Added self signed certificates, fullnode and validator instance types

main.tf

@@ -135,6 +135,8 @@ module "asg" {
   load_balancers = {
     for k, v in module.alb.lb_arns : v => var.lb_config[k]
   }
+  validator_instance_type = var.validator_instance_type
+  fullnode_instance_type  = var.fullnode_instance_type
 }
 
 module "dlm" {

modules/alb/main.tf

@@ -27,14 +27,42 @@ resource "aws_lb_listener" "ext_rpc" {
   }
 }
 
-# resource "aws_lb_listener" "ext_rpc_secure" {
-#   for_each          = var.names
-#   load_balancer_arn = aws_lb.ext_rpc[each.key].arn
-#   port              = 443
-#   protocol          = "HTTPS"
-#   certificate_arn   = var.certificate_arn
-#   default_action {
-#     type             = "forward"
-#     target_group_arn = aws_lb_target_group.ext_rpc.arn
-#   }
-# }
+resource "aws_lb_listener" "ext_rpc_secure" {
+  for_each          = var.names
+  load_balancer_arn = aws_lb.ext_rpc[each.key].arn
+  port              = 443
+  protocol          = "HTTPS"
+  certificate_arn   = aws_acm_certificate.cert[each.key].arn
+  default_action {
+    type             = "forward"
+    target_group_arn = aws_lb_target_group.ext_rpc[each.key].arn
+  }
+}
+
+resource "tls_private_key" "ext_rpc" {
+  for_each  = var.names
+  algorithm = "RSA"
+}
+
+resource "tls_self_signed_cert" "ext_rpc" {
+  for_each        = var.names
+  private_key_pem = tls_private_key.ext_rpc[each.key].private_key_pem
+
+  subject {
+    common_name  = aws_lb.ext_rpc[each.value].dns_name
+    organization = "Ethernal"
+  }
+
+  validity_period_hours = 300
+
+  allowed_uses = [
+    "key_encipherment",
+    "digital_signature",
+    "server_auth",
+  ]
+}
+resource "aws_acm_certificate" "cert" {
+  for_each         = var.names
+  private_key      = tls_private_key.ext_rpc[each.key].private_key_pem
+  certificate_body = tls_self_signed_cert.ext_rpc[each.key].cert_pem
+}

modules/asg/fullnode.tf

@@ -5,7 +5,7 @@ locals {
 resource "aws_launch_template" "fullnode" {
   count         = var.fullnode_count
   name_prefix   = "fullnode-${var.base_dn}"
-  instance_type = var.base_instance_type
+  instance_type = var.fullnode_instance_type
   key_name      = aws_key_pair.devnet.key_name
   image_id      = data.aws_ami.base_ami.id
 

modules/asg/main.tf

@@ -22,7 +22,7 @@ data "aws_ami" "base_ami" {
 resource "aws_launch_template" "validator" {
   count         = var.validator_count
   name_prefix   = "validator-${var.base_dn}"
-  instance_type = var.base_instance_type
+  instance_type = var.validator_instance_type
   key_name      = aws_key_pair.devnet.key_name
   image_id      = data.aws_ami.base_ami.id
 

modules/asg/variables.tf

@@ -6,6 +6,15 @@ variable "base_instance_type" {
   description = "The type of instance that we're going to use"
   type        = string
 }
+
+variable "validator_instance_type" {
+  description = "The type of instance that we're going to use"
+  type        = string
+}
+variable "fullnode_instance_type" {
+  description = "The type of instance that we're going to use"
+  type        = string
+}
 variable "fullnode_count" {
   description = "The number of full nodes that we're going to deploy"
   type        = number

variables.tf

@@ -224,3 +224,14 @@ variable "secret_access_key" {
   sensitive = false
 
 }
+
+variable "validator_instance_type" {
+  description = "The type of instance that we're going to use"
+  type        = string
+  default     = "c6a.2xlarge"
+}
+variable "fullnode_instance_type" {
+  description = "The type of instance that we're going to use"
+  type        = string
+  default     = "c6a.2xlarge"
+}