YAPP-Github · comforest · Jan 11, 2026 · Jan 4, 2026 · Jan 4, 2026 · Jan 4, 2026
@@ -0,0 +1,103 @@
+resource "aws_security_group" "nomoney_alb_sg" {
+  name        = format("%s-nomoney-alb-sg", var.environment)
+  description = "Security group for Application Load Balancer"
+  vpc_id      = var.vpc_id
+
+  ingress {
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+    description = "Allow HTTP"
+  }
+
+  ingress {
+    from_port   = 443
+    to_port     = 443
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+    description = "Allow HTTPS"
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+    description = "Allow all outbound traffic"
+  }
+
+  tags = {
+    Environment = var.environment
+  }
+}
+
+resource "aws_lb" "nomoney_alb" {
+  name               = format("%s-nomoney-alb", var.environment)
+  internal           = false
+  load_balancer_type = "application"
+  security_groups    = [aws_security_group.nomoney_alb_sg.id]
+  subnets = var.public_subnet_ids
+
+  enable_deletion_protection = false
+  enable_http2               = true
+
+  tags = {
+    Environment = var.environment
+  }
+}
+resource "aws_lb_target_group" "nomoney_tg" {
+  name        = format("%s-nomoney-tg", var.environment)
+  port        = 8080
+  protocol    = "HTTP"
+  vpc_id      = var.vpc_id
+  target_type = "instance"
+
+  health_check {
+    enabled             = true
+    healthy_threshold   = 2
+    unhealthy_threshold = 2
+    timeout             = 5
+    interval            = 30
+    path                = "/ping"
+    protocol            = "HTTP"
+    matcher             = "200"
+  }
+
+  deregistration_delay = 30
+
+  tags = {
+    Environment = var.environment
+  }
+}
+
+resource "aws_lb_listener" "nomoney_http" {
+  load_balancer_arn = aws_lb.nomoney_alb.arn
+  port              = "80"
+  protocol          = "HTTP"
+
+  default_action {
+    type = var.environment == "prod" ? "redirect" : "forward"
+
+    # Redirect to HTTPS for Production
+    dynamic "redirect" {
+      for_each = var.environment == "prod" ? [1] : []
+      content {
+        port        = "443"
+        protocol    = "HTTPS"
+        status_code = "HTTP_301"
+      }
+    }
+
+    # Forward to target group for non-Production
+    target_group_arn = var.environment != "prod" ? aws_lb_target_group.nomoney_tg.arn : null
+  }
+
+  tags = {
+    Environment = var.environment
+  }
+
+  lifecycle {
+    ignore_changes = [default_action]
+  }
+}
@@ -3,17 +3,26 @@ resource "aws_autoscaling_group" "platform_ec2_asg" {
   vpc_zone_identifier = var.public_subnet_ids
 
   min_size         = 1
-  max_size         = 1
+  max_size         = 2
   desired_capacity = 1
 
   health_check_type         = "EC2"
   health_check_grace_period = 240
 
+  protect_from_scale_in = false
+
   launch_template {
     id      = aws_launch_template.platform_ec2_launch_template.id
     version = "$Latest"
   }
 
+  instance_refresh {
+    strategy = "Rolling"
+    preferences {
+      min_healthy_percentage = 50
+    }
+  }
+
   tag {
     key                 = "Name"
     value               = "${var.environment}-platform-ec2-instance"
@@ -25,4 +34,4 @@ resource "aws_autoscaling_group" "platform_ec2_asg" {
     value               = var.environment
     propagate_at_launch = true
   }
-}
+}
@@ -1,27 +1,31 @@
-resource "aws_ecs_capacity_provider" "ecs_cluster_ec2_cp" {
-  name = "${var.environment}-ecs-cluster-ec2-cp"
+resource "aws_ecs_capacity_provider" "ecs_cluster_ec2_capacity_provider" {
+  name = "${var.environment}-ecs-cluster-ec2-capacity_provider"
 
   auto_scaling_group_provider {
     auto_scaling_group_arn = aws_autoscaling_group.platform_ec2_asg.arn
 
     managed_scaling {
-      status                    = "DISABLED"
+      status                    = "ENABLED"
       target_capacity           = 100
       minimum_scaling_step_size = 1
-      maximum_scaling_step_size = 1
+      maximum_scaling_step_size = 2
     }
 
     managed_termination_protection = "DISABLED"
   }
+
+  lifecycle {
+    create_before_destroy = true
+  }
 }
 
-resource "aws_ecs_cluster_capacity_providers" "ecs_cluster_default_cp" {
+resource "aws_ecs_cluster_capacity_providers" "ecs_cluster_default_capacity_provider" {
   cluster_name       = aws_ecs_cluster.platform_ecs_cluster.name
-  capacity_providers = [aws_ecs_capacity_provider.ecs_cluster_ec2_cp.name]
+  capacity_providers = [aws_ecs_capacity_provider.ecs_cluster_ec2_capacity_provider.name]
 
   default_capacity_provider_strategy {
-    capacity_provider = aws_ecs_capacity_provider.ecs_cluster_ec2_cp.name
+    capacity_provider = aws_ecs_capacity_provider.ecs_cluster_ec2_capacity_provider.name
     weight            = 1
     base              = 1
   }
-}
+}
@@ -3,6 +3,15 @@ resource "aws_security_group" "ecs_instance_sg" {
   description = "Security group for ECS EC2 instances (shared runtime)"
   vpc_id      = var.vpc_id
 
+  # Allow all traffic from ALB
+  ingress {
+    from_port       = 0
+    to_port         = 65535
+    protocol        = "tcp"
+    security_groups = [aws_security_group.nomoney_alb_sg.id]
+    description     = "Allow traffic from ALB"
+  }
+
   # Outbound: 기본 허용
   egress {
     from_port   = 0
@@ -32,4 +41,4 @@ resource "aws_security_group_rule" "app_ingress" {
   to_port           = var.container_port
   protocol          = "tcp"
   cidr_blocks       = [each.value]
-}
+}
@@ -14,17 +14,23 @@ resource "aws_ecs_service" "nomoney_api" {
     ]
   }
 
+  load_balancer {
+    target_group_arn = aws_lb_target_group.nomoney_tg.arn
+    container_name   = "app"
+    container_port   = 8080
+  }
+
   health_check_grace_period_seconds = 300
 
   capacity_provider_strategy {
-    capacity_provider = aws_ecs_capacity_provider.ecs_cluster_ec2_cp.name
+    capacity_provider = aws_ecs_capacity_provider.ecs_cluster_ec2_capacity_provider.name
     weight            = 1
   }
 
   deployment_minimum_healthy_percent = 100
   deployment_maximum_percent         = 200
 
   depends_on = [
-    aws_ecs_cluster_capacity_providers.ecs_cluster_default_cp
+    aws_ecs_cluster_capacity_providers.ecs_cluster_default_capacity_provider
   ]
-}
+}