fix: hardcoded sensitive env vars (#6)

Author: g-otn

main.tf

@@ -10,7 +10,7 @@ resource "aws_ecs_task_definition" "this" {
   cpu                      = 256
   memory                   = 512
   requires_compatibilities = ["FARGATE"]
-  container_definitions    = jsonencode(
+  container_definitions = jsonencode(
     [
       {
         name : "soat-ecs-cluster-task",
@@ -51,12 +51,12 @@ resource "aws_ecs_task_definition" "this" {
           options : {
             awslogs-create-group : "true",
             awslogs-group : "awslogs-backend",
-            awslogs-region : "us-east-2",
+            awslogs-region : var.aws_region,
             awslogs-stream-prefix : "awslogs-backend"
           }
         },
       }
-    ])
+  ])
 
   runtime_platform {
     cpu_architecture        = "X86_64"
@@ -65,13 +65,13 @@ resource "aws_ecs_task_definition" "this" {
 }
 
 resource "aws_ecs_service" "this" {
-  name                 = "soat-ecs-service"
-  cluster              = aws_ecs_cluster.this.id
-  task_definition      = aws_ecs_task_definition.this.arn
-  desired_count        = 1
-  launch_type          = "FARGATE"
-  scheduling_strategy  = "REPLICA"
-  force_new_deployment = true
+  name                              = "soat-ecs-service"
+  cluster                           = aws_ecs_cluster.this.id
+  task_definition                   = aws_ecs_task_definition.this.arn
+  desired_count                     = 1
+  launch_type                       = "FARGATE"
+  scheduling_strategy               = "REPLICA"
+  force_new_deployment              = true
   health_check_grace_period_seconds = 600
 
   network_configuration {
@@ -82,7 +82,7 @@ resource "aws_ecs_service" "this" {
 
   load_balancer {
     container_name   = "soat-ecs-cluster-task"
-    container_port   = var.port
+    container_port   = var.ecs_service_lb_container_port
     target_group_arn = data.aws_alb_target_group.tg_alb.arn
   }
 }

providers.tf

@@ -0,0 +1,13 @@
+provider "aws" {
+  region = var.aws_region
+
+  access_key = var.aws_access_key
+  secret_key = var.aws_secret_key
+
+  default_tags {
+    tags = {
+      Organization = "soat-tech-challenge"
+      Workspace    = "database-staging"
+    }
+  }
+}

terraform.tfvars.example

@@ -1,40 +1,39 @@
 variable "aws_region" {
-  description = "Região AWS onde criar a instância RDS"
+  description = "AWS Region to create resources on"
   type        = string
   default     = "us-east-2"
 }
 
-variable "port" {
-  description = "Port"
+variable "aws_access_key" {
+  description = "AWS Access Key"
+  type        = string
+}
+
+variable "aws_secret_key" {
+  description = "AWS Secret Key"
   type        = string
 }
 
 variable "ecs_container_db_username" {
-  default = "postgres"
-  type    = string
+  type = string
 }
 
 variable "ecs_container_db_password" {
-  default = "postgres"
-  type    = string
+  type = string
 }
 
 variable "ecs_container_db_name" {
-  default = "backend"
+  default = "backend_db"
   type    = string
 }
 
+variable "ecs_service_lb_container_port" {
+  description = "ECS Service load balancing container port"
+  type        = number
+  default     = 8080
+}
+
 variable "ecs_container_jwt_public_key" {
   default = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqStd8n4SGNM0eZhV/hzU+urHA5/IMZPoP9YQ9ZcLKWiX33nI6bSuZMCrLZcJExf63xS+uxDpGxM8Mnk2zOdl+lPwANXLzP1us5P1PyA3YPycW9J7C5YTQW0GiEL3M93ZX7vMJiVoBYblP3JPlYnoYlBORuc0JPk33KtfEZP+78qXpPHM8imYrJLe8ceiDLLFDU/nh5KC2dWAy3ci1ahoJ1Q9ELhp3IZLvOTX57H/T2VKOYOya5+ST41h+JjzI+qGTVnLcKaW+k25YLlVnkSspvdx98+yQDi7kbOTS6yRZHUPD6wPk/nUozpD0nZKccoH4W+zMwmQVtsAA6JCA9gfGwIDAQAB"
   type    = string
 }
-
-variable "aws_access_key" {
-  description = "AWS Access Key"
-  type        = string
-}
-
-variable "aws_secret_key" {
-  description = "AWS Secret Key"
-  type        = string
-}

variables.tf

@@ -16,9 +16,3 @@ terraform {
     }
   }
 }
-
-provider "aws" {
-  region     = var.aws_region
-  access_key = var.aws_access_key
-  secret_key = var.aws_secret_key
-}