merge with latest

Author: zaro0508

app.py

@@ -7,7 +7,6 @@
 from src.service_stack import LoadBalancedServiceStack
 from src.utils import load_context_config
 
-
 cdk_app = cdk.App()
 env_name = cdk_app.node.try_get_context("env") or "dev"
 config = load_context_config(env_name=env_name)

src/service_stack.py

@@ -222,60 +222,89 @@ def __init__(
         cluster: ecs.Cluster,
         props: ServiceProps,
         load_balancer: elbv2.ApplicationLoadBalancer,
-        certificate_arn: str,
+        certificate_arn: str = None,
         health_check_path: str = "/",
         health_check_interval: int = 1,  # max is 5
+        enable_https: bool = False,
         **kwargs,
     ) -> None:
         super().__init__(scope, construct_id, vpc, cluster, props, **kwargs)
 
-        # -------------------
-        # ACM Certificate for HTTPS
-        # -------------------
-        self.cert = acm.Certificate.from_certificate_arn(
-            self, "Cert", certificate_arn=certificate_arn
-        )
+        if enable_https and not certificate_arn:
+            raise ValueError(
+                "enable_https is True but certificate_arn is None. "
+                "Please provide a valid certificate ARN to enable HTTPS."
+            )
+        if enable_https and certificate_arn:
+            # -------------------
+            # ACM Certificate for HTTPS
+            # -------------------
+            self.cert = acm.Certificate.from_certificate_arn(
+                self, "Cert", certificate_arn=certificate_arn
+            )
 
-        # -------------------------------
-        # Setup https
-        # -------------------------------
-        https_listener = elbv2.ApplicationListener(
-            self,
-            "HttpsListener",
-            load_balancer=load_balancer,
-            port=ALB_HTTPS_LISTENER_PORT,
-            open=True,
-            protocol=elbv2.ApplicationProtocol.HTTPS,
-            certificates=[self.cert],
-        )
+            # -------------------------------
+            # Setup https
+            # -------------------------------
+            https_listener = elbv2.ApplicationListener(
+                self,
+                "HttpsListener",
+                load_balancer=load_balancer,
+                port=ALB_HTTPS_LISTENER_PORT,
+                open=True,
+                protocol=elbv2.ApplicationProtocol.HTTPS,
+                certificates=[self.cert],
+            )
 
-        https_listener.add_targets(
-            "HttpsTarget",
-            port=props.container_port,
-            protocol=elbv2.ApplicationProtocol.HTTP,
-            targets=[self.service],
-            health_check=elbv2.HealthCheck(
-                path=health_check_path, interval=duration.minutes(health_check_interval)
-            ),
-        )
+            https_listener.add_targets(
+                "HttpsTarget",
+                port=props.container_port,
+                protocol=elbv2.ApplicationProtocol.HTTP,
+                targets=[self.service],
+                health_check=elbv2.HealthCheck(
+                    path=health_check_path,
+                    interval=duration.minutes(health_check_interval),
+                ),
+            )
 
-        # -------------------------------
-        # redirect http to https
-        # -------------------------------
-        http_listener = elbv2.ApplicationListener(
-            self,
-            "HttpListener",
-            load_balancer=load_balancer,
-            port=ALB_HTTP_LISTENER_PORT,
-            open=True,
-            protocol=elbv2.ApplicationProtocol.HTTP,
-        )
+            # -------------------------------
+            # redirect http to https
+            # -------------------------------
+            http_listener = elbv2.ApplicationListener(
+                self,
+                "HttpListener",
+                load_balancer=load_balancer,
+                port=ALB_HTTP_LISTENER_PORT,
+                open=True,
+                protocol=elbv2.ApplicationProtocol.HTTP,
+            )
 
-        http_listener.add_action(
-            "HttpRedirect",
-            action=elbv2.ListenerAction.redirect(
-                port=str(ALB_HTTPS_LISTENER_PORT),
-                protocol=(elbv2.ApplicationProtocol.HTTPS).value,
-                permanent=True,
-            ),
-        )
+            http_listener.add_action(
+                "HttpRedirect",
+                action=elbv2.ListenerAction.redirect(
+                    port=str(ALB_HTTPS_LISTENER_PORT),
+                    protocol=(elbv2.ApplicationProtocol.HTTPS).value,
+                    permanent=True,
+                ),
+            )
+        else:
+            # Only HTTP listener, no HTTPS
+            http_listener = elbv2.ApplicationListener(
+                self,
+                "HttpListener",
+                load_balancer=load_balancer,
+                port=ALB_HTTP_LISTENER_PORT,
+                open=True,
+                protocol=elbv2.ApplicationProtocol.HTTP,
+            )
+
+            http_listener.add_targets(
+                "HttpTarget",
+                port=props.container_port,
+                protocol=elbv2.ApplicationProtocol.HTTP,
+                targets=[self.service],
+                health_check=elbv2.HealthCheck(
+                    path=health_check_path,
+                    interval=duration.minutes(health_check_interval),
+                ),
+            )