From 558aa608da62839d31317246c619b43a3f09b8f7 Mon Sep 17 00:00:00 2001
From: mike dupont <mike.dupont@introspector.local>
Date: Thu, 12 Dec 2024 16:00:44 -0500
Subject: [PATCH 01/39] start of new version

---
 .../dev/us-east-1/components/Readme.md        | 16 ++++++----
 .../components/machine_image/main.tf          | 30 ++++++++++++-------
 2 files changed, 31 insertions(+), 15 deletions(-)

diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/Readme.md b/environments/swarms-aws-agent-api/dev/us-east-1/components/Readme.md
index 3f6653d..1f3362c 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/Readme.md
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/Readme.md
@@ -1,12 +1,18 @@
 # Plan
 ## Phase 1
+
 1. create minimal ec2 instance in machine_image
+
+terraform  (later packer) for ubuntu python uvicorn fastapi nginx systemd server with custom git modules
+
 2. create minimal ec2 ami from instance in machine_image
 3. create autoscaling_group of size 1 for image
-4. create application_load_balancer  
-5. create dns_entry             
-6. create cognito_user_pool   for login
+4. create application load balancer
+
+send users back to server via sticky sessions or some id.
+
+5. create dns_entry
+6. create cognito user pool for login
 7. create work_queue
-8. create lambda_workers on queue 
+8. create lambda_workers on queue
 9. create resource_launchers to create new resources.
-
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/main.tf
index a438646..e108645 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/main.tf
@@ -1,6 +1,3 @@
-#TASK:write terraform packer for ubuntu python fastapi server with custom git modules
-
-#To create a Terraform configuration using Packer for an Ubuntu-based FastAPI server with custom Git modules, you'll need to follow a few steps. Below is a concise example of how to structure your Packer template and Terraform files.
 
 provider "aws" {
   region = "us-east-1"
@@ -16,14 +13,27 @@ data "aws_ami" "ubuntu" {
   }
 }
 
-resource "aws_instance" "fastapi_server_test_instance" {
+resource "aws_instance" "swarms_server_test_instance" {
   count = var.test_server_count
-  ami           = data.aws_ami.ubuntu.id
-  instance_type = "t2.micro"
-
-  # add in this user data
+  ami   = data.aws_ami.ubuntu.id
+  instance_type = "t3g.large"
+  
+  user_data = <<-EOF
+#!/bin/bash
+sudo apt update
+sudo apt install -y git virtualenv
+rm -rf ./src/swarms
+if [ ! -d "/opt/swarms/" ];
+  then
+  git clone https://github.com/jmikedupont2/swarms "/opt/swarms/"
+fi    
+cd "/opt/swarms/" || exit 1 # "we need swarms"
+export BRANCH=feature/ec2
+git checkout --force  $BRANCH
+bash -x /opt/swarms/api/install.sh
+              EOF
   tags = {
-    Name = "FastAPI Server"
+    Name = "Swarms Server"
   }
 }
-
+}

From 2138b0450064e6fca2a5e51c00661dac4c3efdb3 Mon Sep 17 00:00:00 2001
From: mike dupont <mike.dupont@introspector.local>
Date: Thu, 12 Dec 2024 16:07:16 -0500
Subject: [PATCH 02/39] now creating

---
 .../dev/us-east-1/components/machine_image/main.tf             | 3 +--
 .../dev/us-east-1/components/machine_image/variables.tf        | 2 +-
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/main.tf
index e108645..4ff7a6b 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/main.tf
@@ -16,7 +16,7 @@ data "aws_ami" "ubuntu" {
 resource "aws_instance" "swarms_server_test_instance" {
   count = var.test_server_count
   ami   = data.aws_ami.ubuntu.id
-  instance_type = "t3g.large"
+  instance_type = "t3.large"
   
   user_data = <<-EOF
 #!/bin/bash
@@ -36,4 +36,3 @@ bash -x /opt/swarms/api/install.sh
     Name = "Swarms Server"
   }
 }
-}
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/variables.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/variables.tf
index c36c95f..e9e30b2 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/variables.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/variables.tf
@@ -1,3 +1,3 @@
 variable test_server_count {
-  value = 1 # how many test servers to run
+  default = 1 # how many test servers to run
 }

From 2badf08a3ede28ce880657c87643888e4bde1583 Mon Sep 17 00:00:00 2001
From: mike dupont <mike.dupont@introspector.local>
Date: Thu, 12 Dec 2024 17:49:51 -0500
Subject: [PATCH 03/39] machine image

---
 .../dev/us-east-1/components/Readme.md        |   4 +
 .../components/machine_image/Makefile         |   2 +-
 .../components/machine_image/main.tf          | 138 ++++-
 .../components/machine_image/versions.tf      |  10 +
 .../components/vpc/.terraform.lock.hcl        |  20 +
 .../dev/us-east-1/components/vpc/main.tf      | 236 ++++++++
 .../dev/us-east-1/components/vpc/outputs.tf   | 551 ++++++++++++++++++
 .../dev/us-east-1/components/vpc/versions.tf  |  10 +
 8 files changed, 960 insertions(+), 11 deletions(-)
 create mode 100644 environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/versions.tf
 create mode 100644 environments/swarms-aws-agent-api/dev/us-east-1/components/vpc/.terraform.lock.hcl
 create mode 100644 environments/swarms-aws-agent-api/dev/us-east-1/components/vpc/main.tf
 create mode 100644 environments/swarms-aws-agent-api/dev/us-east-1/components/vpc/outputs.tf
 create mode 100644 environments/swarms-aws-agent-api/dev/us-east-1/components/vpc/versions.tf

diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/Readme.md b/environments/swarms-aws-agent-api/dev/us-east-1/components/Readme.md
index 1f3362c..f21e789 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/Readme.md
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/Readme.md
@@ -1,6 +1,10 @@
 # Plan
 ## Phase 1
 
+0. create standard vpc with a private network to host ec2, 
+this uses a natgw that costs money https://aws.amazon.com/vpc/pricing/
+0.45 so we will put the intances in public for now and use security groups to limit access.
+
 1. create minimal ec2 instance in machine_image
 
 terraform  (later packer) for ubuntu python uvicorn fastapi nginx systemd server with custom git modules
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/Makefile b/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/Makefile
index 307e8a1..6a6bebf 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/Makefile
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/Makefile
@@ -1,4 +1,4 @@
 doit :
 	tofu init
 	tofu plan
-	tofu apply
+	tofu apply -auto-approve
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/main.tf
index 4ff7a6b..c4f90be 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/main.tf
@@ -1,11 +1,57 @@
 
