Add domain name

Add ssl cert.
Add DNS.
Remove ingress port 80.
Add ingress port 443

Dockerfile

@@ -31,5 +31,5 @@ RUN python -m nltk.downloader vader_lexicon punkt
 # Make port 80 available to the world outside this container
 EXPOSE 80
 
-# Run gunicorn and bind it to port 80
-CMD ["gunicorn", "--bind", "0.0.0.0:80", "main:app"]
+# Run gunicorn and bind it to port 443
+CMD ["gunicorn", "--bind", "0.0.0.0:443", "main:app"]

Makefile

@@ -8,7 +8,7 @@ docker-build:
 
 docker-run:
 	@echo "Running the Docker container..."
-	@docker run -p 80:80 mood-marker-api:latest
+	@docker run -p 80:443 mood-marker-api:latest
 
 ecr-deploy: ecr-auth ecr-build-push
 

README.md

@@ -187,4 +187,4 @@ cd terraform && tf init && tf apply
 ```
 
 See the ./terraform/README.md for more information on the 
-AWS infrastructure deployment.
+AWS infrastructure deployment.

terraform/README.md

@@ -1,14 +1,19 @@
 # Terraform
 
-## ECR Registry
+This API runs in an AWS ECS cluster with an internet gateway
+and an application load balancer.  It lives in one VPC
+with two subnets in two availability zones.
 
-`mood-marker-api`
+## Getting Started
+
+Navigate to the `./terraform` folder and run 
 
 ```bash
-462498369025.dkr.ecr.us-west-2.amazonaws.com/mood-marker-api
+tf init
+tf plan
 ```
 
-## Resources
+## Resources To Be Created
 
 1. Load Balancer
 2. Internet Gateway

terraform/ecr.tf

@@ -5,4 +5,4 @@ resource "aws_ecr_repository" "ecr_repository" {
 
 output "repository_url" {
   value = aws_ecr_repository.ecr_repository.repository_url
-}
+}

terraform/gateway.tf

@@ -8,7 +8,7 @@ resource "aws_internet_gateway" "mood_marker_api_igw" {
 
 resource "aws_lb_target_group" "mood_maker_api_target_group" {
   name     = "mood-maker-api-tg"
-  port     = 80
+  port     = 443
   protocol = "HTTP"
   vpc_id   = aws_vpc.mood_marker_api_vpc.id
   target_type = "ip"
@@ -21,14 +21,3 @@ resource "aws_lb" "mood_maker_api_lb" {
   security_groups    = [aws_security_group.mood_marker_api_sg.id]
   subnets            = [aws_subnet.mood_marker_api_subnet_1.id, aws_subnet.mood_marker_api_subnet_2.id]
 }
-
-resource "aws_lb_listener" "mood_maker_api_listener" {
-  load_balancer_arn = aws_lb.mood_maker_api_lb.arn
-  port              = 80
-  protocol          = "HTTP"
-
-  default_action {
-    type             = "forward"
-    target_group_arn = aws_lb_target_group.mood_maker_api_target_group.arn
-  }
-}

terraform/main.tf

@@ -8,6 +8,10 @@ terraform {
   }
 }
 
+provider aws {
+  region  = var.region
+}
+
 resource "aws_ecs_cluster" "mood_marker_api_cluster" {
   name = "mood-marker-api-cluster"
 }
@@ -60,7 +64,7 @@ resource "aws_ecs_service" "mood_marker_api_service" {
   load_balancer {
     target_group_arn = aws_lb_target_group.mood_maker_api_target_group.arn
     container_name   = "mood-marker-api"
-    container_port   = 80
+    container_port   = 443
   }
 
   depends_on = [

terraform/output.tf

@@ -1,3 +1,7 @@
-output "app_url" {
+output "load_balancer_url" {
   value = aws_lb.mood_maker_api_lb.dns_name
+}
+
+output "api_url" {
+  value = "https://langtool.net"
 }

terraform/route53.tf

@@ -0,0 +1,45 @@
+resource "aws_acm_certificate" "langtool_cert" {
+  domain_name       = "langtool.net"
+  validation_method = "DNS"
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_route53_record" "langtool_cert_validation" {
+  name    = tolist(aws_acm_certificate.langtool_cert.domain_validation_options)[0].resource_record_name
+  type    = tolist(aws_acm_certificate.langtool_cert.domain_validation_options)[0].resource_record_type
+  zone_id = var.route_53_hosted_zone_id
+  records = [tolist(aws_acm_certificate.langtool_cert.domain_validation_options)[0].resource_record_value]
+  ttl     = 60
+}
+
+resource "aws_acm_certificate_validation" "langtool_cert_validation" {
+  certificate_arn         = aws_acm_certificate.langtool_cert.arn
+  validation_record_fqdns = [aws_route53_record.langtool_cert_validation.fqdn]
+}
+
+resource "aws_lb_listener" "langtool_https_listener" {
+  load_balancer_arn = aws_lb.mood_maker_api_lb.arn
+  port              = 443
+  protocol          = "HTTPS"
+  ssl_policy        = "ELBSecurityPolicy-2016-08"
+  certificate_arn   = aws_acm_certificate.langtool_cert.arn
+
+  default_action {
+    type             = "forward"
+    target_group_arn = aws_lb_target_group.mood_maker_api_target_group.arn
+  }
+}
+
+resource "aws_route53_record" "langtool_lb" {
+  zone_id = var.route_53_hosted_zone_id
+  name    = "langtool.net"
+  type    = "A"
+  alias {
+    name                   = aws_lb.mood_maker_api_lb.dns_name
+    zone_id                = aws_lb.mood_maker_api_lb.zone_id
+    evaluate_target_health = true
+  }
+}

terraform/task.tf

@@ -15,8 +15,8 @@ resource "aws_ecs_task_definition" "mood_marker_api_task" {
       essential = true
       portMappings = [
         {
-          containerPort = 80
-          hostPort      = 80
+          containerPort = 443
+          hostPort      = 443
           protocol      = "tcp"
         },
       ]

terraform/variables.tf

@@ -6,4 +6,9 @@ variable "region" {
 variable "deployment_bucket_name" {
   type = string
   default = "mood-marker-api-lambda-deployments"
+}
+
+variable "route_53_hosted_zone_id" {
+  type = string
+  default = "Z00098522Y9LE2926BSFR"
 }

terraform/vpc.tf

@@ -34,8 +34,8 @@ resource "aws_security_group" "mood_marker_api_sg" {
   vpc_id      = aws_vpc.mood_marker_api_vpc.id
 
   ingress {
-    from_port   = 80
-    to_port     = 80
+    from_port   = 443
+    to_port     = 443
     protocol    = "tcp"
     cidr_blocks = ["0.0.0.0/0"]
   }