update with example of getting a cert to use

CDCgov · Nov 21, 2024 · 84d0ed4 · 84d0ed4
1 parent a3658a3
commit 84d0ed4
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 175 deletions.
diff --git a/terraform/implementation/ecs/SERVICEDATA.md b/terraform/implementation/ecs/SERVICEDATA.md
diff --git a/terraform/implementation/ecs/main.tf b/terraform/implementation/ecs/main.tf
@@ -1,3 +1,9 @@
+data "aws_acm_certificate" "this" {
+  domain   = "streamline.dibbs.cloud"
+  types = ["AMAZON_ISSUED"] # or ["ISSUED"] or ["PRIVATE"]
+  statuses = ["ISSUED"]
+}
+
 module "vpc" {
   source  = "terraform-aws-modules/vpc/aws"
   version = "5.16.0"
@@ -15,8 +21,9 @@ module "vpc" {
 }
 
 module "ecs" {
-  source  = "CDCgov/dibbs-ecr-viewer/aws"
-  version = "0.1.2"
+  # source  = "CDCgov/dibbs-ecr-viewer/aws"
+  # version = "0.1.2"
+  source = "../../../../terraform-aws-dibbs-ecr-viewer"
 
   public_subnet_ids  = flatten(module.vpc.public_subnets)
   private_subnet_ids = flatten(module.vpc.private_subnets)
@@ -31,13 +38,31 @@ module "ecs" {
   # If intent is to pull from the phdi GHCR, set disable_ecr to true (default is false)
   # disable_ecr = true
 
-  # If intent is to use the non-integrated viewer, set non_integrated_viewer to "true" (default is false)
-  # non_integrated_viewer = "true"
-
   # If the intent is to make the ecr-viewer availabble on the public internet, set internal to false (default is true)
   # This requires an internet gateway to be present in the VPC.
   internal = var.internal
 
+  # If the intent is to use a custom domain, set certificate_domain to the domain name (default is "")
+  certificate_arn = data.aws_acm_certificate.this.arn
+
   # If the intent is to disable authentication, set ecr_viewer_app_env to "test" (default is "prod")
   # ecr_viewer_app_env = "test"
+
+  # If intent is to use a metadata database for polutating the ecr-viewer library, setup the database data object to connect to the database (supported databases are postgres and sqlserver)
+  # Postgresql database example
+  # postgres_database_data = {
+  #   non_integrated_viewer = "true"
+  #   metadata_database_type = "postgres"
+  #   metadata_database_schema = "core" # (core or extended)
+  #   secrets_manager_postgres_database_url_arn = "arn:aws:secretsmanager:us-east-1:123456789012:secret:my-secret-1a2b3c"
+  # }
+  # SqlServer database example
+  # sqlserver_database_data = {
+  #   non_integrated_viewer = "true"
+  #   metadata_database_type = "sqlserver"
+  #   metadata_database_schema = "core" # (core or extended)
+  #   secrets_manager_sqlserver_user_arn = "arn:aws:secretsmanager:us-east-1:123456789012:secret:my-secret"
+  #   secrets_manager_sqlserver_password_arn = "arn:aws:secretsmanager:us-east-1:123456789012:secret:my-secret"
+  #   secrets_manager_sqlserver_host_arn = "arn:aws:secretsmanager:us-east-1:123456789012:secret:my-secret"
+  # }
 }