From 31903503da348c92d4fa2fea0e1a5cfa37635468 Mon Sep 17 00:00:00 2001 From: Alex English Date: Fri, 17 Oct 2025 18:00:06 -0700 Subject: [PATCH 1/8] secret docs --- terraform/modules/secret/main.tf | 14 ++++++++++++++ terraform/modules/secret/variables.tf | 6 ++++++ 2 files changed, 20 insertions(+) diff --git a/terraform/modules/secret/main.tf b/terraform/modules/secret/main.tf index 0ac6571..e79f4af 100644 --- a/terraform/modules/secret/main.tf +++ b/terraform/modules/secret/main.tf @@ -1,3 +1,15 @@ +/** + * # secret + * + * A secret is a securely-stored piece of information, + * in our case a string. Things like database credentials, + * oauth secrets, etc should be stored as a secret. In general, + * secrets are added to running containers via environment variables. + * + * Instead of using AWS Secret Manager secrets, we use SSM Parameters, + * as there is a cost associated with secrets. + */ + locals { secret_name = "/${var.project_name}/${var.application_type}-${var.environment != "" ? "${var.environment}-" : "" }${var.name}" } @@ -21,9 +33,11 @@ resource "aws_ssm_parameter" "this" { output "arn" { value = aws_ssm_parameter.this.arn + description = "the ARN of the generated ssm parameter" } output "value" { value = random_password.password.result sensitive = true + description = "value of autogenerated secret" } \ No newline at end of file diff --git a/terraform/modules/secret/variables.tf b/terraform/modules/secret/variables.tf index f8da27f..f315449 100644 --- a/terraform/modules/secret/variables.tf +++ b/terraform/modules/secret/variables.tf @@ -1,26 +1,32 @@ variable "project_name" { type = string + description = "HfLA project name (vrms, home-unite-us, etc)" } variable "application_type" { type = string + description = "frontend, backend, or fullstack" } variable "environment" { type = string default = "" + description = "what environment this is for - staging, production, etc" } variable "name" { type = string + description = "secret name" } variable "length" { type = number default = 48 + description = "if letting the module set the secret value, the length of the generated random secret" } variable "value" { type = string default = null + description = "when set, the secret value, otherwise generated at random" } \ No newline at end of file From db7fa5bbb0444f515f961781564b130b29ffa72b Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Sat, 18 Oct 2025 01:01:36 +0000 Subject: [PATCH 2/8] terraform-docs: automated updates to Terraform modules README.md --- terraform/modules/container/README.md | 3 ++- terraform/modules/secret/README.md | 26 ++++++++++++++++++-------- 2 files changed, 20 insertions(+), 9 deletions(-) diff --git a/terraform/modules/container/README.md b/terraform/modules/container/README.md index f5ab0df..ecbca09 100644 --- a/terraform/modules/container/README.md +++ b/terraform/modules/container/README.md @@ -35,7 +35,7 @@ No modules. |------|-------------|------|---------|:--------:| | [additional\_host\_urls](#input\_additional\_host\_urls) | n/a | `list(string)` | `[]` | no | | [application\_type](#input\_application\_type) | defines what type of application is running, fullstack, client, backend, etc. will be used for cloudwatch logs | `string` | n/a | yes | -| [container\_cpu](#input\_container\_cpu) | n/a | `number` | `512` | no | +| [container\_cpu](#input\_container\_cpu) | n/a | `number` | `256` | no | | [container\_environment](#input\_container\_environment) | n/a | 
list(object({
    name = string
    value = string
  }))
| n/a | yes | | [container\_environment\_secrets](#input\_container\_environment\_secrets) | n/a | 
list(object({
    name = string
    valueFrom = string
  }))
