Merge branch 'feat/deployment' of github.com:EchoSkorJjj/IS213-Educat…

…ion-Helper into feat/deployment

.github/workflows/dockerhub-image-pusher.yml

@@ -3,7 +3,6 @@ on:
   push:
     branches:
       - main
-      - feat/deployment
 
 env:
   DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}

backend/kong-gateway/kong.yml

@@ -127,6 +127,7 @@ plugins:
       origins:
         - "http://localhost:3001"
         - "https://localhost:3001"
+        - "https://eduhelper.info"
       methods:
         - HEAD
         - GET

terraform/modules/alb/alb.tf

@@ -3,13 +3,13 @@ variable "alb_acm_certificate_arn" {}
 
 // TODO: update each time ALB is recreated
 
-resource "aws_route53_record" "alb_alias" {
-  zone_id = var.app_domain_zone_id
-  name    = "alb.itsag2t2.com"
-  type    = "A"
-  alias {
-    name                   = "k8s-itsag2t2-k8salb-5258e4088d-1415904993.ap-southeast-1.elb.amazonaws.com"
-    zone_id                = "Z1LMS91P8CMLE5"
-    evaluate_target_health = true
-  }
-}
+# resource "aws_route53_record" "alb_alias" {
+#   zone_id = var.app_domain_zone_id
+#   name    = "alb.eduhelper.info"
+#   type    = "A"
+#   alias {
+#     name                   = "k8s-itsag2t2-k8salb-5258e4088d-1415904993.ap-southeast-1.elb.amazonaws.com"
+#     zone_id                = "Z1LMS91P8CMLE5"
+#     evaluate_target_health = true
+#   }
+# }

terraform/modules/cloudfront/cloudfront.tf

@@ -37,7 +37,7 @@ resource "aws_cloudfront_distribution" "cf_distribution" {
 
   origin {
     # TODO: Need to change domain name
-    domain_name = "alb.itsag2t2.com"
+    domain_name = "alb.eduhelper.info"
     origin_id   = "eks-alb"
 
     custom_origin_config {

terraform/modules/eks-node-group/eks-node-group.tf

@@ -148,7 +148,7 @@ resource "aws_eks_node_group" "eks_node_group" {
   subnet_ids      = [var.eks_private_subnet_1_id, var.eks_private_subnet_2_id]
 
  scaling_config {
-    desired_size = 4
+    desired_size = 2
     max_size     = 6  
     min_size     = 1 
   }

terraform/modules/eks/eks.tf

@@ -44,7 +44,7 @@ resource "aws_eks_cluster" "eks_cluster_services" {
   vpc_config {
     subnet_ids = [var.eks_private_subnet_1_id, var.eks_private_subnet_2_id]
     endpoint_private_access = true
-    endpoint_public_access  = false
+    endpoint_public_access  = true
   }
 
   # Ensure that IAM Role permissions are created before and deleted after EKS Cluster handling.

terraform/modules/elasticache-redis/elasticache-redis.tf

@@ -20,8 +20,7 @@ data "aws_secretsmanager_secret_version" "current_elasticache_credentials" {
 
 resource "aws_elasticache_subnet_group" "redis_subnet_group" {
   name       = "${var.project_name}-redis-subnet-group-${var.environment}"
-  # subnet_ids = [var.database_private_subnet_1_id, var.database_private_subnet_2_id]
-  subnet_ids = [var.database_private_subnet_1_id]
+  subnet_ids = [var.database_private_subnet_1_id, var.database_private_subnet_2_id]
 
   tags = {
     Name        = "${var.project_name}-redis-subnet-group-${var.environment}"
@@ -69,7 +68,7 @@ resource "aws_security_group" "redis_sg" {
     from_port = 6379
     to_port   = 6379
     protocol  = "tcp"
-    security_groups = [ "sg-0287d0f475a97bc39" ]
+    security_groups = [ "sg-0c5678e4b9c677010" ]
   }
 
   egress {

terraform/modules/elasticache-redis/output.tf

@@ -2,15 +2,15 @@ output "redis_cluster_replication_group_arn" {
   value = aws_elasticache_replication_group.redis_cluster_replication_group.arn
 }
 
