From f4dd1e4f32d9b34071b89493f627845dd728dfef Mon Sep 17 00:00:00 2001 From: Cali <32299095+Cali93@users.noreply.github.com> Date: Tue, 4 Jul 2023 12:43:31 +0300 Subject: [PATCH 1/3] feat(redis): basic redis and redis client set up (#12) * chore(redis): basic redis and redis client set up * chore(redis-env-vars): add redis env variables * chore(remove-dns): remove route 53 config --- .env.example | 5 +- docker-compose.yml | 16 +++ package-lock.json | 192 +++++++++++++++++++++++++++++++++++ package.json | 2 + src/index.ts | 37 ++++++- terraform/main.tf | 21 ++++ terraform/redis/main.tf | 38 +++++++ terraform/redis/outputs.tf | 3 + terraform/redis/variables.tf | 19 ++++ terraform/variables.tf | 13 +++ 10 files changed, 344 insertions(+), 2 deletions(-) create mode 100644 terraform/redis/main.tf create mode 100644 terraform/redis/outputs.tf create mode 100644 terraform/redis/variables.tf diff --git a/.env.example b/.env.example index 6af1396..e036f08 100644 --- a/.env.example +++ b/.env.example @@ -5,4 +5,7 @@ SUPABASE_JWT_SECRET= COOKIE_SECRET= HCAPTCHA_SECRET= DIRECT_URL="postgresql://postgres:[YOUR_DB_PASSWORD]@db.[YOUR_SUPABASE_PROJECT_ID].supabase.co:5432/postgres" -DATABASE_URL="postgresql://postgres:[YOUR_DB_PASSWORD]@db.[YOUR_SUPABASE_PROJECT_ID].supabase.co:6543/postgres?pgbouncer=true" \ No newline at end of file +DATABASE_URL="postgresql://postgres:[YOUR_DB_PASSWORD]@db.[YOUR_SUPABASE_PROJECT_ID].supabase.co:6543/postgres?pgbouncer=true" +REDIS_PASSWORD="authpassword" +REDIS_HOST=redis +REDIS_PORT=6379 \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index a856a45..a548385 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -14,3 +14,19 @@ services: HCAPTCHA_SECRET: ${HCAPTCHA_SECRET} DIRECT_URL: ${DIRECT_URL} DATABASE_URL: ${DATABASE_URL} + REDIS_URL: ${REDIS_URL} + REDIS_PASSWORD: ${REDIS_PASSWORD} + REDIS_HOST: ${REDIS_HOST} + REDIS_PORT: ${REDIS_PORT} + depends_on: + redis: + condition: service_healthy + links: + - redis + redis: + image: redis:6.2.12 + command: redis-server --requirepass ${REDIS_PASSWORD} + healthcheck: + test: ["CMD", "redis-cli", "ping"] + ports: + - "6379:6379" diff --git a/package-lock.json b/package-lock.json index c85d03d..4c70415 100644 --- a/package-lock.json +++ b/package-lock.json @@ -10,12 +10,14 @@ "license": "ISC", "dependencies": { "@prisma/client": "^4.15.0", + "connect-redis": "^7.1.0", "cookie": "^0.5.0", "cors": "^2.8.5", "dotenv": "^16.0.3", "express": "^4.18.2", "express-rate-limit": "^6.7.0", "express-session": "^1.17.3", + "ioredis": "^5.3.2", "jsonwebtoken": "^9.0.0", "siwe": "^1.1.6" }, @@ -731,6 +733,11 @@ "@ethersproject/strings": "^5.5.0" } }, + "node_modules/@ioredis/commands": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/@ioredis/commands/-/commands-1.2.0.tgz", + "integrity": "sha512-Sx1pU8EM64o2BrqNpEO1CNLtKQwyhuXuqyfH7oGKCk+1a33d2r5saW8zNwm3j6BTExtjrv2BxTgzzkMwts6vGg==" + }, "node_modules/@prisma/client": { "version": "4.15.0", "resolved": "https://registry.npmjs.org/@prisma/client/-/client-4.15.0.tgz", @@ -1150,6 +1157,14 @@ "node": ">=12" } }, + "node_modules/cluster-key-slot": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/cluster-key-slot/-/cluster-key-slot-1.1.2.tgz", + "integrity": "sha512-RMr0FhtfXemyinomL4hrWcYJxmX6deFdCxpJzhDttxgO1+bcCnkk+9drydLVDmAMG7NE6aN/fl4F7ucU/90gAA==", + "engines": { + "node": ">=0.10.0" + } + }, "node_modules/color-convert": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", @@ -1201,6 +1216,17 @@ "url": "https://github.com/open-cli-tools/concurrently?sponsor=1" } }, + "node_modules/connect-redis": { + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/connect-redis/-/connect-redis-7.1.0.tgz", + "integrity": "sha512-UaqO1EirWjON2ENsyau7N5lbkrdYBpS6mYlXSeff/OYXsd6EGZ+SXSmNPoljL2PSua8fgjAEaldSA73PMZQ9Eg==", + "engines": { + "node": ">=16" + }, + "peerDependencies": { + "express-session": ">=1" + } + }, "node_modules/content-disposition": { "version": "0.5.4", "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz", @@ -1266,6 +1292,14 @@ "ms": "2.0.0" } }, + "node_modules/denque": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/denque/-/denque-2.1.0.tgz", + "integrity": "sha512-HVQE3AAb/pxF8fQAoiqpvg9i3evqug3hoiwakOyZAwJm+6vZehbkYXZ0l4JxS+I3QxM97v5aaRNhj8v5oBhekw==", + "engines": { + "node": ">=0.10" + } + }, "node_modules/depd": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz", @@ -1668,6 +1702,50 @@ "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==" }, + "node_modules/ioredis": { + "version": "5.3.2", + "resolved": "https://registry.npmjs.org/ioredis/-/ioredis-5.3.2.tgz", + "integrity": "sha512-1DKMMzlIHM02eBBVOFQ1+AolGjs6+xEcM4PDL7NqOS6szq7H9jSaEkIUH6/a5Hl241LzW6JLSiAbNvTQjUupUA==", + "dependencies": { + "@ioredis/commands": "^1.1.1", + "cluster-key-slot": "^1.1.0", + "debug": "^4.3.4", + "denque": "^2.1.0", + "lodash.defaults": "^4.2.0", + "lodash.isarguments": "^3.1.0", + "redis-errors": "^1.2.0", + "redis-parser": "^3.0.0", + "standard-as-callback": "^2.1.0" + }, + "engines": { + "node": ">=12.22.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/ioredis" + } + }, + "node_modules/ioredis/node_modules/debug": { + "version": "4.3.4", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz", + "integrity": "sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==", + "dependencies": { + "ms": "2.1.2" + }, + "engines": { + "node": ">=6.0" + }, + "peerDependenciesMeta": { + "supports-color": { + "optional": true + } + } + }, + "node_modules/ioredis/node_modules/ms": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==" + }, "node_modules/ipaddr.js": { "version": "1.9.1", "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz", @@ -1791,6 +1869,16 @@ "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==" }, + "node_modules/lodash.defaults": { + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/lodash.defaults/-/lodash.defaults-4.2.0.tgz", + "integrity": "sha512-qjxPLHd3r5DnsdGacqOMU6pb/avJzdh9tFX2ymgoZE27BmjXrNy/y4LoaiTeAb+O3gL8AfpJGtqfX/ae2leYYQ==" + }, + "node_modules/lodash.isarguments": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/lodash.isarguments/-/lodash.isarguments-3.1.0.tgz", + "integrity": "sha512-chi4NHZlZqZD18a0imDHnZPrDeBbTtVN7GXMwuGdRH9qotxAjYs3aVLKc7zNOG9eddR5Ksd8rvFEBc9SsggPpg==" + }, "node_modules/lru-cache": { "version": "6.0.0", "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", @@ -2129,6 +2217,25 @@ "node": ">=8.10.0" } }, + "node_modules/redis-errors": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/redis-errors/-/redis-errors-1.2.0.tgz", + "integrity": "sha512-1qny3OExCf0UvUV/5wpYKf2YwPcOqXzkwKKSmKHiE6ZMQs5heeE/c8eXK+PNllPvmjgAbfnsbpkGZWy8cBpn9w==", + "engines": { + "node": ">=4" + } + }, + "node_modules/redis-parser": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/redis-parser/-/redis-parser-3.0.0.tgz", + "integrity": "sha512-DJnGAeenTdpMEH6uAJRK/uiyEIH9WVsUmoLwzudwGJUwZPp80PDBWPHXSAGNPwNvIXAbe7MSUB1zQFugFml66A==", + "dependencies": { + "redis-errors": "^1.0.0" + }, + "engines": { + "node": ">=4" + } + }, "node_modules/require-directory": { "version": "2.1.1", "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz", @@ -2295,6 +2402,11 @@ "integrity": "sha512-n98l9E2RMSJ9ON1AKisHzz7V42VDiBQGY6PB1BwRglz99wpVsSuGzQ+jOi6lFXBGVTCrRpltvjm+/XA+tpeJrg==", "dev": true }, + "node_modules/standard-as-callback": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/standard-as-callback/-/standard-as-callback-2.1.0.tgz", + "integrity": "sha512-qoRRSyROncaz1z0mvYqIE4lCd9p2R90i6GxW3uZv5ucSu8tU7B5HXUP1gG8pVZsYNVaXjk8ClXHPttLyxAL48A==" + }, "node_modules/statuses": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.1.tgz", @@ -2937,6 +3049,11 @@ "@ethersproject/strings": "^5.5.0" } }, + "@ioredis/commands": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/@ioredis/commands/-/commands-1.2.0.tgz", + "integrity": "sha512-Sx1pU8EM64o2BrqNpEO1CNLtKQwyhuXuqyfH7oGKCk+1a33d2r5saW8zNwm3j6BTExtjrv2BxTgzzkMwts6vGg==" + }, "@prisma/client": { "version": "4.15.0", "resolved": "https://registry.npmjs.org/@prisma/client/-/client-4.15.0.tgz", @@ -3291,6 +3408,11 @@ "wrap-ansi": "^7.0.0" } }, + "cluster-key-slot": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/cluster-key-slot/-/cluster-key-slot-1.1.2.tgz", + "integrity": "sha512-RMr0FhtfXemyinomL4hrWcYJxmX6deFdCxpJzhDttxgO1+bcCnkk+9drydLVDmAMG7NE6aN/fl4F7ucU/90gAA==" + }, "color-convert": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", @@ -3329,6 +3451,12 @@ "yargs": "^17.3.1" } }, + "connect-redis": { + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/connect-redis/-/connect-redis-7.1.0.tgz", + "integrity": "sha512-UaqO1EirWjON2ENsyau7N5lbkrdYBpS6mYlXSeff/OYXsd6EGZ+SXSmNPoljL2PSua8fgjAEaldSA73PMZQ9Eg==", + "requires": {} + }, "content-disposition": { "version": "0.5.4", "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz", @@ -3375,6 +3503,11 @@ "ms": "2.0.0" } }, + "denque": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/denque/-/denque-2.1.0.tgz", + "integrity": "sha512-HVQE3AAb/pxF8fQAoiqpvg9i3evqug3hoiwakOyZAwJm+6vZehbkYXZ0l4JxS+I3QxM97v5aaRNhj8v5oBhekw==" + }, "depd": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz", @@ -3690,6 +3823,37 @@ "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==" }, + "ioredis": { + "version": "5.3.2", + "resolved": "https://registry.npmjs.org/ioredis/-/ioredis-5.3.2.tgz", + "integrity": "sha512-1DKMMzlIHM02eBBVOFQ1+AolGjs6+xEcM4PDL7NqOS6szq7H9jSaEkIUH6/a5Hl241LzW6JLSiAbNvTQjUupUA==", + "requires": { + "@ioredis/commands": "^1.1.1", + "cluster-key-slot": "^1.1.0", + "debug": "^4.3.4", + "denque": "^2.1.0", + "lodash.defaults": "^4.2.0", + "lodash.isarguments": "^3.1.0", + "redis-errors": "^1.2.0", + "redis-parser": "^3.0.0", + "standard-as-callback": "^2.1.0" + }, + "dependencies": { + "debug": { + "version": "4.3.4", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz", + "integrity": "sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==", + "requires": { + "ms": "2.1.2" + } + }, + "ms": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==" + } + } + }, "ipaddr.js": { "version": "1.9.1", "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz", @@ -3787,6 +3951,16 @@ "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==" }, + "lodash.defaults": { + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/lodash.defaults/-/lodash.defaults-4.2.0.tgz", + "integrity": "sha512-qjxPLHd3r5DnsdGacqOMU6pb/avJzdh9tFX2ymgoZE27BmjXrNy/y4LoaiTeAb+O3gL8AfpJGtqfX/ae2leYYQ==" + }, + "lodash.isarguments": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/lodash.isarguments/-/lodash.isarguments-3.1.0.tgz", + "integrity": "sha512-chi4NHZlZqZD18a0imDHnZPrDeBbTtVN7GXMwuGdRH9qotxAjYs3aVLKc7zNOG9eddR5Ksd8rvFEBc9SsggPpg==" + }, "lru-cache": { "version": "6.0.0", "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", @@ -4025,6 +4199,19 @@ "picomatch": "^2.2.1" } }, + "redis-errors": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/redis-errors/-/redis-errors-1.2.0.tgz", + "integrity": "sha512-1qny3OExCf0UvUV/5wpYKf2YwPcOqXzkwKKSmKHiE6ZMQs5heeE/c8eXK+PNllPvmjgAbfnsbpkGZWy8cBpn9w==" + }, + "redis-parser": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/redis-parser/-/redis-parser-3.0.0.tgz", + "integrity": "sha512-DJnGAeenTdpMEH6uAJRK/uiyEIH9WVsUmoLwzudwGJUwZPp80PDBWPHXSAGNPwNvIXAbe7MSUB1zQFugFml66A==", + "requires": { + "redis-errors": "^1.0.0" + } + }, "require-directory": { "version": "2.1.1", "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz", @@ -4154,6 +4341,11 @@ "integrity": "sha512-n98l9E2RMSJ9ON1AKisHzz7V42VDiBQGY6PB1BwRglz99wpVsSuGzQ+jOi6lFXBGVTCrRpltvjm+/XA+tpeJrg==", "dev": true }, + "standard-as-callback": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/standard-as-callback/-/standard-as-callback-2.1.0.tgz", + "integrity": "sha512-qoRRSyROncaz1z0mvYqIE4lCd9p2R90i6GxW3uZv5ucSu8tU7B5HXUP1gG8pVZsYNVaXjk8ClXHPttLyxAL48A==" + }, "statuses": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.1.tgz", diff --git a/package.json b/package.json index 212618d..c391aa5 100644 --- a/package.json +++ b/package.json @@ -15,12 +15,14 @@ "license": "ISC", "dependencies": { "@prisma/client": "^4.15.0", + "connect-redis": "^7.1.0", "cookie": "^0.5.0", "cors": "^2.8.5", "dotenv": "^16.0.3", "express": "^4.18.2", "express-rate-limit": "^6.7.0", "express-session": "^1.17.3", + "ioredis": "^5.3.2", "jsonwebtoken": "^9.0.0", "siwe": "^1.1.6" }, diff --git a/src/index.ts b/src/index.ts index 8dd5d76..f968137 100644 --- a/src/index.ts +++ b/src/index.ts @@ -1,8 +1,10 @@ +import RedisStore from "connect-redis"; import cors, { CorsOptions } from "cors"; import dotenv from "dotenv"; import express, { NextFunction, Request, Response } from "express"; import rateLimit from "express-rate-limit"; import Session from "express-session"; +import { Redis } from "ioredis"; import { SiweMessage, generateNonce } from "siwe"; import { verifyAndSignIn } from "./handlers/verify"; import { captchaVerification } from "./middlewares/captchaVerification"; @@ -16,13 +18,42 @@ declare module "express-session" { } } -const { PORT, COOKIE_SECRET, COOKIE_NAME } = process.env; +const { + PORT, + COOKIE_SECRET, + COOKIE_NAME, + REDIS_PASSWORD, + REDIS_HOST, + REDIS_PORT, +} = process.env; if (!COOKIE_NAME) { throw new ReferenceError("COOKIE_NAME missing in environment variables"); } if (!COOKIE_SECRET) { throw new ReferenceError("COOKIE_SECRET missing in environment variables"); } +if (!REDIS_HOST) { + throw new ReferenceError("REDIS_HOST missing in environment variables"); +} +if (!REDIS_HOST) { + throw new ReferenceError("REDIS_HOST missing in environment variables"); +} +if (!REDIS_PASSWORD) { + throw new ReferenceError("REDIS_PASSWORD missing in environment variables"); +} + +// Initialize redis client +const redisClient = new Redis({ + host: REDIS_HOST ?? "redis", + port: REDIS_PORT ? parseInt(REDIS_PORT, 10) : 6379, + password: REDIS_PASSWORD, +}); + +// Initialize connect-redis store for express-session +const redisStore = new RedisStore({ + client: redisClient, + prefix: "cloud-auth:", +}); const app = express(); @@ -65,6 +96,7 @@ app.use( secret: COOKIE_SECRET, resave: true, saveUninitialized: true, + store: redisStore, cookie: { secure: isProd, sameSite: isProd, @@ -84,6 +116,9 @@ const limiter = rateLimit({ app.use(limiter); app.get("/health", async function (req, res) { + await redisClient.set("test", "value"); + const test = await redisClient.get("test"); + console.log({ test }); return res.status(200).json({ status: "OK" }); }); diff --git a/terraform/main.tf b/terraform/main.tf index 8a2bc4b..23f6202 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -90,8 +90,29 @@ module "ecs" { cookie_secret = var.cookie_secret hcaptcha_secret = var.hcaptcha_secret supabase_jwt_secret = var.supabase_jwt_secret + redis_host = var.redis_host + redis_port = var.redis_port + redis_password = var.redis_password } data "aws_ecr_repository" "repository" { name = "cloud-auth-api" } + +module "redis_global" { + source = "./redis" + + redis_name = "cloud-auth-redis" + app_name = "${terraform.workspace}_redis_${local.app_name}" + vpc_id = module.eu-central-1.vpc_id + node_type = var.redis_node_type + global = true + + private_subnet_ids = module.eu-central-1.private_subnets + + allowed_ingress_cidr_blocks = tolist(toset([ + module.us-east-1.cidr_block, + module.eu-central-1.cidr_block, + module.ap-southeast-1.cidr_block + ])) +} \ No newline at end of file diff --git a/terraform/redis/main.tf b/terraform/redis/main.tf new file mode 100644 index 0000000..17a395d --- /dev/null +++ b/terraform/redis/main.tf @@ -0,0 +1,38 @@ +resource "aws_elasticache_cluster" "cache" { + cluster_id = replace("${var.app_name}-${var.redis_name}", "_", "-") + engine = "redis" + node_type = var.node_type + num_cache_nodes = 1 + parameter_group_name = "default.redis6.x" + engine_version = "6.x" + port = 6379 + subnet_group_name = aws_elasticache_subnet_group.private_subnets.name + security_group_ids = [ + aws_security_group.service_security_group.id + ] +} + +resource "aws_elasticache_subnet_group" "private_subnets" { + name = replace("${var.app_name}-${var.redis_name}-private-subnet-group", "_", "-") + subnet_ids = data.aws_subnets.private_subnets.ids +} + +# Allow only the app to access Redis +resource "aws_security_group" "service_security_group" { + name = "${var.app_name}-${var.redis_name}-redis-service-ingress" + description = "Allow ingress from the application" + vpc_id = var.vpc_id + ingress { + from_port = 6379 + to_port = 6379 + protocol = "TCP" + cidr_blocks = var.allowed_ingress_cidr_blocks + } + + egress { + from_port = 0 # Allowing any incoming port + to_port = 0 # Allowing any outgoing port + protocol = "-1" # Allowing any outgoing protocol + cidr_blocks = ["0.0.0.0/0"] # Allowing traffic out to all IP addresses + } +} diff --git a/terraform/redis/outputs.tf b/terraform/redis/outputs.tf new file mode 100644 index 0000000..bae2217 --- /dev/null +++ b/terraform/redis/outputs.tf @@ -0,0 +1,3 @@ +output "cluster_id" { + value = aws_elasticache_cluster.cache.cache_nodes.0.address +} diff --git a/terraform/redis/variables.tf b/terraform/redis/variables.tf new file mode 100644 index 0000000..e0095a3 --- /dev/null +++ b/terraform/redis/variables.tf @@ -0,0 +1,19 @@ +variable "redis_name" { + type = string +} + +variable "node_type" { + type = string +} + +variable "app_name" { + type = string +} + +variable "allowed_ingress_cidr_blocks" { + type = list(string) +} + +variable "vpc_id" { + type = string +} diff --git a/terraform/variables.tf b/terraform/variables.tf index 1ddcfc7..827ecfa 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -50,3 +50,16 @@ variable "supabase_jwt_secret" { type = string sensitive = true } + +variable "redis_host" { + type = string + sensitive = true +} +variable "redis_port" { + type = string + sensitive = true +} +variable "redis_password" { + type = string + sensitive = true +} From cfdb6aa56ce91e7034193535d01ac30ed374391e Mon Sep 17 00:00:00 2001 From: Cali <32299095+Cali93@users.noreply.github.com> Date: Fri, 7 Jul 2023 22:28:29 +0300 Subject: [PATCH 2/3] fix(missing-env-vars): add missing env vars (#13) --- .github/workflows/cd.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index f8079ce..1497f3f 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -60,6 +60,9 @@ jobs: TF_VAR_hcaptcha_secret: ${{ secrets.HCAPTCHA_SECRET }} TF_VAR_direct_url: ${{ secrets.DIRECT_URL }} TF_VAR_database_url: ${{ secrets.DATABASE_URL }} + TF_VAR_redis_host: ${{ secrets.REDIS_HOST }} + TF_VAR_redis_port: ${{ secrets.REDIS_PORT }} + TF_VAR_redis_password: ${{ secrets.REDIS_PASSWORD }} with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} From fd2e9b5eb497809d3880929ea21d41f8aaf6a08a Mon Sep 17 00:00:00 2001 From: Cali <32299095+Cali93@users.noreply.github.com> Date: Fri, 7 Jul 2023 23:28:49 +0300 Subject: [PATCH 3/3] fix(missing-env-vars): add missing env vars (#14) --- terraform/redis/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/redis/main.tf b/terraform/redis/main.tf index 17a395d..6274bd7 100644 --- a/terraform/redis/main.tf +++ b/terraform/redis/main.tf @@ -1,7 +1,7 @@ resource "aws_elasticache_cluster" "cache" { cluster_id = replace("${var.app_name}-${var.redis_name}", "_", "-") engine = "redis" - node_type = var.node_type + node_type = "cache.t2.micro" num_cache_nodes = 1 parameter_group_name = "default.redis6.x" engine_version = "6.x"