docs(infra): edit readme for infra and use default hotosm certs

Author: nischalstha9

scripts/aws/infra/develop/non-purgeable/cloudfront/terragrunt.hcl

@@ -21,7 +21,7 @@ inputs = {
   s3_bucket_name          = dependency.s3.outputs.bucket_name
   create_s3_bucket_policy = true
 
-  aliases = split(" ", get_env("CLOUDFRONT_DIST_ALIASES", "tm-ecs-frontend.naxa.com.np"))
+  aliases = split(" ", get_env("CLOUDFRONT_DIST_ALIASES", "tasks-dev.hotosm.org"))
 
   # CloudFront configuration
   enabled             = true
@@ -68,5 +68,5 @@ inputs = {
   # SSL/TLS configuration
   use_default_certificate = false
   # If use_default_certificate is false, provide these:
-  acm_certificate_arn = get_env("ACM_TLS_CERT_FRONTEND_ARN", "arn:aws:acm:us-east-1:685797548389:certificate/586132c9-5170-4cf9-85a0-68168e1387c4")
+  acm_certificate_arn = get_env("ACM_TLS_CERT_FRONTEND_ARN", "arn:aws:acm:us-east-1:670261699094:certificate/1d74321b-1e5b-4e31-b97a-580deb39c539")
 }

scripts/aws/infra/infra.env.example

@@ -1,12 +1,12 @@
+# ================ GHActions-START ================
 # Environment required for CICD pipeline. Env here is not used for app but rather Infra deployment via CI or manual run.
 
-# GHActions
-
-# ==== VARIABLES ====
-IMAGE_NAME=hotosm/tasking-manager-backend
-AWS_REGION=us-east-1
-
-# INFRA_TEAM=hotosm # optional if you want to override the team name
+# ==== VARIABLES-START ====
+# Env-Variables (Redundant per environment) START
+IMAGE_NAME=hotosm/tasking-manager-backend     # [optional] image name for CI
+FE_S3_BUCKET="your-s3-bucket-name"            # mandatory frontend bucket name for CI
+FE_CLOUDFRONT_DISTRIBUTION_ID = 'EXxxxxxxxxx' # your cloudfront distribution id for CI
+# Env-Variables (Redundant per environment) END
 
 # ==== VARIABLES-END ====
 
@@ -16,11 +16,12 @@ AWS_OIDC_ROLE_ARN=arn:aws:iam::123456789012:role/YOUR_ROLE_NAME
 PLAN_FILE_ENCRYPTION_SECRET=UNSAFESTRINGUSEDUSECUSTOMSECRETKEY
 # ==== SECRETS-END ====
 
-# Env-Variables (Redundant per environment)
-FE_S3_BUCKET="your-s3-bucket-name"            # frontend bucket name for ci
-FE_CLOUDFRONT_DISTRIBUTION_ID = 'EXxxxxxxxxx' #your cloudfront distribution id
-ACM_TLS_CERT_BACKEND_ARN=arn:aws:acm:EU-east-66:123456789:certificate/ARN_EXAMPLE
-ACM_TLS_CERT_FRONTEND_ARN=arn:aws:acm:EU-east-66:123456789:certificate/ARN_EXAMPLE
-# Env-Variables (Redundant per environment) END
+# ================ GHActions-END ================
 
-# GHActions-END
+# ================ INFRA-START ================
+# Environment here are for infra application via CI
+INFRA_TEAM=hotosm                                                                  # [optional] if you want to override the team name
+ACM_TLS_CERT_FRONTEND_ARN=arn:aws:acm:EU-east-66:123456789:certificate/ARN_EXAMPLE # [optional] ACM certificate for FRONTEND
+ACM_TLS_CERT_BACKEND_ARN=arn:aws:acm:EU-east-66:123456789:certificate/ARN_EXAMPLE  # [optional] ACM certificate for BACKEND
+CLOUDFRONT_DIST_ALIASES="tasks.example.com more.example.com more2.example.com"     # [optional] hostname for cloudfront. Your ACM should support it else fails.
+# ================ INFRA-END ================

scripts/aws/infra/staging/non-purgeable/cloudfront/terragrunt.hcl

@@ -21,7 +21,7 @@ inputs = {
   s3_bucket_name          = dependency.s3.outputs.bucket_name
   create_s3_bucket_policy = true
 
-  aliases = split(" ", get_env("CLOUDFRONT_DIST_ALIASES", "tm-ecs-frontend.naxa.com.np"))
+  aliases = split(" ", get_env("CLOUDFRONT_DIST_ALIASES", "tasks-stage.hotosm.org"))
 
   # CloudFront configuration
   enabled             = true
@@ -68,5 +68,5 @@ inputs = {
   # SSL/TLS configuration
   use_default_certificate = false
   # If use_default_certificate is false, provide these:
-  acm_certificate_arn = get_env("ACM_TLS_CERT_FRONTEND_ARN", "arn:aws:acm:us-east-1:685797548389:certificate/586132c9-5170-4cf9-85a0-68168e1387c4")
+  acm_certificate_arn = get_env("ACM_TLS_CERT_FRONTEND_ARN", "arn:aws:acm:us-east-1:670261699094:certificate/1d74321b-1e5b-4e31-b97a-580deb39c539")
 }