Add explanatory comments

davidsilva · davidsilva · commit 90c8c67c8ff8 · 2025-03-03T01:47:09.000Z
diff --git a/terraform/modules/dns/main.tf b/terraform/modules/dns/main.tf
@@ -22,6 +22,7 @@ resource "aws_route53_record" "backend" {
   }
 }
 
+# Request an SSL certificate for the frontend domain using AWS Certificate Manager (ACM)
 resource "aws_acm_certificate" "frontend_cert" {
   domain_name       = var.frontend_record_name
   validation_method = "DNS"
@@ -32,7 +33,9 @@ resource "aws_acm_certificate" "frontend_cert" {
   }
 }
 
+# Create DNS validation records for the SSL certificate
 resource "aws_route53_record" "frontend_cert_validation" {
+  # Iterate over the domain validation options for the ACM certificate for the frontend domain. The result is then accessible via the `each` object.
   for_each = {
     for dvo in aws_acm_certificate.frontend_cert.domain_validation_options : dvo.domain_name => {
       name         = dvo.resource_record_name
@@ -52,6 +55,8 @@ resource "aws_route53_record" "frontend_cert_validation" {
   }
 }
 
+# Validate the SSL certificate using the DNS records created above
+# fqdn: Fully Qualified Domain Name, i.e., dev.interviewprep.onyxdevtutorials.com
 resource "aws_acm_certificate_validation" "frontend_cert_validation" {
   certificate_arn         = aws_acm_certificate.frontend_cert.arn
   validation_record_fqdns = [for record in aws_route53_record.frontend_cert_validation : record.fqdn]
diff --git a/terraform/modules/load_balancer/main.tf b/terraform/modules/load_balancer/main.tf
@@ -1,3 +1,4 @@
+# Create an Application Load Balancer (ALB) to route incoming traffic to the frontend and backend services.
 resource "aws_lb" "this" {
   name               = "${var.environment}-interview-prep-lb"
   internal           = false # Set to false to create an internet-facing load balancer
@@ -63,8 +64,9 @@ resource "aws_lb_listener" "https_frontend" {
   load_balancer_arn = aws_lb.this.arn
   port              = 443
   protocol          = "HTTPS"
+  # ELBSecurityPolicy-2016-08 is a security policy that includes a set of SSL/TLS protocols and ciphers that are considered secure as of August 2016. It is designed to provide a balance between compatibility with older clients and security.
   ssl_policy        = "ELBSecurityPolicy-2016-08"
-  certificate_arn   = var.frontend_cert_arn
+  certificate_arn   = var.frontend_cert_arn # Refer to the DNS module to see how the certificate ARN is passed to the load balancer.
 
   default_action {
     type             = "forward"

Original file line number	Diff line number	Diff line change
`@@ -22,6 +22,7 @@ resource "aws_route53_record" "backend" {`
`22`	`22`	`}`
`23`	`23`	`}`
`24`	`24`
	`25`	`+# Request an SSL certificate for the frontend domain using AWS Certificate Manager (ACM)`
`25`	`26`	`resource "aws_acm_certificate" "frontend_cert" {`
`26`	`27`	`domain_name = var.frontend_record_name`
`27`	`28`	`validation_method = "DNS"`
`@@ -32,7 +33,9 @@ resource "aws_acm_certificate" "frontend_cert" {`
`32`	`33`	`}`
`33`	`34`	`}`
`34`	`35`
	`36`	`+# Create DNS validation records for the SSL certificate`
`35`	`37`	`resource "aws_route53_record" "frontend_cert_validation" {`
	`38`	+ # Iterate over the domain validation options for the ACM certificate for the frontend domain. The result is then accessible via the `each` object.
`36`	`39`	`for_each = {`
`37`	`40`	`for dvo in aws_acm_certificate.frontend_cert.domain_validation_options : dvo.domain_name => {`
`38`	`41`	`name = dvo.resource_record_name`
`@@ -52,6 +55,8 @@ resource "aws_route53_record" "frontend_cert_validation" {`
`52`	`55`	`}`
`53`	`56`	`}`
`54`	`57`
	`58`	`+# Validate the SSL certificate using the DNS records created above`
	`59`	`+# fqdn: Fully Qualified Domain Name, i.e., dev.interviewprep.onyxdevtutorials.com`
`55`	`60`	`resource "aws_acm_certificate_validation" "frontend_cert_validation" {`
`56`	`61`	`certificate_arn = aws_acm_certificate.frontend_cert.arn`
`57`	`62`	`validation_record_fqdns = [for record in aws_route53_record.frontend_cert_validation : record.fqdn]`