Sage-Bionetworks-IT · zaro0508 · Oct 21, 2025 · Oct 20, 2025 · Oct 20, 2025 · Oct 20, 2025
diff --git a/app.py b/app.py
@@ -16,7 +16,6 @@
         environment_variables = {
             "VPC_CIDR": "10.254.174.0/24",
             "FQDN": "prod.mydomain.io",
-            "CERTIFICATE_ARN": "arn:aws:acm:us-east-1:XXXXXXXXX:certificate/69b3ba97-b382-4648-8f94-a250b77b4994",
             "TAGS": {"CostCenter": "NO PROGRAM / 000000"},
         }
     case "stage":
@@ -93,7 +92,6 @@
     cluster=ecs_stack.cluster,
     props=app_props,
     load_balancer=load_balancer_stack.alb,
-    certificate_arn=environment_variables["CERTIFICATE_ARN"],
 )
 app_stack.add_dependency(app_stack)
 

diff --git a/src/service_stack.py b/src/service_stack.py
@@ -222,60 +222,84 @@ def __init__(
         cluster: ecs.Cluster,
         props: ServiceProps,
         load_balancer: elbv2.ApplicationLoadBalancer,
-        certificate_arn: str,
+        certificate_arn: str = None,
         health_check_path: str = "/",
         health_check_interval: int = 1,  # max is 5
+        enable_https: bool = False,
         **kwargs,
     ) -> None:
         super().__init__(scope, construct_id, vpc, cluster, props, **kwargs)
 
-        # -------------------
-        # ACM Certificate for HTTPS
-        # -------------------
-        self.cert = acm.Certificate.from_certificate_arn(
-            self, "Cert", certificate_arn=certificate_arn
-        )
+        if enable_https and certificate_arn:
+            # -------------------
+            # ACM Certificate for HTTPS
+            # -------------------
+            self.cert = acm.Certificate.from_certificate_arn(
+                self, "Cert", certificate_arn=certificate_arn
+            )
 
-        # -------------------------------
-        # Setup https
-        # -------------------------------
-        https_listener = elbv2.ApplicationListener(
-            self,
-            "HttpsListener",
-            load_balancer=load_balancer,
-            port=ALB_HTTPS_LISTENER_PORT,
-            open=True,
-            protocol=elbv2.ApplicationProtocol.HTTPS,
-            certificates=[self.cert],
-        )
+            # -------------------------------
+            # Setup https
+            # -------------------------------
+            https_listener = elbv2.ApplicationListener(
+                self,
+                "HttpsListener",
+                load_balancer=load_balancer,
+                port=ALB_HTTPS_LISTENER_PORT,
+                open=True,
+                protocol=elbv2.ApplicationProtocol.HTTPS,
+                certificates=[self.cert],
+            )
 
-        https_listener.add_targets(
-            "HttpsTarget",
-            port=props.container_port,
-            protocol=elbv2.ApplicationProtocol.HTTP,
-            targets=[self.service],
-            health_check=elbv2.HealthCheck(
-                path=health_check_path, interval=duration.minutes(health_check_interval)
-            ),
-        )
+            https_listener.add_targets(
+                "HttpsTarget",
+                port=props.container_port,
+                protocol=elbv2.ApplicationProtocol.HTTP,
+                targets=[self.service],
+                health_check=elbv2.HealthCheck(
+                    path=health_check_path,
+                    interval=duration.minutes(health_check_interval),
+                ),
+            )
 
-        # -------------------------------
-        # redirect http to https
-        # -------------------------------
-        http_listener = elbv2.ApplicationListener(
-            self,
-            "HttpListener",
-            load_balancer=load_balancer,
-            port=ALB_HTTP_LISTENER_PORT,
-            open=True,
-            protocol=elbv2.ApplicationProtocol.HTTP,
-        )
+            # -------------------------------
+            # redirect http to https
+            # -------------------------------
+            http_listener = elbv2.ApplicationListener(
+                self,
+                "HttpListener",
+                load_balancer=load_balancer,
+                port=ALB_HTTP_LISTENER_PORT,
+                open=True,
+                protocol=elbv2.ApplicationProtocol.HTTP,
+            )
 
-        http_listener.add_action(
-            "HttpRedirect",
-            action=elbv2.ListenerAction.redirect(
-                port=str(ALB_HTTPS_LISTENER_PORT),
-                protocol=(elbv2.ApplicationProtocol.HTTPS).value,
-                permanent=True,
-            ),
-        )
+            http_listener.add_action(
+                "HttpRedirect",
+                action=elbv2.ListenerAction.redirect(
+                    port=str(ALB_HTTPS_LISTENER_PORT),
+                    protocol=(elbv2.ApplicationProtocol.HTTPS).value,
+                    permanent=True,
+                ),
+            )
+        else:
+            # Only HTTP listener, no HTTPS
+            http_listener = elbv2.ApplicationListener(
+                self,
+                "HttpListener",
+                load_balancer=load_balancer,
+                port=ALB_HTTP_LISTENER_PORT,
+                open=True,
+                protocol=elbv2.ApplicationProtocol.HTTP,
+            )
+
+            http_listener.add_targets(
+                "HttpTarget",
+                port=props.container_port,
+                protocol=elbv2.ApplicationProtocol.HTTP,
+                targets=[self.service],
+                health_check=elbv2.HealthCheck(
+                    path=health_check_path,
+                    interval=duration.minutes(health_check_interval),
+                ),
+            )