+# outputs
+# default_network_acl_id = "acl-032756394b24c5d7a"
+# default_route_table_id = "rtb-014dd7a2bcfc284ec"
+# default_security_group_id = "sg-0273ddcb04d73df49"
+# nat_ids = []
+# nat_public_ips = tolist([])
+# natgw_ids = []
+# private_ipv6_egress_route_ids = []
+# private_nat_gateway_route_ids = []
+# private_route_table_association_ids = []
+# private_route_table_ids = []
+# private_subnet_arns = []
+# private_subnets = []
+# private_subnets_cidr_blocks = tolist([])
+# private_subnets_ipv6_cidr_blocks = tolist([])
+# public_route_table_association_ids = []
+# public_route_table_ids = []
+# public_subnet_arns = []
+# public_subnets = []
+# public_subnets_cidr_blocks = tolist([])
+# public_subnets_ipv6_cidr_blocks = tolist([])
+# this_customer_gateway = {}
+# vpc_arn = "arn:aws:ec2:us-east-1:767503528736:vpc/vpc-04f28c9347af48b55"
+# vpc_cidr_block = "10.0.0.0/16"
+# vpc_enable_dns_hostnames = true
+# vpc_enable_dns_support = true
+# vpc_flow_log_cloudwatch_iam_role_arn = ""
+# vpc_flow_log_destination_arn = ""
+# vpc_flow_log_destination_type = "cloud-watch-logs"
+
+# vpc_instance_tenancy = "default"
+# vpc_ipv6_association_id = ""
+# vpc_ipv6_cidr_block = ""
+# vpc_main_route_table_id = "rtb-014dd7a2bcfc284ec"
+# vpc_owner_id = "767503528736"
+# vpc_secondary_cidr_blocks = tolist([])
+
 provider "aws" {
   region = "us-east-1"
 }
 
+locals {
+  name   = "swarms"
+  region = "us-east-1"
+  ec2_subnet_id = "subnet-057c90cfe7b2e5646"
+  vpc_id = "vpc-04f28c9347af48b55"
+  tags = {
+    project="swarms"
+  }
+}
+
 data "aws_ami" "ubuntu" {
   most_recent = true
-
   owners = ["099720109477"] # Ubuntu's account ID
   filter {
     name   = "name"
@@ -13,16 +59,55 @@ data "aws_ami" "ubuntu" {
   }
 }
 
