From 3eaeb4280a40ae93b6d842e7fba93564a60db494 Mon Sep 17 00:00:00 2001
From: Ronaldo Macapobre <rmacapob@gov.bc.ca>
Date: Wed, 7 Aug 2024 22:07:03 +0000
Subject: [PATCH] - Create and attach new SG - Renamed cloudwatch ecs web log
 group

---
 infrastructure/cloud/modules/container/ecs.tf | 10 ++--
 .../cloud/modules/container/variables.tf      |  4 +-
 .../cloud/modules/monitoring/logs.tf          |  5 +-
 .../cloud/modules/monitoring/outputs.tf       |  4 +-
 .../cloud/modules/networking/alb.tf           |  4 +-
 .../cloud/modules/networking/outputs.tf       |  2 +-
 .../cloud/modules/networking/securitygroup.tf | 52 ++++++++++++++++++-
 .../cloud/modules/networking/vpc.tf           | 38 +++++++-------
 8 files changed, 83 insertions(+), 36 deletions(-)

diff --git a/infrastructure/cloud/modules/container/ecs.tf b/infrastructure/cloud/modules/container/ecs.tf
index dd7ab894..afd53971 100644
--- a/infrastructure/cloud/modules/container/ecs.tf
+++ b/infrastructure/cloud/modules/container/ecs.tf
@@ -24,13 +24,13 @@ resource "aws_ecs_task_definition" "ecs_web_task_definition" {
         {
           containerPort = 8080
         }
-      ],
+      ]
       logConfiguration = {
-        logDriver = "awslogs",
+        logDriver = "awslogs"
         options = {
-          awslogs-group         = var.ecs_web_log_group_name,
-          awslogs-region        = var.region,
-          awslogs-stream-prefix = "ecs"
+          "awslogs-group"         = var.ecs_web_td_log_group_name
+          "awslogs-region"        = var.region
+          "awslogs-stream-prefix" = "ecs"
         }
       }
     }
diff --git a/infrastructure/cloud/modules/container/variables.tf b/infrastructure/cloud/modules/container/variables.tf
index c846fc30..8ecce735 100644
--- a/infrastructure/cloud/modules/container/variables.tf
+++ b/infrastructure/cloud/modules/container/variables.tf
@@ -33,7 +33,7 @@ variable "lb_tg_arn" {
   type        = string
 }
 
-variable "ecs_web_log_group_name" {
-  description = "ECS Web Log Group Name in CloudWatch"
+variable "ecs_web_td_log_group_name" {
+  description = "ECS Web Task Definition Log Group Name in CloudWatch"
   type        = string
 }
diff --git a/infrastructure/cloud/modules/monitoring/logs.tf b/infrastructure/cloud/modules/monitoring/logs.tf
index f57c3359..37b40ae1 100644
--- a/infrastructure/cloud/modules/monitoring/logs.tf
+++ b/infrastructure/cloud/modules/monitoring/logs.tf
@@ -1,4 +1,3 @@
-resource "aws_cloudwatch_log_group" "ecs_web_log_group" {
-  name              = "${var.app_name}-ecs-web-log-group-${var.environment}"
-  retention_in_days = 30
+resource "aws_cloudwatch_log_group" "ecs_web_td_log_group" {
+  name = "${var.app_name}-ecs-web-td-log-group-${var.environment}"
 }
diff --git a/infrastructure/cloud/modules/monitoring/outputs.tf b/infrastructure/cloud/modules/monitoring/outputs.tf
index c35f6515..9a3980de 100644
--- a/infrastructure/cloud/modules/monitoring/outputs.tf
+++ b/infrastructure/cloud/modules/monitoring/outputs.tf
@@ -1,3 +1,3 @@
-output "ecs_web_log_group_name" {
-  value = aws_cloudwatch_log_group.ecs_web_log_group.name
+output "ecs_web_td_log_group_name" {
+  value = aws_cloudwatch_log_group.ecs_web_td_log_group.name
 }
diff --git a/infrastructure/cloud/modules/networking/alb.tf b/infrastructure/cloud/modules/networking/alb.tf
index 6d7b03ed..315fe53b 100644
--- a/infrastructure/cloud/modules/networking/alb.tf
+++ b/infrastructure/cloud/modules/networking/alb.tf
@@ -1,8 +1,8 @@
 resource "aws_lb" "lb" {
   name               = "${var.app_name}-lb-${var.environment}"
   subnets            = local.web_subnets
-  security_groups    = [data.aws_security_group.sg.id]
-  internal           = false
+  security_groups    = [aws_security_group.sg.id]
+  internal           = true
   load_balancer_type = "application"
   enable_http2       = true
 
