atp-indexer: single-instance stack (collapse ECS+Aurora+ALB onto one box)#87
Open
ludamad wants to merge 6 commits into
Open
atp-indexer: single-instance stack (collapse ECS+Aurora+ALB onto one box)#87ludamad wants to merge 6 commits into
ludamad wants to merge 6 commits into
Conversation
…ddy/CloudFront-front) Collapses the atp-indexer's ECS+Aurora+ALB onto one EC2 box running THIS repo's atp-indexer image (it indexes ATP_FACTORY_MATP/LATP etc. that ignition's does not -> not interchangeable) against a local Postgres, fronted by Caddy: Caddy-direct (Let's Encrypt) for testnet, or CloudFront-front (ACM + secret-header gate, http-only origin) for prod. Frontend stays on S3+CloudFront. Mirrors the ignition single-instance pattern (repos are decoupled; intentional duplication). Additive, own Terraform state; cutover documented in README. terraform validate passes; not applied. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…output, cutover docs Review workflow findings: - BLOCKER: empty default cloudfront_secret_header_value + Caddy always enforcing the header in CF mode would lock out all requests. Add a precondition requiring it non-empty when si_front_with_cloudfront=true; clarify the variable description. - Add mutual-exclusion precondition (si_create_dns_records XOR si_front_with_cloudfront). - HIGH: add cf_domain_name output (alias) so the frontend's remote-state read keeps working at cutover without an output rename. - Docs: README cutover now spells out the data.tf state-key swap + output name; env-var docs point at the full app.tf indexer_env_vars set (required vs tuning). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…refix list in CF mode Same defense-in-depth as ignition: CF mode locks 80/443 to the CloudFront origin-facing managed prefix list; Caddy-direct unchanged. SSM (egress) still works. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- BLOCKER: cf_domain_name output now defined in BOTH modes (was CF-only) -> testnet cutover
no longer fails on a missing output; returns the indexer hostname in Caddy-direct mode.
- Remove superfluous API_PORT from the indexer container ('yarn start' serves the API on
PORT; API_PORT is only for the separate 'yarn serve' which the box doesn't run).
- README cutover: clarify cf_domain_name in both modes + add the required frontend
rebuild/redeploy step (indexer URL is baked at build time).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…AF from shared state Read the CloudFront secret (SSM) and CLOUDFRONT-scoped WAF from the shared ignition-infrastructure state — the same ones the existing atp-indexer CloudFront uses — so a prod CF-front deploy needs no manual secret/WAF inputs and matches the current posture. The cloudfront_secret_header_value / si_cf_web_acl_arn vars remain as overrides; env_parent added for the shared-state key. Precondition + Caddy gate now check the resolved secret. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
… CloudFront mode Add a precondition: when si_front_with_cloudfront=true the resolved CLOUDFRONT-scoped WAF must be non-null (else a silent no-WAF CloudFront would defeat the security model). Points at the shared backend_waf_arn / si_cf_web_acl_arn override. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Adds a self-contained
atp-indexer/single-instance/Terraform stack that collapses the atp-indexer's per-env ECS + Aurora + ALB onto one EC2 box running this repo's atp-indexer image against a local Postgres, fronted by Caddy (Caddy-direct TLS for testnet, CloudFront-front for prod). Mirrors the ignition-monorepo single-instance pattern.Why this shape (investigated, not assumed)
ATP_FACTORY_MATP/LATPand has the zombie/withdrawing provider features (schema 478 vs 425 lines, actively maintained). They are not interchangeable — so each repo runs its own indexer code (own box), rather than sharing ignition's box.indexer.*.stake.aztec.networkalias is commented out in both; each frontend points at its own atp-indexer's raw CloudFront domain via remote state. Only ignition's shared infra state (WAF/secret/logs) is shared.Contents
single-instance.tf— EC2 + EIP + persistent gp3/dataEBS + IAM (SSM/ECR) + SG +user_data.templates/—docker-compose.yml.tftpl(atp-indexer + local-postgres + caddy),Caddyfile.tftpl(both modes),user_data.sh.tftpl.single-instance-cloudfront.tf— gated prod CloudFront-front (ACM us-east-1, http-only origin viaatp-si-origin.<env>→ EIP, secret-header gate).README.md— deploy + cutover steps (repoint frontend indexer URL, then tear down old ECS/Aurora/ALB after parity; snapshot Aurora first).Status / safety
terraform validatepasses; Caddyfile rendering verified both modes (same template as ignition's, which was rendered-checked).atp-indexer/terraformstack. Not applied. Prod is a separate account; review +terraform planthere before applying.app.tf.🤖 Generated with Claude Code