,245 Remove file call? May be better to have the cert not have to be it's own file, just a variable
221,231,233 Change references to public fqdn? Will private hosted domain name be enough here?
Or use variables to code the eventual .library.emory.edu address?
280 Change public ip to private ip
SolomonHD commented
Things I've done:
- Remove SES
- Change public to private ip
- Keep file call
Still needs to be done:
- Decouple the fqdn environment variables from aws_route53_record, create a local that calculates fqdn from tld and sld.
so most likely one variable input would=avreserves, another would = libraries.emory.edu in our case - Create a new variable with SSH Security Group whitelisting, defaulting to full internet.
SolomonHD commented
So I've modified alb to have a separate application fqdn from the internal hostname. The internal hostname may be able to be removed later on, I'm leaving it in there to ensure no problems. Each alb has two fqdns for both streaming and web.