| `[]` | no | | [container\_image](#input\_container\_image) | n/a | `string` | n/a | yes | @@ -44,6 +44,7 @@ No modules. | [environment](#input\_environment) | n/a | `string` | n/a | yes | | [health\_check\_path](#input\_health\_check\_path) | n/a | `string` | `"/"` | no | | [hostname](#input\_hostname) | n/a | `string` | n/a | yes | +| [launch\_type](#input\_launch\_type) | n/a | `string` | `"fargate"` | no | | [listener\_priority](#input\_listener\_priority) | n/a | `number` | n/a | yes | | [path](#input\_path) | n/a | `string` | `null` | no | | [project\_name](#input\_project\_name) | The overall name of the project using this infrastructure; used to group related resources by | `any` | n/a | yes | diff --git a/terraform/modules/secret/README.md b/terraform/modules/secret/README.md index 0ff59d6..bff28ac 100644 --- a/terraform/modules/secret/README.md +++ b/terraform/modules/secret/README.md @@ -1,4 +1,14 @@ +# secret + +A secret is a securely-stored piece of information, +in our case a string. Things like database credentials, +oauth secrets, etc should be stored as a secret. In general, +secrets are added to running containers via environment variables. + +Instead of using AWS Secret Manager secrets, we use SSM Parameters, +as there is a cost associated with secrets. + ## Requirements No requirements. @@ -25,17 +35,17 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [application\_type](#input\_application\_type) | n/a | `string` | n/a | yes | -| [environment](#input\_environment) | n/a | `string` | `""` | no | -| [length](#input\_length) | n/a | `number` | `48` | no | -| [name](#input\_name) | n/a | `string` | n/a | yes | -| [project\_name](#input\_project\_name) | n/a | `string` | n/a | yes | -| [value](#input\_value) | n/a | `string` | `null` | no | +| [application\_type](#input\_application\_type) | frontend, backend, or fullstack | `string` | n/a | yes | +| [environment](#input\_environment) | what environment this is for - staging, production, etc | `string` | `""` | no | +| [length](#input\_length) | if letting the module set the secret value, the length of the generated random secret | `number` | `48` | no | +| [name](#input\_name) | secret name | `string` | n/a | yes | +| [project\_name](#input\_project\_name) | HfLA project name (vrms, home-unite-us, etc) | `string` | n/a | yes | +| [value](#input\_value) | when set, the secret value, otherwise generated at random | `string` | `null` | no | ## Outputs | Name | Description | |------|-------------| -| [arn](#output\_arn) | n/a | -| [value](#output\_value) | n/a | +| [arn](#output\_arn) | the ARN of the generated ssm parameter | +| [value](#output\_value) | value of autogenerated secret | \ No newline at end of file From f54208f97f9346ecae7f43699bf4fc3a759a6e35 Mon Sep 17 00:00:00 2001 From: Alex English Date: Fri, 17 Oct 2025 18:15:24 -0700 Subject: [PATCH 3/8] root-dns-entry documentation --- terraform/modules/root-dns-entry/main.tf | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/terraform/modules/root-dns-entry/main.tf b/terraform/modules/root-dns-entry/main.tf index 36d5f2b..0318077 100644 --- a/terraform/modules/root-dns-entry/main.tf +++ b/terraform/modules/root-dns-entry/main.tf @@ -1,9 +1,18 @@ +/** + * # root-dns-entry + * + * Creates a Route 53 DNS entry that points to incubator's main ingress (cloudfront or ALB). + * All services that require web access (frontends or API backends) should use this. + * + */ + +#terraform-docs-ignore data "aws_route53_zone" "this" { zone_id = var.zone_id } - +#terraform-docs-ignore data "aws_lb" "this" { arn = "arn:aws:elasticloadbalancing:us-west-2:035866691871:loadbalancer/app/incubator-prod-lb/7451adf77133ef36" } From f698b293c2f518c4946f6470fe7b11315ffb0dd4 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Sat, 18 Oct 2025 01:15:47 +0000 Subject: [PATCH 4/8] terraform-docs: automated updates to Terraform modules README.md --- terraform/modules/root-dns-entry/README.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/terraform/modules/root-dns-entry/README.md b/terraform/modules/root-dns-entry/README.md index 1a9f5e2..7012d72 100644 --- a/terraform/modules/root-dns-entry/README.md +++ b/terraform/modules/root-dns-entry/README.md @@ -1,4 +1,9 @@ +# root-dns-entry + +Creates a Route 53 DNS entry that points to incubator's main ingress (cloudfront or ALB). +All services that require web access (frontends or API backends) should use this. + ## Requirements No requirements. @@ -18,8 +23,6 @@ No modules. | Name | Type | |------|------| | [aws_route53_record.www](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource | -| [aws_lb.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lb) | data source | -| [aws_route53_zone.