-resource "aws_instance" "swarms_server_test_instance" {
-  count = var.test_server_count
+module "security_group_instance" {
+  source  = "terraform-aws-modules/security-group/aws"
+  version = "~> 5.0"
+  name        = "${local.name}-ec2"
+  description = "Security Group for EC2 Instance"
+  vpc_id = local.vpc_id
+  #ingress_rules            = ["https-443-tcp"]
+  ingress_with_cidr_blocks = [
+     {
+       from_port   = 443
+       to_port     = 443
+       protocol    = "tcp"
+       cidr_blocks = "0.0.0.0/0"
+  #     cidr_blocks = "10.10.0.0/16"
+     }
+  ]
+
+  #egress_rules = ["https-443-tcp"]
+  egress_with_cidr_blocks = [
+    {
+      from_port   = 443
+      to_port     = 443
+      protocol    = "tcp"
+      cidr_blocks = "0.0.0.0/0"
+    }
+  ]
+
+  tags = local.tags
+}
+
+module "ec2" {
+  source  = "terraform-aws-modules/ec2-instance/aws"
+  associate_public_ip_address = true # for now
+  name =  local.name
   ami   = data.aws_ami.ubuntu.id
   instance_type = "t3.large"
-  
+  create_iam_instance_profile = true
+  iam_role_description        = "IAM role for EC2 instance"
+  iam_role_policies = {
+    AmazonSSMManagedInstanceCore = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
+  }
+  vpc_security_group_ids = [module.security_group_instance.security_group_id]
+
   user_data = <<-EOF
 #!/bin/bash
-sudo apt update
-sudo apt install -y git virtualenv
-rm -rf ./src/swarms
+apt update
+apt-get install ec2-instance-connect
+apt install -y git virtualenv
+
 if [ ! -d "/opt/swarms/" ];
   then
   git clone https://github.com/jmikedupont2/swarms "/opt/swarms/"
@@ -32,7 +117,40 @@ export BRANCH=feature/ec2
 git checkout --force  $BRANCH
 bash -x /opt/swarms/api/install.sh
               EOF
-  tags = {
-    Name = "Swarms Server"
-  }
+  tags = local.tags  
+  create_spot_instance = true
+  subnet_id     = local.ec2_subnet_id
+  #instance_market_options {    market_type = "spot"    spot_options {      #max_price = 0.0031
+  #}
+#}
 }
+
+
+# module "vpc_endpoints" {
+#   source  = "terraform-aws-modules/vpc/aws//modules/vpc-endpoints"
+#   version = "~> 5.0"
+
+#   vpc_id = module.vpc.vpc_id
+
+#   endpoints = { for service in toset(["ssm", "ssmmessages", "ec2messages"]) :
+#     replace(service, ".", "_") =>
+#     {
+#       service             = service
+#       subnet_ids          = module.vpc.intra_subnets
+#       private_dns_enabled = true
+#       tags                = { Name = "${local.name}-${service}" }
+#     }
+#   }
+
+#   create_security_group      = true
+#   security_group_name_prefix = "${local.name}-vpc-endpoints-"
+#   security_group_description = "VPC endpoint security group"
+#   security_group_rules = {
+#     ingress_https = {
+#       description = "HTTPS from subnets"
+#       cidr_blocks = #module.vpc.intra_subnets_cidr_blocks
+#     }
+#   }
+
+#   tags = local.tags
+# }
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/versions.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/versions.tf
new file mode 100644
index 0000000..fd4d116
--- /dev/null
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/versions.tf
@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 1.0"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 4.66"
+    }
+  }
+}
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/vpc/.terraform.lock.hcl b/environments/swarms-aws-agent-api/dev/us-east-1/components/vpc/.terraform.lock.hcl
new file mode 100644
index 0000000..a688307
--- /dev/null
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/vpc/.terraform.lock.hcl
@@ -0,0 +1,20 @@
+# This file is maintained automatically by "tofu init".
+# Manual edits may be lost in future updates.
+
+provider "registry.opentofu.org/hashicorp/aws" {
+  version     = "5.81.0"
+  constraints = ">= 5.46.0"
+  hashes = [
+    "h1:ird967uf44WBZ0u9rMlOdO4nCKJZMlUknLcD3lz4dWs=",
+    "zh:0d0c7cc1e16b16cd00ab36de35038162e1871b51a902e9016d08c55c9fc4de35",
+    "zh:0e4b8c6e46999015292ab4fb9a430ab00107a276f25243552cde66db53c58661",
+    "zh:30041314cdd4e877d75ee8c9d36aecfca094e276f7a3d8150f929cf5169b2fa5",
+    "zh:5ebd248ce3e5a7ef9cc2f41499668f182146325e10ea305c70469122f6161a13",
+    "zh:888a69d371373b418549e03f5922becb2b8074cb463552ecfa65f30455708db0",
+    "zh:8a21bb7fe60383ff5ca9db8630a287e41fd520d2514c08874a16dc74500fadd7",
+    "zh:9c4663dcbfe58544642d70ebfdc6c5fa91592ff04164f77c655e32e6024483e2",
+    "zh:b322873f1209443a8407d5f782d7d917de6a1391239dbd0e7f809ce6507bed76",
+    "zh:b7c9d5ca14b818b5932ac58a490646a425ebc41b33d149090aa5f48d1ca35c99",
+    "zh:e76cd202b03749f3082b0cbe849fd2e731cf3f9a6aa994d2d629602c3aede36c",
+  ]
+}
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/vpc/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/vpc/main.tf
new file mode 100644
index 0000000..5d60b80
--- /dev/null
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/vpc/main.tf
@@ -0,0 +1,236 @@
+#from  https://github.com/terraform-aws-modules/terraform-aws-vpc
+
+data "aws_availability_zones" "available" {}
+
+provider "aws" {
+  region = local.region
+}
+
+locals {
+  name   = "swarms"
+  region = "us-east-1"
+  vpc_cidr = "10.0.0.0/16"
+  azs      = slice(data.aws_availability_zones.available.names, 0, 3)
+
+  tags = {
+    project    = local.name
+#    GithubRepo = "terraform-aws-vpc"
+#    GithubOrg  = "terraform-aws-modules"
+  }
+}
+
+# resource "vpc" "swarms" {
+#   source = "terraform-aws-modules/vpc/aws"
+#   #source          = "https://github.com/terraform-aws-modules/terraform-aws-vpc.git"
+#   name = "swarms"
+#   cidr = "10.0.0.0/16"
+#   azs             = ["us-east-1a", "us-east-1b", "us-east-1c"]
+#   private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
+#   public_subnets  = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
+
+#   enable_nat_gateway = true
+#   enable_vpn_gateway = true
+
+#   tags = {
+#     Terraform = "true"
+#     Environment = "dev"
+#   }
+# }
+
+#  provider_name   = "aws"
+
+
+
+################################################################################
+# VPC Module
+################################################################################
+
+module "vpc" {
+  source = "terraform-aws-modules/vpc/aws"
+  name = local.name
+  cidr = local.vpc_cidr
+  azs                 = local.azs
+  private_subnets     = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k)]
+  public_subnets      = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 4)]
+  #   database_subnets    = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 8)]
+  #   elasticache_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 12)]
+  #   redshift_subnets    = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 16)]
+  #   intra_subnets       = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 20)]
+  private_subnet_names = ["Private Subnet One", "Private Subnet Two"]
+  #   # public_subnet_names omitted to show default name generation for all three subnets
+  #   database_subnet_names    = ["DB Subnet One"]
+  #   elasticache_subnet_names = ["Elasticache Subnet One", "Elasticache Subnet Two"]
+  #   redshift_subnet_names    = ["Redshift Subnet One", "Redshift Subnet Two", "Redshift Subnet Three"]
+  #   intra_subnet_names       = []
+  #   create_database_subnet_group  = false
+  #   manage_default_network_acl    = false
+  #   manage_default_route_table    = false
+  #   manage_default_security_group = false
+  #   enable_dns_hostnames = true
+  #   enable_dns_support   = true
+  enable_nat_gateway = false
+  #   single_nat_gateway = false
+  #   customer_gateways = {
+  #     IP1 = {
+  #       bgp_asn     = 65112
+  #       ip_address  = "1.2.3.4"
+  #       device_name = "some_name"
+  #     },
+  #     IP2 = {
+  #       bgp_asn    = 65112
+  #       ip_address = "5.6.7.8"
+  #     }
+  #   }
+  #   enable_vpn_gateway = true
+  #   enable_dhcp_options              = true
+  #   dhcp_options_domain_name         = "service.consul"
+  #   dhcp_options_domain_name_servers = ["127.0.0.1", "10.10.0.2"]
+  
+  #   # VPC Flow Logs (Cloudwatch log group and IAM role will be created)
+  #   vpc_flow_log_iam_role_name            = "vpc-complete-example-role"
+  #   vpc_flow_log_iam_role_use_name_prefix = false
+  #   enable_flow_log                       = true
+  #   create_flow_log_cloudwatch_log_group  = true
+  #   create_flow_log_cloudwatch_iam_role   = true
+  #   flow_log_max_aggregation_interval     = 60
+  
+   tags = local.tags
+}
+
+# ################################################################################
+# # VPC Endpoints Module
+# ################################################################################
+
+# module "vpc_endpoints" {
+#   source = "../../modules/vpc-endpoints"
+
+#   vpc_id = module.vpc.vpc_id
+
+#   create_security_group      = true
+#   security_group_name_prefix = "${local.name}-vpc-endpoints-"
+#   security_group_description = "VPC endpoint security group"
+#   security_group_rules = {
+#     ingress_https = {
+#       description = "HTTPS from VPC"
+#       cidr_blocks = [module.vpc.vpc_cidr_block]
+#     }
+#   }
+
+#   endpoints = {
+#     s3 = {
+#       service             = "s3"
+#       private_dns_enabled = true
+#       dns_options = {
+#         private_dns_only_for_inbound_resolver_endpoint = false
+#       }
+#       tags = { Name = "s3-vpc-endpoint" }
+#     },
+#     dynamodb = {
+#       service         = "dynamodb"
+#       service_type    = "Gateway"
+#       route_table_ids = flatten([module.vpc.intra_route_table_ids, module.vpc.private_route_table_ids, module.vpc.public_route_table_ids])
+#       policy          = data.aws_iam_policy_document.dynamodb_endpoint_policy.json
+#       tags            = { Name = "dynamodb-vpc-endpoint" }
+#     },
+#     ecs = {
+#       service             = "ecs"
+#       private_dns_enabled = true
+#       subnet_ids          = module.vpc.private_subnets
+#     },
+#     ecs_telemetry = {
+#       create              = false
+#       service             = "ecs-telemetry"
+#       private_dns_enabled = true
+#       subnet_ids          = module.vpc.private_subnets
+#     },
+#     ecr_api = {
+#       service             = "ecr.api"