diff --git a/infrastructure/cloud/modules/networking/outputs.tf b/infrastructure/cloud/modules/networking/outputs.tf
index 6b86a8d2..08eb11ff 100644
--- a/infrastructure/cloud/modules/networking/outputs.tf
+++ b/infrastructure/cloud/modules/networking/outputs.tf
@@ -1,5 +1,5 @@
 output "sg_id" {
-  value = data.aws_security_group.sg.id
+  value = aws_security_group.sg.id
 }
 
 output "lb_tg_arn" {
diff --git a/infrastructure/cloud/modules/networking/securitygroup.tf b/infrastructure/cloud/modules/networking/securitygroup.tf
index a1d91ce9..87c9ea85 100644
--- a/infrastructure/cloud/modules/networking/securitygroup.tf
+++ b/infrastructure/cloud/modules/networking/securitygroup.tf
@@ -1,4 +1,52 @@
-data "aws_security_group" "sg" {
+# Load Balancer Security Group	
+resource "aws_security_group" "sg" {
+  name   = "${var.app_name}-lb-sg-${var.environment}"
   vpc_id = data.aws_vpc.vpc.id
-  name   = "Web_sg"
+
+  ingress {
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  ingress {
+    from_port   = 8080
+    to_port     = 8080
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  tags = {
+    Name = "${var.app_name}_sg_${var.environment}"
+  }
+}
+
+
+# ECS Security Group	
+resource "aws_security_group" "ecs_sg" {
+  name   = "${var.app_name}-ecs-sg-${var.environment}"
+  vpc_id = data.aws_vpc.vpc.id
+
+  ingress {
+    from_port       = 8080
+    to_port         = 8080
+    protocol        = "tcp"
+    cidr_blocks     = null
+    security_groups = [aws_security_group.sg.id]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
 }
diff --git a/infrastructure/cloud/modules/networking/vpc.tf b/infrastructure/cloud/modules/networking/vpc.tf
index a4f93950..5341afa9 100644
--- a/infrastructure/cloud/modules/networking/vpc.tf
+++ b/infrastructure/cloud/modules/networking/vpc.tf
@@ -44,25 +44,25 @@ locals {
   # }
 }
 
-resource "aws_internet_gateway" "igw" {
-  vpc_id = data.aws_vpc.vpc.id
-  tags = {
-    Name = "${var.app_name}_igw_${var.environment}"
-  }
-}
+# resource "aws_internet_gateway" "igw" {
+#   vpc_id = data.aws_vpc.vpc.id
+#   tags = {
+#     Name = "${var.app_name}_igw_${var.environment}"
+#   }
+# }
 
-resource "aws_route_table" "rt" {
-  vpc_id = data.aws_vpc.vpc.id
-}
+# resource "aws_route_table" "rt" {
+#   vpc_id = data.aws_vpc.vpc.id
+# }
 
-resource "aws_route" "route" {
-  route_table_id         = aws_route_table.rt.id
-  destination_cidr_block = "0.0.0.0/0"
-  gateway_id             = aws_internet_gateway.igw.id
-}
+# resource "aws_route" "route" {
+#   route_table_id         = aws_route_table.rt.id
+#   destination_cidr_block = "0.0.0.0/0"
+#   gateway_id             = aws_internet_gateway.igw.id
+# }
 
-resource "aws_route_table_association" "rt_assoc" {
-  count          = length(var.web_subnet_names)
-  subnet_id      = local.web_subnets[count.index]
-  route_table_id = aws_route_table.rt.id
-}
+# resource "aws_route_table_association" "rt_assoc" {
+#   count          = length(var.web_subnet_names)
+#   subnet_id      = local.web_subnets[count.index]
+#   route_table_id = aws_route_table.rt.id
+# }