feat: frontend infra

aws/dev/backend/locals.tf

@@ -13,5 +13,6 @@ locals {
   routes = toset([
     "/search",
     "/proxy",
+    "/healthz"
   ])
 }

aws/dev/backend/main.tf

@@ -29,7 +29,10 @@ module "salt" {
 
 ### IAM for lambda execution and logging
 module "lambda_iam" {
-  source = "../../modules/backend/lambda_iam"
+  source = "../../modules/universal/lambda_iam"
+
+  role_name   = "aws-iam-role-exec-hearchco-api"
+  policy_name = "hearchco_api_logging"
 }
 
 ## Cloudfront
@@ -42,7 +45,7 @@ provider "aws" {
 
 ### Certificate for the Cloudfront distribution
 module "hearchco_cdn_certificate" {
-  source         = "../../modules/backend/acm"
+  source         = "../../modules/universal/acm"
   domain_name    = local.api_domain_name
   hosted_zone_id = data.aws_route53_zone.hearchco_route53.zone_id
 
@@ -62,14 +65,19 @@ module "hearchco_cloudfront" {
 
   paths_cache = {
     "/search" = {
-      min_ttl     = 0
-      default_ttl = 0
-      max_ttl     = 1
+      min_ttl     = 60   // 1 minute
+      default_ttl = 600  // 10 minutes
+      max_ttl     = 3600 // 1 hour
     },
     "/proxy" = {
-      min_ttl     = 5
-      default_ttl = 30
-      max_ttl     = 60
+      min_ttl     = 3600   // 1 hour
+      default_ttl = 86400  // 1 day
+      max_ttl     = 259200 // 3 days
+    },
+    "/healthz" = {
+      min_ttl     = 0
+      default_ttl = 0
+      max_ttl     = 5
     },
   }
 

aws/dev/backend/region_eu_central_1.tf

@@ -9,7 +9,9 @@ provider "aws" {
 }
 
 module "hearchco_s3_eu_central_1" {
-  source = "../../modules/backend/s3"
+  source      = "../../modules/universal/s3_source_code"
+  filename    = "bootstrap"
+  bucket_name = "hearchco-api-binary"
 
   providers = {
     aws = aws.eu-central-1
@@ -31,7 +33,7 @@ module "hearchco_lambda_eu_central_1" {
 }
 
 module "hearchco_certificate_eu_central_1" {
-  source         = "../../modules/backend/acm"
+  source         = "../../modules/universal/acm"
   domain_name    = local.api_gateway_domain_name
   hosted_zone_id = data.aws_route53_zone.hearchco_route53.zone_id
 

aws/dev/frontend/cloudfront.tf

@@ -0,0 +1,39 @@
+module "hearchco_cdn_certificate" {
+  source         = "../../modules/universal/acm"
+  domain_name    = var.domain_name
+  hosted_zone_id = data.aws_route53_zone.hearchco_route53.zone_id
+
+  providers = {
+    aws = aws.us-east-1-cdn
+  }
+}
+
+module "hearchco_cloudfront" {
+  source              = "../../modules/frontend/cloudfront"
+  domain_name         = var.domain_name
+  hosted_zone_id      = data.aws_route53_zone.hearchco_route53.zone_id
+  target_domain_name  = module.hearchco_s3_assets.bucket_domain_name
+  oai_id              = module.hearchco_s3_assets.oai
+  lambda_edge_arn     = module.hearchco_lambda_edge.invoke_arn
+  acm_certificate_arn = module.hearchco_cdn_certificate.cert_arn
+  price_class         = "PriceClass_100"
+
+  top_level_assets = module.hearchco_s3_assets.top_level_assets
+
+  paths_cache = {
+    "/search" = {
+      min_ttl     = 60   // 1 minute
+      default_ttl = 600  // 10 minutes
+      max_ttl     = 3600 // 1 hour
+    },
+    "/healthz" = {
+      min_ttl     = 0
+      default_ttl = 0
+      max_ttl     = 5
+    },
+  }
+
+  providers = {
+    aws = aws.us-east-1-cdn
+  }
+}