+#       private_dns_enabled = true
+#       subnet_ids          = module.vpc.private_subnets
+#       policy              = data.aws_iam_policy_document.generic_endpoint_policy.json
+#     },
+#     ecr_dkr = {
+#       service             = "ecr.dkr"
+#       private_dns_enabled = true
+#       subnet_ids          = module.vpc.private_subnets
+#       policy              = data.aws_iam_policy_document.generic_endpoint_policy.json
+#     },
+#     rds = {
+#       service             = "rds"
+#       private_dns_enabled = true
+#       subnet_ids          = module.vpc.private_subnets
+#       security_group_ids  = [aws_security_group.rds.id]
+#     },
+#   }
+
+#   tags = merge(local.tags, {
+#     Project  = "Secret"
+#     Endpoint = "true"
+#   })
+# }
+
+# module "vpc_endpoints_nocreate" {
+#   source = "../../modules/vpc-endpoints"
+
+#   create = false
+# }
+
+# ################################################################################
+# # Supporting Resources
+# ################################################################################
+
+# data "aws_iam_policy_document" "dynamodb_endpoint_policy" {
+#   statement {
+#     effect    = "Deny"
+#     actions   = ["dynamodb:*"]
+#     resources = ["*"]
+
+#     principals {
+#       type        = "*"
+#       identifiers = ["*"]
+#     }
+
+#     condition {
+#       test     = "StringNotEquals"
+#       variable = "aws:sourceVpc"
+
+#       values = [module.vpc.vpc_id]
+#     }
+#   }
+# }
+
+# data "aws_iam_policy_document" "generic_endpoint_policy" {
+#   statement {
+#     effect    = "Deny"
+#     actions   = ["*"]
+#     resources = ["*"]
+
+#     principals {
+#       type        = "*"
+#       identifiers = ["*"]
+#     }
+
+#     condition {
+#       test     = "StringNotEquals"
+#       variable = "aws:SourceVpc"
+
+#       values = [module.vpc.vpc_id]
+#     }
+#   }
+# }
+
+# resource "aws_security_group" "rds" {
+#   name_prefix = "${local.name}-rds"
+#   description = "Allow PostgreSQL inbound traffic"
+#   vpc_id      = module.vpc.vpc_id
+
+#   ingress {
+#     description = "TLS from VPC"
+#     from_port   = 5432
+#     to_port     = 5432
+#     protocol    = "tcp"
+#     cidr_blocks = [module.vpc.vpc_cidr_block]
+#   }
+
+#   tags = local.tags
+# }
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/vpc/outputs.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/vpc/outputs.tf
new file mode 100644
index 0000000..655b291
--- /dev/null
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/vpc/outputs.tf
@@ -0,0 +1,551 @@
+output "vpc_id" {
+  description = "The ID of the VPC"
+  value       = module.vpc.vpc_id
+}
+
+output "vpc_arn" {
+  description = "The ARN of the VPC"
+  value       = module.vpc.vpc_arn
+}
+
+output "vpc_cidr_block" {
+  description = "The CIDR block of the VPC"
+  value       = module.vpc.vpc_cidr_block
+}
+
+output "default_security_group_id" {
+  description = "The ID of the security group created by default on VPC creation"
+  value       = module.vpc.default_security_group_id
+}
+
+output "default_network_acl_id" {
+  description = "The ID of the default network ACL"
+  value       = module.vpc.default_network_acl_id
+}
+
+output "default_route_table_id" {
+  description = "The ID of the default route table"
+  value       = module.vpc.default_route_table_id
+}
+
+output "vpc_instance_tenancy" {
+  description = "Tenancy of instances spin up within VPC"
+  value       = module.vpc.vpc_instance_tenancy
+}
+
+output "vpc_enable_dns_support" {
+  description = "Whether or not the VPC has DNS support"
+  value       = module.vpc.vpc_enable_dns_support
+}
+
+output "vpc_enable_dns_hostnames" {
+  description = "Whether or not the VPC has DNS hostname support"
+  value       = module.vpc.vpc_enable_dns_hostnames
+}
+
+output "vpc_main_route_table_id" {
+  description = "The ID of the main route table associated with this VPC"
+  value       = module.vpc.vpc_main_route_table_id
+}
+
+output "vpc_ipv6_association_id" {
+  description = "The association ID for the IPv6 CIDR block"
+  value       = module.vpc.vpc_ipv6_association_id
+}
+
+output "vpc_ipv6_cidr_block" {
+  description = "The IPv6 CIDR block"
+  value       = module.vpc.vpc_ipv6_cidr_block
+}
+
+output "vpc_secondary_cidr_blocks" {
+  description = "List of secondary CIDR blocks of the VPC"
+  value       = module.vpc.vpc_secondary_cidr_blocks
+}
+
+output "vpc_owner_id" {
+  description = "The ID of the AWS account that owns the VPC"
+  value       = module.vpc.vpc_owner_id
+}
+
+output "private_subnets" {
+  description = "List of IDs of private subnets"
+  value       = module.vpc.private_subnets
+}
+
+output "private_subnet_arns" {
+  description = "List of ARNs of private subnets"
+  value       = module.vpc.private_subnet_arns
+}
+
+output "private_subnets_cidr_blocks" {
+  description = "List of cidr_blocks of private subnets"
+  value       = module.vpc.private_subnets_cidr_blocks
+}
+
+output "private_subnets_ipv6_cidr_blocks" {
+  description = "List of IPv6 cidr_blocks of private subnets in an IPv6 enabled VPC"
+  value       = module.vpc.private_subnets_ipv6_cidr_blocks
+}
+
+output "public_subnets" {
+  description = "List of IDs of public subnets"
+  value       = module.vpc.public_subnets
+}
+
+output "public_subnet_arns" {
+  description = "List of ARNs of public subnets"
+  value       = module.vpc.public_subnet_arns
+}
+
+output "public_subnets_cidr_blocks" {
+  description = "List of cidr_blocks of public subnets"
+  value       = module.vpc.public_subnets_cidr_blocks
+}
+
+output "public_subnets_ipv6_cidr_blocks" {
+  description = "List of IPv6 cidr_blocks of public subnets in an IPv6 enabled VPC"
+  value       = module.vpc.public_subnets_ipv6_cidr_blocks
+}
+
+# output "outpost_subnets" {
+#   description = "List of IDs of outpost subnets"
+#   value       = module.vpc.outpost_subnets
+# }
+
+# output "outpost_subnet_arns" {
+#   description = "List of ARNs of outpost subnets"
+#   value       = module.vpc.outpost_subnet_arns
+# }
+
+# output "outpost_subnets_cidr_blocks" {
+#   description = "List of cidr_blocks of outpost subnets"
+#   value       = module.vpc.outpost_subnets_cidr_blocks
+# }
+
+# output "outpost_subnets_ipv6_cidr_blocks" {
+#   description = "List of IPv6 cidr_blocks of outpost subnets in an IPv6 enabled VPC"
+#   value       = module.vpc.outpost_subnets_ipv6_cidr_blocks
+# }
+
+# output "database_subnets" {
+#   description = "List of IDs of database subnets"
+#   value       = module.vpc.database_subnets
+# }
+
+# output "database_subnet_arns" {
+#   description = "List of ARNs of database subnets"
+#   value       = module.vpc.database_subnet_arns
+# }
+
+# output "database_subnets_cidr_blocks" {
+#   description = "List of cidr_blocks of database subnets"
+#   value       = module.vpc.database_subnets_cidr_blocks
+# }
+
+# output "database_subnets_ipv6_cidr_blocks" {
+#   description = "List of IPv6 cidr_blocks of database subnets in an IPv6 enabled VPC"
+#   value       = module.vpc.database_subnets_ipv6_cidr_blocks
+# }
+
+# output "database_subnet_group" {
+#   description = "ID of database subnet group"
+#   value       = module.vpc.database_subnet_group
+# }
+
+# output "database_subnet_group_name" {
+#   description = "Name of database subnet group"
+#   value       = module.vpc.database_subnet_group_name
+# }
+
+# output "redshift_subnets" {
+#   description = "List of IDs of redshift subnets"
+#   value       = module.vpc.redshift_subnets
+# }
+
+# output "redshift_subnet_arns" {
+#   description = "List of ARNs of redshift subnets"
+#   value       = module.vpc.redshift_subnet_arns
+# }
+
+# output "redshift_subnets_cidr_blocks" {
+#   description = "List of cidr_blocks of redshift subnets"
+#   value       = module.vpc.redshift_subnets_cidr_blocks
+# }
+
+# output "redshift_subnets_ipv6_cidr_blocks" {
+#   description = "List of IPv6 cidr_blocks of redshift subnets in an IPv6 enabled VPC"
+#   value       = module.vpc.redshift_subnets_ipv6_cidr_blocks
+# }
+
+# output "redshift_subnet_group" {
+#   description = "ID of redshift subnet group"
+#   value       = module.vpc.redshift_subnet_group
+# }
+
+# output "elasticache_subnets" {
+#   description = "List of IDs of elasticache subnets"
+#   value       = module.vpc.elasticache_subnets
+# }
+
+# output "elasticache_subnet_arns" {
+#   description = "List of ARNs of elasticache subnets"
+#   value       = module.vpc.elasticache_subnet_arns
+# }
+
+# output "elasticache_subnets_cidr_blocks" {
+#   description = "List of cidr_blocks of elasticache subnets"
+#   value       = module.vpc.elasticache_subnets_cidr_blocks
+# }
+
+# output "elasticache_subnets_ipv6_cidr_blocks" {
+#   description = "List of IPv6 cidr_blocks of elasticache subnets in an IPv6 enabled VPC"
+#   value       = module.vpc.elasticache_subnets_ipv6_cidr_blocks
+# }
+
+# output "intra_subnets" {
+#   description = "List of IDs of intra subnets"
+#   value       = module.vpc.intra_subnets
+# }
+
+# output "intra_subnet_arns" {
+#   description = "List of ARNs of intra subnets"
+#   value       = module.vpc.intra_subnet_arns
+# }
+
+# output "intra_subnets_cidr_blocks" {
+#   description = "List of cidr_blocks of intra subnets"
+#   value       = module.vpc.intra_subnets_cidr_blocks
+# }
+
+# output "intra_subnets_ipv6_cidr_blocks" {
+#   description = "List of IPv6 cidr_blocks of intra subnets in an IPv6 enabled VPC"
+#   value       = module.vpc.intra_subnets_ipv6_cidr_blocks
+# }
+
+# output "elasticache_subnet_group" {
+#   description = "ID of elasticache subnet group"
+#   value       = module.vpc.elasticache_subnet_group
+# }
+
+# output "elasticache_subnet_group_name" {
+#   description = "Name of elasticache subnet group"
+#   value       = module.vpc.elasticache_subnet_group_name
+# }
+
+output "public_route_table_ids" {
+  description = "List of IDs of public route tables"
+  value       = module.vpc.public_route_table_ids
+}
+
+output "private_route_table_ids" {
+  description = "List of IDs of private route tables"
+  value       = module.vpc.private_route_table_ids
