Merge pull request #22 from davidsilva/feature/frontend-to-https

Switch frontend to HTTPS

Author: davidsilva

backend/src/app.ts

@@ -18,7 +18,7 @@ let corsOrigin: string;
 if (process.env['NODE_ENV'] === 'local') {
   corsOrigin = 'http://localhost:4200';
 } else {
-  corsOrigin = 'http://dev.interviewprep.onyxdevtutorials.com';
+  corsOrigin = 'https://dev.interviewprep.onyxdevtutorials.com';
 }
 
 const corsOptions = {

terraform/environments/development/main.tf

@@ -152,6 +152,9 @@ module "load_balancer" {
   vpc_id = module.vpc.vpc_id
   frontend_health_check_path = "/health"
   backend_health_check_path = "/health"
+  frontend_domain_name = "dev.interviewprep.onyxdevtutorials.com"
+  zone_id = aws_route53_zone.onyxdevtutorials_com.zone_id
+  frontend_cert_arn = module.dns.frontend_cert_arn
 }
 
 module "dns" {
@@ -163,6 +166,7 @@ module "dns" {
   lb_zone_id = module.load_balancer.lb_zone_id
   custom_domain_name = module.api_gateway.custom_domain_name
   custom_domain_zone_id = module.api_gateway.custom_domain_zone_id
+  environment = var.environment
 }
 
 module "api_gateway" {
@@ -172,5 +176,5 @@ module "api_gateway" {
   lb_dns_name = module.load_balancer.lb_dns_name
   region = var.region
   certificate_arn = var.certificate_arn
-  cors_origin = "http://dev.interviewprep.onyxdevtutorials.com"
+  cors_origin = "https://dev.interviewprep.onyxdevtutorials.com"
 }

terraform/environments/development/outputs.tf

@@ -137,3 +137,8 @@ output "backend_target_group_arn" {
     description = "The ARN of the backend target group"
     value = module.load_balancer.backend_target_group_arn
 }
+
+output "frontend_cert_arn" {
+    description = "The ARN of the frontend certificate"
+    value = module.dns.frontend_cert_arn
+}

terraform/modules/dns/main.tf

@@ -20,4 +20,40 @@ resource "aws_route53_record" "backend" {
     zone_id = var.custom_domain_zone_id
     evaluate_target_health = false
   }
-}
+}
+
+resource "aws_acm_certificate" "frontend_cert" {
+  domain_name       = var.frontend_record_name
+  validation_method = "DNS"
+
+  tags = {
+    Name        = "${var.environment}-frontend-cert"
+    Environment = var.environment
+  }
+}
+
+resource "aws_route53_record" "frontend_cert_validation" {
+  for_each = {
+    for dvo in aws_acm_certificate.frontend_cert.domain_validation_options : dvo.domain_name => {
+      name         = dvo.resource_record_name
+      type        = dvo.resource_record_type
+      record  = dvo.resource_record_value
+    }
+  }
+
+  zone_id = var.zone_id
+  name = each.value.name
+  type = each.value.type
+  records = [each.value.record]
+  ttl = 60
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_acm_certificate_validation" "frontend_cert_validation" {
+  certificate_arn         = aws_acm_certificate.frontend_cert.arn
+  validation_record_fqdns = [for record in aws_route53_record.frontend_cert_validation : record.fqdn]
+}
+

terraform/modules/dns/outputs.tf

@@ -6,4 +6,9 @@ output "frontend_record_name" {
 output "backend_record_name" {
   description = "The DNS record name for the backend service"
   value       = aws_route53_record.backend.name
+}
+
+output "frontend_cert_arn" {
+  description = "The ARN of the frontend certificate"
+  value       = aws_acm_certificate.frontend_cert.arn
 }

terraform/modules/dns/variables.tf

@@ -1,3 +1,8 @@
+variable "environment" {
+    description = "The environment in which the resources are being created"
+    type        = string
+}
+
 variable "zone_id" {
     description = "The ID of the Route 53 hosted zone"
     type        = string
@@ -31,4 +36,4 @@ variable "custom_domain_name" {
 variable "custom_domain_zone_id" {
     description = "The custom domain zone ID for api"
     type        = string
-}
+}

terraform/modules/load_balancer/main.tf

@@ -59,14 +59,31 @@ resource "aws_lb_target_group" "backend" {
   }
 }
 
+resource "aws_lb_listener" "https_frontend" {
+  load_balancer_arn = aws_lb.this.arn
+  port              = 443
+  protocol          = "HTTPS"
+  ssl_policy        = "ELBSecurityPolicy-2016-08"
+  certificate_arn   = var.frontend_cert_arn
+
+  default_action {
+    type             = "forward"
+    target_group_arn = aws_lb_target_group.frontend.arn
+  }
+}
+
 resource "aws_lb_listener" "http_frontend" {
   load_balancer_arn = aws_lb.this.arn
   port              = 80
   protocol          = "HTTP"
 
   default_action {
-    type             = "forward"
-    target_group_arn = aws_lb_target_group.frontend.arn # Refer to the ECS module to see how the target group ARN is passed to the ECS service.
+    type             = "redirect"
+    redirect {
+      port        = "443"
+      protocol    = "HTTPS"
+      status_code = "HTTP_301"
+    }
   }
 }
 

terraform/modules/load_balancer/variables.tf

@@ -29,3 +29,18 @@ variable "backend_health_check_path" {
     type        = string
     default     = "/"
 }
+
+variable "frontend_domain_name" {
+    description = "The domain name for the frontend"
+    type        = string
+}
+
+variable "zone_id" {
+    description = "The Route 53 zone ID for the domain"
+    type        = string
+}
+
+variable "frontend_cert_arn" {
+    description = "The ARN of the certificate for the frontend"
+    type        = string
+}