-output "redis_cluster_replication_group_configuration_endpoint_address" {
-  value = aws_elasticache_replication_group.redis_cluster_replication_group.configuration_endpoint_address
-}
+# output "redis_cluster_replication_group_configuration_endpoint_address" {
+#   value = aws_elasticache_replication_group.redis_cluster_replication_group.configuration_endpoint_address
+# }
 
 # Only if Cluster mode is disabled
-# output "redis_cluster_replication_group_primary_endpoint_address" {
-#   value = aws_elasticache_replication_group.redis_cluster_replication_group.primary_endpoint_address
-# }
+output "redis_cluster_replication_group_primary_endpoint_address" {
+  value = aws_elasticache_replication_group.redis_cluster_replication_group.primary_endpoint_address
+}
 
-# output "redis_cluster_replication_group_reader_endpoint_address" {
-#   value = aws_elasticache_replication_group.redis_cluster_replication_group.reader_endpoint_address
-# }
+output "redis_cluster_replication_group_reader_endpoint_address" {
+  value = aws_elasticache_replication_group.redis_cluster_replication_group.reader_endpoint_address
+}

terraform/modules/main.tf

@@ -167,6 +167,20 @@ module "alb" {
   depends_on = [ module.eks, module.acm.alb_certificate_validation ]
 }
 
+module "mq" {
+  source = "./mq"
+
+  project_name = var.project_name
+  environment = var.environment
+
+  aws_vpc_id  = module.vpc.aws_vpc_id
+
+  eks_cluster_security_group_id = module.eks.eks_cluster_security_group_id
+
+  eks_private_subnet_1_id = module.vpc.eks_private_subnet_1_id
+  eks_private_subnet_2_id = module.vpc.eks_private_subnet_2_id
+}
+
 module "elasticache-redis" {
   source = "./elasticache-redis"
 
@@ -183,8 +197,8 @@ module "elasticache-redis" {
   app_domain_zone_id = module.route53.aws_route53_zone_id
 }
 
-module "aurora-postgresql" {
-  source = "./aurora-postgresql"
+module "rds-postgresql" {
+  source = "./rds-postgresql"
 
   project_name = var.project_name
   environment = var.environment
@@ -196,8 +210,5 @@ module "aurora-postgresql" {
   database_private_subnet_1_id = module.vpc.database_private_subnet_1_id
   database_private_subnet_2_id = module.vpc.database_private_subnet_2_id
 
-  availability_zone_1 = data.aws_availability_zones.available.names[0]
-  availability_zone_2 = data.aws_availability_zones.available.names[1]
-
   app_domain_zone_id = module.route53.aws_route53_zone_id
-}
+} 

terraform/modules/mq/mq.tf

@@ -0,0 +1,52 @@
+variable "aws_vpc_id" {}
+
+variable "project_name" {}
+variable "environment" {}
+
+variable "eks_private_subnet_1_id" {}
+variable "eks_private_subnet_2_id" {}
+
+variable "eks_cluster_security_group_id" {}
+
+data "aws_secretsmanager_secret" "mq_credentials" {
+  name = "mq_credentials"
+}
+
+data "aws_secretsmanager_secret_version" "current_mq_credentials" {
+  secret_id = data.aws_secretsmanager_secret.mq_credentials.id
+}
+
+resource "aws_security_group" "sg" {
+  vpc_id = var.aws_vpc_id
+
+  ingress {
+    description = "Allow MQ traffic"
+    from_port   = 5672
+    to_port     = 5672
+    protocol    = "tcp"
+    security_groups = [ var.eks_cluster_security_group_id ]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_mq_broker" "mq" {
+  broker_name = "${var.project_name}-mq-${var.environment}"
+
+  engine_type        = "RabbitMQ"
+  engine_version     = "3.11.28"
+  host_instance_type = "mq.m5.large"
+  security_groups    = [aws_security_group.sg.id]
+  deployment_mode    = "CLUSTER_MULTI_AZ"
+  subnet_ids         = [ var.eks_private_subnet_1_id, var.eks_private_subnet_2_id ]
+
+  user {
+    username             = jsondecode(data.aws_secretsmanager_secret_version.current_mq_credentials.secret_string)["mq_username"]
+    password             = jsondecode(data.aws_secretsmanager_secret_version.current_mq_credentials.secret_string)["mq_password"]
+  }
+}

terraform/modules/mq/output.tf

@@ -0,0 +1,3 @@
+output "mq_instances" {
+    value = aws_mq_broker.mq.instances
+}