String-xyz · saito-sv · Jan 10, 2023 · Jan 10, 2023
diff --git a/infra/internal/prod/.terraform.lock.hcl b/infra/internal/prod/.terraform.lock.hcl
diff --git a/infra/internal/prod/alb.tf b/infra/internal/prod/alb.tf
@@ -1,10 +1,10 @@
 module "alb_acm" {
   source            = "../../acm"
-  domain_name       = "admin.${local.root_domain}"
+  domain_name       = local.root_domain
   aws_region        = "us-west-2"
   zone_id           = data.aws_route53_zone.root.zone_id
   tags = {
-    Name = "admin-${local.root_domain}-alb"
+    Name = "${local.root_domain}-alb"
   }
 }
 
@@ -13,7 +13,7 @@ resource "aws_alb" "alb" {
   internal                   = true
   drop_invalid_header_fields = true
   security_groups            = [aws_security_group.ecs_alb_https_sg.id]
-  subnets                    = data.terraform_remote_state.vpc.outputs.public_subnets
+  subnets                    = data.terraform_remote_state.vpc.outputs.private_subnets
 
   tags = {
     Name = "${local.service_name}-alb"
@@ -77,7 +77,7 @@ resource "aws_alb_listener_rule" "ecs_alb_listener_rule" {
 
   condition {
     host_header {
-      values = ["admin.${local.root_domain}"]
+      values = [local.root_domain]
     }
   }
 }

diff --git a/infra/internal/prod/domain.tf b/infra/internal/prod/domain.tf
@@ -3,7 +3,7 @@ data "aws_route53_zone" "root" {
 }
 
 resource "aws_route53_record" "domain" {
-  name = "admin.${local.root_domain}"
+  name = local.root_domain
   type    = "A"
   zone_id = data.aws_route53_zone.root.zone_id
   alias {

diff --git a/infra/internal/prod/ecs.tf b/infra/internal/prod/ecs.tf
@@ -15,7 +15,7 @@ resource "aws_ecs_task_definition" "task_definition" {
 
 resource "aws_ecr_repository" "repo" {
   name                 = local.service_name
-  image_tag_mutability = "MUTABLE"
+  image_tag_mutability = "IMMUTABLE"
 
   image_scanning_configuration {
     scan_on_push = true

diff --git a/infra/internal/prod/security_group.tf b/infra/internal/prod/security_group.tf
@@ -56,7 +56,7 @@ resource "aws_security_group" "ecs_task_sg" {
 
 # Give access to DB through Security group rule
 data "aws_security_group" "rds" {
-  name   = "${local.env}-string-write-master-client-rds"
+  name   = "pg-cluster-20221103192516479600000004"
   vpc_id = data.terraform_remote_state.vpc.outputs.id
 }
 
@@ -81,4 +81,4 @@ resource "aws_security_group_rule" "redis_to_ecs" {
   to_port                  = local.redis_port
   source_security_group_id = aws_security_group.ecs_task_sg.id
   security_group_id        = data.aws_security_group.redis.id
-}
+}
diff --git a/infra/internal/prod/ssm.tf b/infra/internal/prod/ssm.tf
@@ -3,27 +3,27 @@ data "aws_ssm_parameter" "datadog" {
 }
 
 data "aws_ssm_parameter" "db_password" {
-  name = "string-rds-pg-db-password"
+  name = "string-pg-db-password"
 }
 
 data "aws_ssm_parameter" "db_username" {
-  name = "string-rds-pg-db-username"
+  name = "string-pg-db-username"
 }
 
 data "aws_ssm_parameter" "db_name" {
-  name = "string-rds-pg-db-name"
+  name = "string-pg-db-name"
 }
 
 data "aws_ssm_parameter" "db_host" {
-  name = "${local.env}-string-write-db-host-url"
+  name = "pg-cluster-write-host-url"
 }
 
 data "aws_ssm_parameter" "redis_auth_token" {
   name = "redis-auth-token"
 }
 
 data "aws_ssm_parameter" "redis_host_url" {
-  name  = "redis-host-url"
+  name = "redis-host-url"
 }
 
 data "aws_kms_key" "kms_key" {

diff --git a/infra/internal/prod/variables.tf b/infra/internal/prod/variables.tf
@@ -1,8 +1,8 @@
 locals {
   cluster_name       = "admin"
-  env                = "dev"
+  env                = "prod"
   service_name       = "admin"
-  root_domain        = "string-api.xyz"
+  root_domain        = "admin.string-api.xyz"
   container_port     = "3000"
   origin_id          = "admin-api"
   desired_task_count = "1"
@@ -15,7 +15,7 @@ locals {
 
 variable "versioning" {
   type    = string
-  default = "latest"
+  default = "v1.0.0.0"
 }
 
 locals {
@@ -49,11 +49,11 @@ locals {
           valueFrom = data.aws_ssm_parameter.db_name.arn
         },
         {
-          name = "REDIS_HOST",
+          name      = "REDIS_HOST",
           valuefrom = data.aws_ssm_parameter.redis_host_url.arn
         },
         {
-          name = "REDIS_PASSWORD",
+          name      = "REDIS_PASSWORD",
           valuefrom = data.aws_ssm_parameter.redis_auth_token.arn
         }
       ]
@@ -66,7 +66,7 @@ locals {
           name  = "REDIS_PORT"
           value = local.redis_port
         },
-         {
+        {
           name = "DB_PORT",
           value = local.db_port
         },