+}
+
+# output "database_route_table_ids" {
+#   description = "List of IDs of database route tables"
+#   value       = module.vpc.database_route_table_ids
+# }
+
+# output "redshift_route_table_ids" {
+#   description = "List of IDs of redshift route tables"
+#   value       = module.vpc.redshift_route_table_ids
+# }
+
+# output "elasticache_route_table_ids" {
+#   description = "List of IDs of elasticache route tables"
+#   value       = module.vpc.elasticache_route_table_ids
+# }
+
+# output "intra_route_table_ids" {
+#   description = "List of IDs of intra route tables"
+#   value       = module.vpc.intra_route_table_ids
+# }
+
+output "public_internet_gateway_route_id" {
+  description = "ID of the internet gateway route"
+  value       = module.vpc.public_internet_gateway_route_id
+}
+
+output "public_internet_gateway_ipv6_route_id" {
+  description = "ID of the IPv6 internet gateway route"
+  value       = module.vpc.public_internet_gateway_ipv6_route_id
+}
+
+# output "database_internet_gateway_route_id" {
+#   description = "ID of the database internet gateway route"
+#   value       = module.vpc.database_internet_gateway_route_id
+# }
+
+# output "database_nat_gateway_route_ids" {
+#   description = "List of IDs of the database nat gateway route"
+#   value       = module.vpc.database_nat_gateway_route_ids
+# }
+
+# output "database_ipv6_egress_route_id" {
+#   description = "ID of the database IPv6 egress route"
+#   value       = module.vpc.database_ipv6_egress_route_id
+# }
+
+output "private_nat_gateway_route_ids" {
+  description = "List of IDs of the private nat gateway route"
+  value       = module.vpc.private_nat_gateway_route_ids
+}
+
+output "private_ipv6_egress_route_ids" {
+  description = "List of IDs of the ipv6 egress route"
+  value       = module.vpc.private_ipv6_egress_route_ids
+}
+
+output "private_route_table_association_ids" {
+  description = "List of IDs of the private route table association"
+  value       = module.vpc.private_route_table_association_ids
+}
+
+# output "database_route_table_association_ids" {
+#   description = "List of IDs of the database route table association"
+#   value       = module.vpc.database_route_table_association_ids
+# }
+
+# output "redshift_route_table_association_ids" {
+#   description = "List of IDs of the redshift route table association"
+#   value       = module.vpc.redshift_route_table_association_ids
+# }
+
+# output "redshift_public_route_table_association_ids" {
+#   description = "List of IDs of the public redshift route table association"
+#   value       = module.vpc.redshift_public_route_table_association_ids
+# }
+
+# output "elasticache_route_table_association_ids" {
+#   description = "List of IDs of the elasticache route table association"
+#   value       = module.vpc.elasticache_route_table_association_ids
+# }
+
+# output "intra_route_table_association_ids" {
+#   description = "List of IDs of the intra route table association"
+#   value       = module.vpc.intra_route_table_association_ids
+# }
+
+output "public_route_table_association_ids" {
+  description = "List of IDs of the public route table association"
+  value       = module.vpc.public_route_table_association_ids
+}
+
+output "dhcp_options_id" {
+  description = "The ID of the DHCP options"
+  value       = module.vpc.dhcp_options_id
+}
+
+output "nat_ids" {
+  description = "List of allocation ID of Elastic IPs created for AWS NAT Gateway"
+  value       = module.vpc.nat_ids
+}
+
+output "nat_public_ips" {
+  description = "List of public Elastic IPs created for AWS NAT Gateway"
+  value       = module.vpc.nat_public_ips
+}
+
+output "natgw_ids" {
+  description = "List of NAT Gateway IDs"
+  value       = module.vpc.natgw_ids
+}
+
+output "igw_id" {
+  description = "The ID of the Internet Gateway"
+  value       = module.vpc.igw_id
+}
+
+output "igw_arn" {
+  description = "The ARN of the Internet Gateway"
+  value       = module.vpc.igw_arn
+}
+
+output "egress_only_internet_gateway_id" {
+  description = "The ID of the egress only Internet Gateway"
+  value       = module.vpc.egress_only_internet_gateway_id
+}
+
+output "cgw_ids" {
+  description = "List of IDs of Customer Gateway"
+  value       = module.vpc.cgw_ids
+}
+
+output "cgw_arns" {
+  description = "List of ARNs of Customer Gateway"
+  value       = module.vpc.cgw_arns
+}
+
+output "this_customer_gateway" {
+  description = "Map of Customer Gateway attributes"
+  value       = module.vpc.this_customer_gateway
+}
+
+output "vgw_id" {
+  description = "The ID of the VPN Gateway"
+  value       = module.vpc.vgw_id
+}
+
+output "vgw_arn" {
+  description = "The ARN of the VPN Gateway"
+  value       = module.vpc.vgw_arn
+}
+
+output "default_vpc_id" {
+  description = "The ID of the Default VPC"
+  value       = module.vpc.default_vpc_id
+}
+
+output "default_vpc_arn" {
+  description = "The ARN of the Default VPC"
+  value       = module.vpc.default_vpc_arn
+}
+
+output "default_vpc_cidr_block" {
+  description = "The CIDR block of the Default VPC"
+  value       = module.vpc.default_vpc_cidr_block
+}
+
+output "default_vpc_default_security_group_id" {
+  description = "The ID of the security group created by default on Default VPC creation"
+  value       = module.vpc.default_vpc_default_security_group_id
+}
+
+output "default_vpc_default_network_acl_id" {
+  description = "The ID of the default network ACL of the Default VPC"
+  value       = module.vpc.default_vpc_default_network_acl_id
+}
+
+output "default_vpc_default_route_table_id" {
+  description = "The ID of the default route table of the Default VPC"
+  value       = module.vpc.default_vpc_default_route_table_id
+}
+
+output "default_vpc_instance_tenancy" {
+  description = "Tenancy of instances spin up within Default VPC"
+  value       = module.vpc.default_vpc_instance_tenancy
+}
+
+output "default_vpc_enable_dns_support" {
+  description = "Whether or not the Default VPC has DNS support"
+  value       = module.vpc.default_vpc_enable_dns_support
+}
+
+output "default_vpc_enable_dns_hostnames" {
+  description = "Whether or not the Default VPC has DNS hostname support"
+  value       = module.vpc.default_vpc_enable_dns_hostnames
+}
+
+output "default_vpc_main_route_table_id" {
+  description = "The ID of the main route table associated with the Default VPC"
+  value       = module.vpc.default_vpc_main_route_table_id
+}
+
+output "public_network_acl_id" {
+  description = "ID of the public network ACL"
+  value       = module.vpc.public_network_acl_id
+}
+
+output "public_network_acl_arn" {
+  description = "ARN of the public network ACL"
+  value       = module.vpc.public_network_acl_arn
+}
+
+output "private_network_acl_id" {
+  description = "ID of the private network ACL"
+  value       = module.vpc.private_network_acl_id
+}
+
+output "private_network_acl_arn" {
+  description = "ARN of the private network ACL"
+  value       = module.vpc.private_network_acl_arn
+}
+
+# output "outpost_network_acl_id" {
+#   description = "ID of the outpost network ACL"
+#   value       = module.vpc.outpost_network_acl_id
+# }
+
+# output "outpost_network_acl_arn" {
+#   description = "ARN of the outpost network ACL"
+#   value       = module.vpc.outpost_network_acl_arn
+# }
+
+# output "intra_network_acl_id" {
+#   description = "ID of the intra network ACL"
+#   value       = module.vpc.intra_network_acl_id
+# }
+
+# output "intra_network_acl_arn" {
+#   description = "ARN of the intra network ACL"
+#   value       = module.vpc.intra_network_acl_arn
+# }
+
+# output "database_network_acl_id" {
+#   description = "ID of the database network ACL"
+#   value       = module.vpc.database_network_acl_id
+# }
+
+# output "database_network_acl_arn" {
+#   description = "ARN of the database network ACL"
+#   value       = module.vpc.database_network_acl_arn
+# }
+
+# output "redshift_network_acl_id" {
+#   description = "ID of the redshift network ACL"
+#   value       = module.vpc.redshift_network_acl_id
+# }
+
+# output "redshift_network_acl_arn" {
+#   description = "ARN of the redshift network ACL"
+#   value       = module.vpc.redshift_network_acl_arn
+# }
+
+# output "elasticache_network_acl_id" {
+#   description = "ID of the elasticache network ACL"
+#   value       = module.vpc.elasticache_network_acl_id
+# }
+
+# output "elasticache_network_acl_arn" {
+#   description = "ARN of the elasticache network ACL"
+#   value       = module.vpc.elasticache_network_acl_arn
+# }
+
+# VPC flow log
+output "vpc_flow_log_id" {
+  description = "The ID of the Flow Log resource"
+  value       = module.vpc.vpc_flow_log_id
+}
+
+output "vpc_flow_log_destination_arn" {
+  description = "The ARN of the destination for VPC Flow Logs"
+  value       = module.vpc.vpc_flow_log_destination_arn
+}
+
+output "vpc_flow_log_destination_type" {
+  description = "The type of the destination for VPC Flow Logs"
+  value       = module.vpc.vpc_flow_log_destination_type
+}
+
+output "vpc_flow_log_cloudwatch_iam_role_arn" {
+  description = "The ARN of the IAM role used when pushing logs to Cloudwatch log group"
+  value       = module.vpc.vpc_flow_log_cloudwatch_iam_role_arn
+}
+
+# VPC endpoints
+# output "vpc_endpoints" {
+#   description = "Array containing the full resource object and attributes for all endpoints created"
+#   value       = module.vpc_endpoints.endpoints
+# }
+
+# output "vpc_endpoints_security_group_arn" {
+#   description = "Amazon Resource Name (ARN) of the security group"
+#   value       = module.vpc_endpoints.security_group_arn
+# }
+
+# output "vpc_endpoints_security_group_id" {
+#   description = "ID of the security group"
+#   value       = module.vpc_endpoints.security_group_id
+# }
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/vpc/versions.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/vpc/versions.tf
new file mode 100644
index 0000000..e1ed610
--- /dev/null
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/vpc/versions.tf
@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 1.0"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.46"
+    }
+  }
+}