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_zone) | data source | ## Inputs From 416673f99a78b69532b08ac2ee1a9161b669a385 Mon Sep 17 00:00:00 2001 From: Alex English Date: Fri, 17 Oct 2025 18:17:17 -0700 Subject: [PATCH 5/8] inputs/outputs for root-dns-entry --- terraform/modules/root-dns-entry/outputs.tf | 1 + terraform/modules/root-dns-entry/variables.tf | 1 + 2 files changed, 2 insertions(+) diff --git a/terraform/modules/root-dns-entry/outputs.tf b/terraform/modules/root-dns-entry/outputs.tf index 30e6be7..397b478 100644 --- a/terraform/modules/root-dns-entry/outputs.tf +++ b/terraform/modules/root-dns-entry/outputs.tf @@ -1,3 +1,4 @@ output "full_dns_name" { value = data.aws_route53_zone.this.name + description = "full dns name, i.e. \"qa.vrms.io\"" } \ No newline at end of file diff --git a/terraform/modules/root-dns-entry/variables.tf b/terraform/modules/root-dns-entry/variables.tf index dbdf0fa..ec767a6 100644 --- a/terraform/modules/root-dns-entry/variables.tf +++ b/terraform/modules/root-dns-entry/variables.tf @@ -1,3 +1,4 @@ variable "zone_id" { type = string + description = "the Route 53 hosted zone id to create the entry" } From 0d34e4b3cdee458041cc82fbd78e4b1901bbe3ef Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Sat, 18 Oct 2025 01:18:57 +0000 Subject: [PATCH 6/8] terraform-docs: automated updates to Terraform modules README.md --- terraform/modules/root-dns-entry/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/modules/root-dns-entry/README.md b/terraform/modules/root-dns-entry/README.md index 7012d72..be4bdbf 100644 --- a/terraform/modules/root-dns-entry/README.md +++ b/terraform/modules/root-dns-entry/README.md @@ -28,11 +28,11 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [zone\_id](#input\_zone\_id) | n/a | `string` | n/a | yes | +| [zone\_id](#input\_zone\_id) | the Route 53 hosted zone id to create the entry | `string` | n/a | yes | ## Outputs | Name | Description | |------|-------------| -| [full\_dns\_name](#output\_full\_dns\_name) | n/a | +| [full\_dns\_name](#output\_full\_dns\_name) | full dns name, i.e. "qa.vrms.io" | \ No newline at end of file From 204597fff4c02a16aab421251594db58ae3f1ec2 Mon Sep 17 00:00:00 2001 From: Alex English Date: Fri, 17 Oct 2025 18:21:03 -0700 Subject: [PATCH 7/8] fix wording --- terraform/modules/root-dns-entry/main.tf | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/terraform/modules/root-dns-entry/main.tf b/terraform/modules/root-dns-entry/main.tf index 0318077..2ecbd61 100644 --- a/terraform/modules/root-dns-entry/main.tf +++ b/terraform/modules/root-dns-entry/main.tf @@ -1,8 +1,10 @@ /** * # root-dns-entry * - * Creates a Route 53 DNS entry that points to incubator's main ingress (cloudfront or ALB). - * All services that require web access (frontends or API backends) should use this. + * This is used to create a root DNS entry in Route 53, for example "vrms.io" or "homeunite.us" + * that have no "www" or subdomain before it. The Route 53 DNS entry points to incubator's main + * ingress (cloudfront or ALB). All services that require web access (frontends or API backends) + * should use this. * */ From 5e664c1472ab9ccce250120bf7d7a83edd8065f6 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Sat, 18 Oct 2025 01:21:35 +0000 Subject: [PATCH 8/8] terraform-docs: automated updates to Terraform modules README.md --- terraform/modules/root-dns-entry/README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/terraform/modules/root-dns-entry/README.md b/terraform/modules/root-dns-entry/README.md index be4bdbf..7aa5fa7 100644 --- a/terraform/modules/root-dns-entry/README.md +++ b/terraform/modules/root-dns-entry/README.md @@ -1,8 +1,10 @@ # root-dns-entry -Creates a Route 53 DNS entry that points to incubator's main ingress (cloudfront or ALB). -All services that require web access (frontends or API backends) should use this. +This is used to create a root DNS entry in Route 53, for example "vrms.io" or "homeunite.us" +that have no "www" or subdomain before it. The Route 53 DNS entry points to incubator's main +ingress (cloudfront or ALB). All services that require web access (frontends or API backends) +should use this. ## Requirements