Merge branch 'main' into DEV-2047-active-campaign-integration-with-st…

…rapi

.github/workflows/deploy_ac_sync_lambda.yaml

@@ -30,6 +30,9 @@ jobs:
         uses: actions/setup-node@v3
         with:
           node-version: '20.x'
+
+      - name: Install dependencies
+        run: npm install
 
       - name: Build
         working-directory: packages/active-campaign-client

apps/chatbot/package.json

@@ -3,6 +3,5 @@
   "version": "4.0.0",
   "private": true,
   "scripts": {
-    "test": "./docker/docker-compose-run-tests.sh"
   }
 }

apps/infrastructure/CHANGELOG.md

@@ -1,5 +1,17 @@
 # infrastructure
 
+## 1.4.0
+
+### Minor Changes
+
+- e1f67d6: Implemented active campaign syncer infrastructure
+- e623940: Langfuse infrastructure implemented
+
+### Patch Changes
+
+- bbe33fc: Fix img_src CSP directive to see also in Dev the images inserted using production's CMS
+- 94ca22c: Added permissions to deploy the ac sync lambdas via GH actions
+
 ## 1.3.0
 
 ### Minor Changes

apps/infrastructure/package.json

@@ -1,5 +1,5 @@
 {
   "name": "infrastructure",
-  "version": "1.3.0",
+  "version": "1.4.0",
   "private": true
 }

apps/infrastructure/src/main.tf

@@ -128,6 +128,7 @@ module "chatbot" {
   security_groups         = module.cms.security_groups
   dns_domain_name         = var.dns_domain_name
   ecs_redis               = var.chatbot_ecs_redis
+  ecs_monitoring          = var.chatbot_ecs_monitoring
 }
 
 module "cicd" {

apps/infrastructure/src/modules/chatbot/acm.tf

@@ -28,4 +28,18 @@ module "ssl_certificate_us_east_1" {
   wait_for_validation = false # https://github.com/terraform-aws-modules/terraform-aws-acm/blob/8d0b22f1f242a1b36e29b8cb38aaeac9b887500d/README.md?plain=1#L174
   validation_method   = "DNS"
   dns_ttl             = 3600
-}
+}
+
+module "internal_ssl_certificate" {
+  source      = "git::https://github.com/terraform-aws-modules/terraform-aws-acm.git?ref=8d0b22f1f242a1b36e29b8cb38aaeac9b887500d" # v5.0.0
+  domain_name = "dummy.${aws_route53_zone.chatbot_internal.name}"
+  zone_id     = var.dns_chatbot_hosted_zone.id
+
+  subject_alternative_names = [
+    "*.${aws_route53_zone.chatbot_internal.name}"
+  ]
+
+  wait_for_validation = false # https://github.com/terraform-aws-modules/terraform-aws-acm/blob/8d0b22f1f242a1b36e29b8cb38aaeac9b887500d/README.md?plain=1#L174
+  validation_method   = "DNS"
+  dns_ttl             = 3600
+}