From 51a09062b9ba131e086fe2dbddfd0569faab4ad9 Mon Sep 17 00:00:00 2001
From: mike dupont <mike.dupont@introspector.local>
Date: Thu, 12 Dec 2024 18:18:40 -0500
Subject: [PATCH 04/39] update

---
 .../dev/us-east-1/components/machine_image/main.tf            | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/main.tf
index c4f90be..a1d8aec 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/main.tf
@@ -104,9 +104,9 @@ module "ec2" {
 
   user_data = <<-EOF
 #!/bin/bash
+export HOME=/root
 apt update
-apt-get install ec2-instance-connect
-apt install -y git virtualenv
+apt-get install -y ec2-instance-connect git virtualenv
 
 if [ ! -d "/opt/swarms/" ];
   then

From fdac521729e4b8c0ada66150cb3209be00a899e9 Mon Sep 17 00:00:00 2001
From: mike dupont <mike.dupont@introspector.local>
Date: Thu, 12 Dec 2024 20:49:29 -0500
Subject: [PATCH 05/39] now running

---
 .../dev/us-east-1/components/Readme.md        |  2 +-
 .../components/machine_image/Readme.md        |  5 ++++
 .../components/machine_image/main.tf          | 28 +++++++++++++++++--
 3 files changed, 31 insertions(+), 4 deletions(-)

diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/Readme.md b/environments/swarms-aws-agent-api/dev/us-east-1/components/Readme.md
index f21e789..b9e7c04 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/Readme.md
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/Readme.md
@@ -2,7 +2,7 @@
 ## Phase 1
 
 0. create standard vpc with a private network to host ec2, 
-this uses a natgw that costs money https://aws.amazon.com/vpc/pricing/
+this uses a natgw that costs money bhttps://aws.amazon.com/vpc/pricing/
 0.45 so we will put the intances in public for now and use security groups to limit access.
 
