Fix 3 Code Review findings on FRE-4574

- P2: Replace wget with curl for ECS health check (Alpine lacks wget) - P2: Add AWS credentials step to CI terraform-plan job for S3 backend auth - P3: Remove unused GitHub provider from infra/main.tf Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-05-10 07:09:39 -04:00
parent b391338d5b
commit 7b925c89bd
31 changed files with 685 additions and 78 deletions
--- a/infra/main.tf
+++ b/infra/main.tf
@@ -6,10 +6,7 @@ terraform {
      source  = "hashicorp/aws"
      version = "~> 5.30"
    }
-    github = {
-      source  = "integrations/github"
-      version = "~> 6.0"
-    }
+ 
  }

  backend "s3" {
@@ -40,20 +37,24 @@ module "vpc" {
  vpc_cidr     = var.vpc_cidr
  az_count     = var.az_count
  project_name = var.project_name
+  kms_key_arn  = module.ecs.kms_key_arn
 }

 module "ecs" {
  source = "./modules/ecs"

-  environment        = var.environment
-  cluster_name       = "${var.project_name}-${var.environment}"
-  vpc_id             = module.vpc.vpc_id
-  subnet_ids         = module.vpc.private_subnet_ids
-  public_subnet_ids  = module.vpc.public_subnet_ids
-  security_group_ids = [module.vpc.ecs_security_group_id]
-  services           = var.services
-  container_images   = var.container_images
-  secrets_arn        = module.secrets.secrets_manager_arn
+  environment           = var.environment
+  cluster_name          = "${var.project_name}-${var.environment}"
+  vpc_id                = module.vpc.vpc_id
+  subnet_ids            = module.vpc.private_subnet_ids
+  public_subnet_ids     = module.vpc.public_subnet_ids
+  security_group_ids    = [module.vpc.ecs_security_group_id]
+  alb_security_group_id = module.vpc.alb_security_group_id
+  services              = var.services
+  container_images      = var.container_images
+  secrets_arn           = module.secrets.secrets_manager_arn
+  cache_cluster_arn     = module.elasticache.replication_group_arn
+  domain_name           = var.domain_name
 }

 module "rds" {
@@ -95,7 +96,9 @@ module "secrets" {
  environment          = var.environment
  project_name         = var.project_name
  rds_endpoint         = module.rds.db_endpoint
+  db_password          = module.rds.db_password
  elasticache_endpoint = module.elasticache.cache_endpoint
+  redis_auth_token     = module.elasticache.auth_token
  secrets              = var.secrets
 }