Part of #33
Depends on: Refactor certificate-manager module, Create environments/prd/ configuration
Steps
- Run
cd environments/prd && terraform init
- Run
terraform plan and review the output. Expected new resources:
- VPC with
10.1.0.0/16 CIDR, subnets, NAT gateway, route tables
- Security groups (ALB, EC2, API Gateway VPC link, VPC endpoints)
- ALB (internal, private subnets)
- EC2 launch template (
g6.2xlarge) and ASG (min 1, max 1)
- API Gateway HTTP API with stage
v1, custom domain api.fieldsofthe.world
- VPC Link connecting API Gateway to ALB
- Lambda authorizer for CloudFront secret validation
- CloudFront distribution with WAF
- ACM certificates in us-east-1 and us-west-2 for
api.fieldsofthe.world
- Route53 zone for
api.fieldsofthe.world (will replace the dev-managed zone)
- DynamoDB tables:
prd-ftw-projects, prd-ftw-images, prd-ftw-inference-results
- SQS queues:
prd-ftw-task-queue, prd-ftw-task-dlq
- IAM roles and instance profile
- Run
terraform apply
- Verify the EC2 instance launches and the API starts (check via SSM Session Manager)
- Verify the CloudFront distribution is deployed and returns responses
Validation
terraform output shows expected values- CloudFront distribution status is "Deployed"
- API responds at the CloudFront domain (before DNS cutover, test via the CloudFront
.cloudfront.net URL)
- DynamoDB tables exist and are empty
- SQS queues exist
Part of #33
Depends on: Refactor certificate-manager module, Create environments/prd/ configuration
Steps
cd environments/prd && terraform initterraform planand review the output. Expected new resources:10.1.0.0/16CIDR, subnets, NAT gateway, route tablesg6.2xlarge) and ASG (min 1, max 1)v1, custom domainapi.fieldsofthe.worldapi.fieldsofthe.worldapi.fieldsofthe.world(will replace the dev-managed zone)prd-ftw-projects,prd-ftw-images,prd-ftw-inference-resultsprd-ftw-task-queue,prd-ftw-task-dlqterraform applyValidation
terraform outputshows expected values.cloudfront.netURL)