apps/infrastructure/src/modules/chatbot/alb.tf

@@ -0,0 +1,178 @@
+## Application Load Balancer for Chatbot Monitoring tool
+module "monitoring_load_balancer" {
+  source = "git::https://github.com/terraform-aws-modules/terraform-aws-alb.git?ref=3e9c6cbaf4c1d858c3bbee6f086f0c8ef17522ab" # v9.6.0
+
+  name                  = "${local.prefix}-monitoring-alb"
+  vpc_id                = var.vpc.id
+  subnets               = var.vpc.public_subnets
+  security_groups       = [aws_security_group.monitoring_lb.id]
+  internal              = false
+  create_security_group = false
+  load_balancer_type    = "application"
+
+  listeners = {
+    front_end_http = {
+      port     = 80
+      protocol = "HTTP"
+      redirect = {
+        port        = "443"
+        protocol    = "HTTPS"
+        status_code = "HTTP_301"
+      }
+    }
+    front_end_https = {
+      port            = 443
+      protocol        = "HTTPS"
+      certificate_arn = module.ssl_certificate.acm_certificate_arn
+      forward = {
+        target_group_key = "monitoring-target-group"
+      }
+    }
+  }
+
+  target_groups = {
+    monitoring-target-group = {
+      name        = "monitoring-target-group"
+      protocol    = "HTTP"
+      port        = var.ecs_monitoring.port
+      target_type = "ip"
+      vpc_id      = var.vpc.id
+
+      health_check = {
+        healthy_threshold   = "3"
+        interval            = "30"
+        protocol            = "HTTP"
+        matcher             = "200"
+        timeout             = "3"
+        path                = "/api/public/ready"
+        unhealthy_threshold = "2"
+      }
+      create_attachment = false
+    }
+  }
+}
+
+### AWS Security Group ###
+# Traffic to the DB should only come from ECS
+# Traffic to the ECS cluster should only come from the ALB
+
+resource "aws_security_group" "monitoring_lb" {
+  name        = "${local.prefix}-monitoring-lb"
+  description = "Ingress - Load Balancer"
+  vpc_id      = var.vpc.id
+
+  ingress {
+    protocol    = "tcp"
+    from_port   = 80
+    to_port     = 80
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  ingress {
+    protocol    = "tcp"
+    from_port   = 443
+    to_port     = 443
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  # https://registry.terraform.io/providers/hashicorp/aws/5.35.0/docs/resources/security_group#recreating-a-security-group
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+## Application Load Balancer for Chatbot Monitoring tool internally
+module "internal_monitoring_load_balancer" {
+  source = "git::https://github.com/terraform-aws-modules/terraform-aws-alb.git?ref=3e9c6cbaf4c1d858c3bbee6f086f0c8ef17522ab" # v9.6.0
+
+  name                  = "${local.prefix}-int-monitoring-alb"
+  vpc_id                = var.vpc.id
+  subnets               = var.vpc.private_subnets
+  security_groups       = [aws_security_group.monitoring_lb.id]
+  internal              = true
+  create_security_group = false
+  load_balancer_type    = "application"
+
+  listeners = {
+    front_end_http = {
+      port     = 80
+      protocol = "HTTP"
+      redirect = {
+        port        = "443"
+        protocol    = "HTTPS"
+        status_code = "HTTP_301"
+      }
+    }
+    front_end_https = {
+      port            = 443
+      protocol        = "HTTPS"
+      certificate_arn = module.internal_ssl_certificate.acm_certificate_arn
+      forward = {
+        target_group_key = "internal-monitoring-target-group"
+      }
+    }
+  }
+
+  target_groups = {
+    internal-monitoring-target-group = {
+      name        = "internal-monitoring-target-group"
+      protocol    = "HTTP"
+      port        = var.ecs_monitoring.port
+      target_type = "ip"
+      vpc_id      = var.vpc.id
+
+      health_check = {
+        healthy_threshold   = "3"
+        interval            = "30"
+        protocol            = "HTTP"
+        matcher             = "200"
+        timeout             = "3"
+        path                = "/api/public/ready"
+        unhealthy_threshold = "2"
+      }
+      create_attachment = false
+    }
+  }
+}
+
+### AWS Security Group ###
+# Traffic to Langfuse comes only from the chatbot lambda
+
+resource "aws_security_group" "internal_monitoring_lb" {
+  name        = "${local.prefix}-internal-monitoring-lb"
+  description = "Ingress - Load Balancer"
+  vpc_id      = var.vpc.id
+
+  ingress {
+    protocol        = "tcp"
+    from_port       = 80
+    to_port         = 80
+    security_groups = [aws_security_group.lambda.id]
+  }
+
+  ingress {
+    protocol        = "tcp"
+    from_port       = 443
+    to_port         = 443
+    security_groups = [aws_security_group.lambda.id]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  # https://registry.terraform.io/providers/hashicorp/aws/5.35.0/docs/resources/security_group#recreating-a-security-group
+  lifecycle {
+    create_before_destroy = true
+  }
+}