 1. create minimal ec2 instance in machine_image
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/Readme.md b/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/Readme.md
index 2ee3737..7051cde 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/Readme.md
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/Readme.md
@@ -1 +1,6 @@
 machine_image
+
+
+`tofu apply -destroy -target module.ec2.aws_spot_instance_request.this[0] -auto-approve`
+
+aws ec2 describe-images --owners 099720109477 > images.json
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/main.tf
index a1d8aec..48bd41b 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/main.tf
@@ -55,7 +55,14 @@ data "aws_ami" "ubuntu" {
   owners = ["099720109477"] # Ubuntu's account ID
   filter {
     name   = "name"
-    values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"]
+    values = [
+      #"ubuntu/images/hvm-ssd/ubuntu*24*amd64-server*"
+      "ubuntu/images/hvm-ssd-gp3/ubuntu-noble-24.04-amd64-server-*",
+    ]
+    
+    #"ubuntu/images/hvm-ssd-gp3/ubuntu-noble-24.04-arm64-server-20240823",
+    #"ubuntu-minimal/images/hvm-ssd-gp3/ubuntu-noble-24.04-arm64-minimal-20240824",
+    #"ubuntu-minimal/images/hvm-ssd-gp3/ubuntu-noble-24.04-amd64-minimal-20240813",
   }
 }
 
@@ -72,8 +79,13 @@ module "security_group_instance" {
        to_port     = 443
        protocol    = "tcp"
        cidr_blocks = "0.0.0.0/0"
-  #     cidr_blocks = "10.10.0.0/16"
-     }
+     },
+    {
+      from_port   = 80
+      to_port     = 80
+      protocol    = "tcp"
+      cidr_blocks = "0.0.0.0/0"
+    }
   ]
 
   #egress_rules = ["https-443-tcp"]
@@ -102,6 +114,16 @@ module "ec2" {
   }
   vpc_security_group_ids = [module.security_group_instance.security_group_id]
 
+  root_block_device = [
+    {
+      #encrypted   = true
+      #volume_type = "gp3"
+      #throughput  = 200
+      volume_size = 50
+#      tags = local.tags
+    }
+  ]
+
   user_data = <<-EOF
 #!/bin/bash
 export HOME=/root

From 5ed453cd15c7a867c060e81c1622fe943922ab37 Mon Sep 17 00:00:00 2001
From: mike dupont <mike.dupont@introspector.local>
Date: Fri, 13 Dec 2024 09:54:54 -0500
Subject: [PATCH 06/39] using ami

---
 .../components/machine_image/main.tf          | 40 +++++++++++++++----
 1 file changed, 33 insertions(+), 7 deletions(-)

diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/main.tf
index 48bd41b..128bd4a 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/main.tf
@@ -41,6 +41,7 @@ provider "aws" {
 }
 
 locals {
+  ami = "ami-0e2c8caa4b6378d8c"
   name   = "swarms"
   region = "us-east-1"
   ec2_subnet_id = "subnet-057c90cfe7b2e5646"
@@ -59,7 +60,32 @@ data "aws_ami" "ubuntu" {
       #"ubuntu/images/hvm-ssd/ubuntu*24*amd64-server*"
       "ubuntu/images/hvm-ssd-gp3/ubuntu-noble-24.04-amd64-server-*",
     ]
-    
+
+# from https://us-east-1.console.aws.amazon.com/ec2/home?region=us-east-1#AMICatalog:https://us-east-1.console.aws.amazon.com/ec2/home?region=us-east-1#AMICatalog:    
+# ubuntu (2 filtered, 8 unfiltered)
+# Free tier eligible
+# Ubuntu Server 24.04 LTS (HVM), SSD Volume Type
+# ami-0e2c8caa4b6378d8c (64-bit (x86)) / ami-0932ffb346ea84d48 (64-bit (Arm))
+# Platform: ubuntu
+# Root device type: ebs
+# Virtualization: hvm
+# ENA enabled: Yes
+# Select
+# 64-bit (x86)
+# 64-bit (Arm)
+# Ubuntu
+
+
+# ami-005fc0f236362e99f (64-bit (x86)) / ami-07ee04759daf109de (64-bit (Arm))
+# Ubuntu Server 22.04 LTS (HVM),EBS General Purpose (SSD) Volume Type. 
+# Platform: ubuntu
+# Root device type: ebs
+# Virtualization: hvm
+# ENA enabled: Yes
+# Select
+# 64-bit (x86)
+#   64-bit (Arm)
+  
     #"ubuntu/images/hvm-ssd-gp3/ubuntu-noble-24.04-arm64-server-20240823",
     #"ubuntu-minimal/images/hvm-ssd-gp3/ubuntu-noble-24.04-arm64-minimal-20240824",
     #"ubuntu-minimal/images/hvm-ssd-gp3/ubuntu-noble-24.04-amd64-minimal-20240813",
@@ -105,7 +131,7 @@ module "ec2" {
   source  = "terraform-aws-modules/ec2-instance/aws"
   associate_public_ip_address = true # for now
   name =  local.name
-  ami   = data.aws_ami.ubuntu.id
+  ami   = local.ami # data.aws_ami.ubuntu.id
   instance_type = "t3.large"
   create_iam_instance_profile = true
   iam_role_description        = "IAM role for EC2 instance"
@@ -116,11 +142,11 @@ module "ec2" {
 
   root_block_device = [
     {
-      #encrypted   = true
-      #volume_type = "gp3"
-      #throughput  = 200
-      volume_size = 50
-#      tags = local.tags
+
+      # best practice is encrypted at rest
+      encrypted   = true
+      volume_size = 30
+      volume_type           = "gp3"
     }
   ]
 

From f29b5df959a681539f641bb37a21fe827d78477f Mon Sep 17 00:00:00 2001
From: mike dupont <mike.dupont@introspector.local>
Date: Fri, 13 Dec 2024 12:14:54 -0500
Subject: [PATCH 07/39] bugfix egress

---
 .../components/machine_image/main.tf          | 96 +++++++++----------
 1 file changed, 48 insertions(+), 48 deletions(-)

diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/main.tf
index 128bd4a..8b46068 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/main.tf
@@ -51,46 +51,46 @@ locals {
   }
 }
 
