From ecfbf33aaec22e7d4dc1f2212f61df77bb24e613 Mon Sep 17 00:00:00 2001
From: visnja <milicamladjenovic95@gmail.com>
Date: Tue, 17 Dec 2024 09:50:12 +0100
Subject: [PATCH] Added self signed certificates, fullnode and validator
 instance types

---
 main.tf                  |  2 ++
 modules/alb/main.tf      | 50 +++++++++++++++++++++++++++++++---------
 modules/asg/fullnode.tf  |  2 +-
 modules/asg/main.tf      |  2 +-
 modules/asg/variables.tf |  9 ++++++++
 variables.tf             | 11 +++++++++
 6 files changed, 63 insertions(+), 13 deletions(-)

diff --git a/main.tf b/main.tf
index 07125d6..f6921a7 100644
--- a/main.tf
+++ b/main.tf
@@ -135,6 +135,8 @@ module "asg" {
   load_balancers = {
     for k, v in module.alb.lb_arns : v => var.lb_config[k]
   }
+  validator_instance_type = var.validator_instance_type
+  fullnode_instance_type  = var.fullnode_instance_type
 }
 
 module "dlm" {
diff --git a/modules/alb/main.tf b/modules/alb/main.tf
index a975918..956cd37 100644
--- a/modules/alb/main.tf
+++ b/modules/alb/main.tf
@@ -27,14 +27,42 @@ resource "aws_lb_listener" "ext_rpc" {
   }
 }
 
-# resource "aws_lb_listener" "ext_rpc_secure" {
-#   for_each          = var.names
-#   load_balancer_arn = aws_lb.ext_rpc[each.key].arn
-#   port              = 443
-#   protocol          = "HTTPS"
-#   certificate_arn   = var.certificate_arn
-#   default_action {
-#     type             = "forward"
-#     target_group_arn = aws_lb_target_group.ext_rpc.arn
-#   }
-# }
+resource "aws_lb_listener" "ext_rpc_secure" {
+  for_each          = var.names
+  load_balancer_arn = aws_lb.ext_rpc[each.key].arn
+  port              = 443
+  protocol          = "HTTPS"
+  certificate_arn   = aws_acm_certificate.cert[each.key].arn
+  default_action {
+    type             = "forward"
+    target_group_arn = aws_lb_target_group.ext_rpc[each.key].arn
+  }
+}
+
+resource "tls_private_key" "ext_rpc" {
+  for_each  = var.names
+  algorithm = "RSA"
+}
+
+resource "tls_self_signed_cert" "ext_rpc" {
+  for_each        = var.names
+  private_key_pem = tls_private_key.ext_rpc[each.key].private_key_pem
+
+  subject {
+    common_name  = aws_lb.ext_rpc[each.value].dns_name
+    organization = "Ethernal"
+  }
+
+  validity_period_hours = 300
+
+  allowed_uses = [
+    "key_encipherment",
+    "digital_signature",
+    "server_auth",
+  ]
+}
+resource "aws_acm_certificate" "cert" {
+  for_each         = var.names
+  private_key      = tls_private_key.ext_rpc[each.key].private_key_pem
+  certificate_body = tls_self_signed_cert.ext_rpc[each.key].cert_pem
+}
diff --git a/modules/asg/fullnode.tf b/modules/asg/fullnode.tf
index b6a4b59..ce22185 100644
--- a/modules/asg/fullnode.tf
+++ b/modules/asg/fullnode.tf
@@ -5,7 +5,7 @@ locals {
 resource "aws_launch_template" "fullnode" {
   count         = var.fullnode_count
   name_prefix   = "fullnode-${var.base_dn}"
-  instance_type = var.base_instance_type
+  instance_type = var.fullnode_instance_type
   key_name      = aws_key_pair.devnet.key_name
   image_id      = data.aws_ami.base_ami.id
 
diff --git a/modules/asg/main.tf b/modules/asg/main.tf
index 0079524..2f0f6d8 100644
--- a/modules/asg/main.tf
+++ b/modules/asg/main.tf
@@ -22,7 +22,7 @@ data "aws_ami" "base_ami" {
 resource "aws_launch_template" "validator" {
   count         = var.validator_count
   name_prefix   = "validator-${var.base_dn}"
-  instance_type = var.base_instance_type
+  instance_type = var.validator_instance_type
   key_name      = aws_key_pair.devnet.key_name
   image_id      = data.aws_ami.base_ami.id
 
diff --git a/modules/asg/variables.tf b/modules/asg/variables.tf
index b109930..f91d3a5 100644
--- a/modules/asg/variables.tf
+++ b/modules/asg/variables.tf
@@ -6,6 +6,15 @@ variable "base_instance_type" {
   description = "The type of instance that we're going to use"
   type        = string
 }
+
+variable "validator_instance_type" {
+  description = "The type of instance that we're going to use"
+  type        = string
+}
+variable "fullnode_instance_type" {
+  description = "The type of instance that we're going to use"
+  type        = string
+}
 variable "fullnode_count" {
   description = "The number of full nodes that we're going to deploy"
   type        = number
diff --git a/variables.tf b/variables.tf
index 09b564f..27b34de 100644
--- a/variables.tf
+++ b/variables.tf
@@ -224,3 +224,14 @@ variable "secret_access_key" {
   sensitive = false
 
 }
+
+variable "validator_instance_type" {
+  description = "The type of instance that we're going to use"
+  type        = string
+  default     = "c6a.2xlarge"
+}
+variable "fullnode_instance_type" {
+  description = "The type of instance that we're going to use"
+  type        = string
+  default     = "c6a.2xlarge"
+}