Add Terraform AWS infrastructure and enhanced CI/CD pipeline (FRE-4574)

- Terraform modules: VPC, ECS Fargate, RDS PostgreSQL, ElastiCache Redis, S3, Secrets Manager, CloudWatch - Multi-environment support: staging and production configs - ECS auto-scaling: CPU-based scaling with configurable min/max - CI/CD: pnpm caching, Docker Buildx, Trivy security scanning, Terraform plan on PR - Deploy: ECS service updates with automatic rollback on health check failure - Backup: automated RDS snapshots, S3 versioning, ElastiCache snapshots - Monitoring: CloudWatch dashboards, CPU/memory/5xx alarms - Rollback script for manual service rollback - Infrastructure documentation with architecture overview
2026-05-08 02:54:39 -04:00
parent baa216d62c
commit a0799c0647
19 changed files with 1902 additions and 45 deletions
--- a/infra/modules/elasticache/main.tf
+++ b/infra/modules/elasticache/main.tf
@@ -0,0 +1,80 @@
+variable "environment" {
+  description = "Deployment environment"
+  type        = string
+}
+
+variable "vpc_id" {
+  description = "VPC ID"
+  type        = string
+}
+
+variable "subnet_ids" {
+  description = "Private subnet IDs"
+  type        = list(string)
+}
+
+variable "security_group_id" {
+  description = "ElastiCache security group ID"
+  type        = string
+}
+
+variable "node_type" {
+  description = "Cache node type"
+  type        = string
+}
+
+variable "num_nodes" {
+  description = "Number of cache nodes"
+  type        = number
+}
+
+variable "project_name" {
+  description = "Project name"
+  type        = string
+}
+
+resource "aws_elasticache_subnet_group" "main" {
+  name       = "${var.project_name}-${var.environment}-redis-subnet"
+  subnet_ids = var.subnet_ids
+
+  tags = {
+    Name = "${var.project_name}-${var.environment}-redis-subnet"
+  }
+}
+
+resource "aws_elasticache_replication_group" "main" {
+  replication_group_id = "${var.project_name}-${var.environment}-redis"
+  description          = "${var.project_name} Redis cluster (${var.environment})"
+
+  node_type      = var.node_type
+  num_cache_clusters = var.num_nodes
+  engine         = "redis"
+  engine_version = "7.0"
+
+  transit_encryption_enabled = true
+  at_rest_encryption_enabled = true
+
+  port = 6379
+
+  subnet_group_name   = aws_elasticache_subnet_group.main.name
+  security_group_ids  = [var.security_group_id]
+
+  automatic_failover_enabled = var.environment == "production"
+
+  snapshot_retention_limit = var.environment == "production" ? 7 : 1
+  snapshot_window          = "03:00-04:00"
+
+  tags = {
+    Name = "${var.project_name}-${var.environment}-redis"
+  }
+}
+
+output "cache_endpoint" {
+  description = "ElastiCache primary endpoint"
+  value       = aws_elasticache_replication_group.main.primary_endpoint_address
+}
+
+output "reader_endpoint" {
+  description = "ElastiCache reader endpoint"
+  value       = aws_elasticache_replication_group.main.reader_endpoint_address
+}