aws/dev/frontend/lambda.tf

@@ -0,0 +1,39 @@
+module "hearchco_env_injection" {
+  source      = "../../modules/frontend/env_injection"
+  environment = local.environment
+}
+
+module "hearchco_s3_source_code" {
+  source      = "../../modules/universal/s3_source_code"
+  bucket_name = "hearchco-ssr-function"
+  filename    = module.hearchco_env_injection.filename
+  path        = module.hearchco_env_injection.path
+
+  depends_on = [module.hearchco_env_injection]
+
+  providers = {
+    aws = aws.us-east-1-cdn
+  }
+}
+
+module "lambda_iam" {
+  source = "../../modules/universal/lambda_iam"
+
+  role_name   = "aws-iam-role-exec-hearchco-ssr"
+  policy_name = "hearchco_ssr_logging"
+  edge        = true
+}
+
+### Lambda@Edge for SSR (us-east-1 for Cloudfront)
+module "hearchco_lambda_edge" {
+  source           = "../../modules/frontend/lambda_edge"
+  role             = module.lambda_iam.role_arn
+  s3_bucket        = module.hearchco_s3_source_code.bucket_id
+  s3_key           = module.hearchco_s3_source_code.s3_key
+  source_code_hash = module.hearchco_s3_source_code.source_code_hash
+  # environment      = local.environment # Not supported by Lambda@Edge
+
+  providers = {
+    aws = aws.us-east-1-cdn
+  }
+}

aws/dev/frontend/locals.tf

@@ -0,0 +1,9 @@
+locals {
+  api_domain_name = "api.${var.domain_name}"
+
+  # Lambda
+  environment = tomap({
+    API_URI        = "https://${local.api_domain_name}"
+    PUBLIC_API_URI = "https://${local.api_domain_name}"
+  })
+}

aws/dev/frontend/main.tf

@@ -0,0 +1,27 @@
+terraform {
+  backend "s3" {
+    profile        = "992382822186_TFStateLock"
+    region         = "eu-central-1"
+    dynamodb_table = "hearchco-shared-tf-state"
+    bucket         = "hearchco-shared-tf-state"
+    key            = "aws/dev/frontend/terraform.tfstate"
+    encrypt        = "true"
+  }
+}
+
+provider "aws" {
+  profile = var.aws_profile
+  region  = "eu-central-1"
+}
+
+# us-east-1 region required for Cloudfront's certificate and Lambda@Edge
+provider "aws" {
+  profile = var.aws_profile
+  region  = "us-east-1"
+  alias   = "us-east-1-cdn"
+}
+
+# Route53 DNS
+data "aws_route53_zone" "hearchco_route53" {
+  name = var.domain_name
+}

aws/dev/frontend/s3.tf

@@ -0,0 +1,8 @@
+module "hearchco_s3_assets" {
+  source      = "../../modules/frontend/s3_assets"
+  bucket_name = "hearchco-assets"
+
+  providers = {
+    aws = aws.us-east-1-cdn
+  }
+}

aws/dev/frontend/variables.tf

@@ -0,0 +1,9 @@
+variable "aws_profile" {
+  type    = string
+  default = "891377085136_Admin"
+}
+
+variable "domain_name" {
+  type    = string
+  default = "dev.hearch.co"
+}

aws/modules/backend/cloudfront/cache.tf

@@ -1,5 +1,5 @@
 resource "aws_cloudfront_cache_policy" "default_cache_policy" {
-  name        = "default-cache-policy"
+  name        = "api-default-cache-policy"
   min_ttl     = var.default_cache.min_ttl
   default_ttl = var.default_cache.default_ttl
   max_ttl     = var.default_cache.max_ttl
@@ -34,7 +34,7 @@ resource "aws_cloudfront_cache_policy" "default_cache_policy" {
 resource "aws_cloudfront_cache_policy" "cache_policy" {
   for_each = var.paths_cache
 
-  name        = "cache-policy${replace(each.key, "/", "-")}"
+  name        = "api-cache-policy${replace(each.key, "/", "-")}"
   min_ttl     = each.value.min_ttl
   default_ttl = each.value.default_ttl
   max_ttl     = each.value.max_ttl

aws/modules/backend/lambda/variables.tf

@@ -62,5 +62,5 @@ variable "memory_size" {
 
 variable "timeout" {
   type    = number
-  default = 5
+  default = 4
 }