Conversation
Added CLAUDE.md to provide guidance for Claude Code with: - Project architecture and structure - Development commands (uv, just, pytest, mypy, ruff) - AWS Lambda deployment details - Instance state management rules Also added GitHub Actions workflow for container builds and updated Terraform configuration with lambda/fargate deployment options. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Added complete Fargate infrastructure: - ECS Fargate cluster with task definition for container deployment - Network Load Balancer (NLB) for Fargate tasks - CloudFront distribution in front of NLB - WAF with geo-blocking for sanctioned countries (SY, SD, RU, KP, IR, CU) - Security groups for ECS tasks - IAM roles for task execution and EC2 instance management Configuration changes: - Removed use_alb/use_nlb variables, NLB always used with Fargate - Added support for IP allow lists and managed prefix lists - Added us-east-1 provider for CloudFront WAF - Updated Lambda module to v1.0.9 - Updated Dockerfile to bind to 0.0.0.0 - Added host/port CLI options to thin-controller Outputs include CloudFront URL, NLB DNS, and WAF ARN. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Infrastructure changes: - Replaced Network Load Balancer with Application Load Balancer - Added ALB security group with IP/prefix list restrictions - Updated CloudFront origin to point to ALB - ALB uses HTTP health checks on path / Tagging improvements: - Added global tags variable (map of key-value pairs) - Created tags.tf with common_tags local merging defaults with custom tags - Default tags: ManagedBy=Tofu, Project=thin-controller - Applied merged tags to all resources: - ECS Cluster, Security Groups, ALB, Target Group - CloudFront Distribution, WAF WebACL - CloudWatch Log Group Application updates: - Added /up health check endpoint returning "OK" - Updated tests for new endpoint 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Security improvements: - Added Lambda IAM policy for EC2 instance management - Restricted EC2 start/stop permissions to instances with tag thin_controller_managed=true - Unrestricted ec2:DescribeInstances for listing (required for tag filtering) - Applied same tag-based restrictions to Fargate ECS task role Both Lambda and Fargate deployments now enforce least-privilege access: - Can describe all EC2 instances (needed for discovery) - Can only start/stop instances tagged with thin_controller_managed=true Created terraform/lambda_iam.tf with Lambda-specific IAM resources including common tags. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.