From bdc848f88f733cd3caaf9a7a35e63ed636008203 Mon Sep 17 00:00:00 2001
From: Carlos Castro <carlos.castro@mongodb.com>
Date: Tue, 26 Nov 2024 10:13:37 +0000
Subject: [PATCH] add ssl certificate and listener;

---
 terraform/api.tf         | 14 ++++++++++++++
 terraform/certificate.tf | 17 +++++++++++++++++
 terraform/website.tf     | 15 +++++++++++++++
 3 files changed, 46 insertions(+)
 create mode 100644 terraform/certificate.tf

diff --git a/terraform/api.tf b/terraform/api.tf
index bde99bc..ace12b5 100644
--- a/terraform/api.tf
+++ b/terraform/api.tf
@@ -875,3 +875,17 @@ resource "aws_lb_listener" "leafsteroids_api" {
     type             = "forward"
   }
 }
+
+resource "aws_lb_listener" "leafsteroids_api_https" {
+  load_balancer_arn = aws_lb.leafsteroids_api.arn
+  port              = 443
+  protocol          = "HTTPS"
+  ssl_policy        = "ELBSecurityPolicy-2016-08"
+  certificate_arn   = aws_acm_certificate.leafsteroids.arn
+
+  tags = local.tags
+  default_action {
+    target_group_arn = aws_lb_target_group.leafsteroids_api.arn
+    type             = "forward"
+  }
+}
diff --git a/terraform/certificate.tf b/terraform/certificate.tf
new file mode 100644
index 0000000..3cfd5c9
--- /dev/null
+++ b/terraform/certificate.tf
@@ -0,0 +1,17 @@
+resource "aws_acm_certificate" "leafsteroids" {
+  certificate_authority_arn = null
+  domain_name               = "leafsteroids.net"
+  key_algorithm             = "RSA_2048"
+  subject_alternative_names = [
+    "api.leafsteroids.net",
+    "api.staging.leafsteroids.net",
+    "leafsteroids.net",
+    "staging.leafsteroids.net",
+  ]
+  tags              = local.tags
+  validation_method = "DNS"
+
+  options {
+    certificate_transparency_logging_preference = "ENABLED"
+  }
+}
diff --git a/terraform/website.tf b/terraform/website.tf
index d06f4d0..d5874d4 100644
--- a/terraform/website.tf
+++ b/terraform/website.tf
@@ -907,3 +907,18 @@ resource "aws_lb_listener" "leafsteroids_website" {
     type             = "forward"
   }
 }
+
+resource "aws_lb_listener" "leafsteroids_website_https" {
+  load_balancer_arn = aws_lb.leafsteroids_website.arn
+  port              = 443
+  protocol          = "HTTPS"
+  ssl_policy        = "ELBSecurityPolicy-2016-08"
+  certificate_arn   = aws_acm_certificate.leafsteroids.arn
+
+  tags = local.tags
+  default_action {
+    target_group_arn = aws_lb_target_group.leafsteroids_website.arn
+    type             = "forward"
+  }
+}
+