-data "aws_ami" "ubuntu" {
-  most_recent = true
-  owners = ["099720109477"] # Ubuntu's account ID
-  filter {
-    name   = "name"
-    values = [
-      #"ubuntu/images/hvm-ssd/ubuntu*24*amd64-server*"
-      "ubuntu/images/hvm-ssd-gp3/ubuntu-noble-24.04-amd64-server-*",
-    ]
-
-# from https://us-east-1.console.aws.amazon.com/ec2/home?region=us-east-1#AMICatalog:https://us-east-1.console.aws.amazon.com/ec2/home?region=us-east-1#AMICatalog:    
-# ubuntu (2 filtered, 8 unfiltered)
-# Free tier eligible
-# Ubuntu Server 24.04 LTS (HVM), SSD Volume Type
-# ami-0e2c8caa4b6378d8c (64-bit (x86)) / ami-0932ffb346ea84d48 (64-bit (Arm))
-# Platform: ubuntu
-# Root device type: ebs
-# Virtualization: hvm
-# ENA enabled: Yes
-# Select
-# 64-bit (x86)
-# 64-bit (Arm)
-# Ubuntu
-
-
-# ami-005fc0f236362e99f (64-bit (x86)) / ami-07ee04759daf109de (64-bit (Arm))
-# Ubuntu Server 22.04 LTS (HVM),EBS General Purpose (SSD) Volume Type. 
-# Platform: ubuntu
-# Root device type: ebs
-# Virtualization: hvm
-# ENA enabled: Yes
-# Select
-# 64-bit (x86)
-#   64-bit (Arm)
+# data "aws_ami" "ubuntu" {
+#   most_recent = true
+#   owners = ["099720109477"] # Ubuntu's account ID
+#   filter {
+#     name   = "name"
+#     values = [
+#       #"ubuntu/images/hvm-ssd/ubuntu*24*amd64-server*"
+#       "ubuntu/images/hvm-ssd-gp3/ubuntu-noble-24.04-amd64-server-*",
+#     ]
+
+# # from https://us-east-1.console.aws.amazon.com/ec2/home?region=us-east-1#AMICatalog:https://us-east-1.console.aws.amazon.com/ec2/home?region=us-east-1#AMICatalog:    
+# # ubuntu (2 filtered, 8 unfiltered)
+# # Free tier eligible
+# # Ubuntu Server 24.04 LTS (HVM), SSD Volume Type
+# # ami-0e2c8caa4b6378d8c (64-bit (x86)) / ami-0932ffb346ea84d48 (64-bit (Arm))
+# # Platform: ubuntu
+# # Root device type: ebs
+# # Virtualization: hvm
+# # ENA enabled: Yes
+# # Select
+# # 64-bit (x86)
+# # 64-bit (Arm)
+# # Ubuntu
+
+
+# # ami-005fc0f236362e99f (64-bit (x86)) / ami-07ee04759daf109de (64-bit (Arm))
+# # Ubuntu Server 22.04 LTS (HVM),EBS General Purpose (SSD) Volume Type. 
+# # Platform: ubuntu
+# # Root device type: ebs
+# # Virtualization: hvm
+# # ENA enabled: Yes
+# # Select
+# # 64-bit (x86)
+# #   64-bit (Arm)
   
-    #"ubuntu/images/hvm-ssd-gp3/ubuntu-noble-24.04-arm64-server-20240823",
-    #"ubuntu-minimal/images/hvm-ssd-gp3/ubuntu-noble-24.04-arm64-minimal-20240824",
-    #"ubuntu-minimal/images/hvm-ssd-gp3/ubuntu-noble-24.04-amd64-minimal-20240813",
-  }
-}
+#     #"ubuntu/images/hvm-ssd-gp3/ubuntu-noble-24.04-arm64-server-20240823",
+#     #"ubuntu-minimal/images/hvm-ssd-gp3/ubuntu-noble-24.04-arm64-minimal-20240824",
+#     #"ubuntu-minimal/images/hvm-ssd-gp3/ubuntu-noble-24.04-amd64-minimal-20240813",
+#   }
+# }
 
 module "security_group_instance" {
   source  = "terraform-aws-modules/security-group/aws"
@@ -114,15 +114,15 @@ module "security_group_instance" {
     }
   ]
 
-  #egress_rules = ["https-443-tcp"]
-  egress_with_cidr_blocks = [
-    {
-      from_port   = 443
-      to_port     = 443
-      protocol    = "tcp"
-      cidr_blocks = "0.0.0.0/0"
-    }
-  ]
+  egress_rules = ["all-all"]
+  # egress_with_cidr_blocks = [
+  #   {
+  #     from_port   = 0
+  #     to_port     = 0
+  #     protocol    = "tcp"
+  #     cidr_blocks = "0.0.0.0/0"
+  #   }
+  # ]
 
   tags = local.tags
 }

From f381197f3d80ca9e42b2749cb6b0e3a8ed84828d Mon Sep 17 00:00:00 2001
From: mike dupont <mike.dupont@introspector.local>
Date: Fri, 13 Dec 2024 14:14:28 -0500
Subject: [PATCH 08/39] adding updates and proposed changes

---
 .../components/machine_image/Readme.md        |   3 +
 .../components/machine_image/main.tf          | 126 +--------
 .../components/machine_image/main.tf.asg      | 253 ++++++++++++++++++
 .../machine_image/main.tf.consts.org          | 194 ++++++++++++++
 4 files changed, 454 insertions(+), 122 deletions(-)
 create mode 100644 environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/main.tf.asg
 create mode 100644 environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/main.tf.consts.org

diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/Readme.md b/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/Readme.md
index 7051cde..69b85c3 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/Readme.md
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/Readme.md
@@ -4,3 +4,6 @@ machine_image
 `tofu apply -destroy -target module.ec2.aws_spot_instance_request.this[0] -auto-approve`
 
 aws ec2 describe-images --owners 099720109477 > images.json
+* 
+  
+tofu state rm "module.ec2.aws_spot_instance_request.this[0]"
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/main.tf
index 8b46068..2dbea5b 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/main.tf
@@ -1,41 +1,3 @@
-
-# outputs
-# default_network_acl_id = "acl-032756394b24c5d7a"
-# default_route_table_id = "rtb-014dd7a2bcfc284ec"
-# default_security_group_id = "sg-0273ddcb04d73df49"
-# nat_ids = []
-# nat_public_ips = tolist([])
-# natgw_ids = []
-# private_ipv6_egress_route_ids = []
-# private_nat_gateway_route_ids = []
-# private_route_table_association_ids = []
-# private_route_table_ids = []
-# private_subnet_arns = []
-# private_subnets = []
-# private_subnets_cidr_blocks = tolist([])
-# private_subnets_ipv6_cidr_blocks = tolist([])
-# public_route_table_association_ids = []
-# public_route_table_ids = []
-# public_subnet_arns = []
-# public_subnets = []
-# public_subnets_cidr_blocks = tolist([])
-# public_subnets_ipv6_cidr_blocks = tolist([])
-# this_customer_gateway = {}
-# vpc_arn = "arn:aws:ec2:us-east-1:767503528736:vpc/vpc-04f28c9347af48b55"
-# vpc_cidr_block = "10.0.0.0/16"
-# vpc_enable_dns_hostnames = true
-# vpc_enable_dns_support = true
-# vpc_flow_log_cloudwatch_iam_role_arn = ""
-# vpc_flow_log_destination_arn = ""
-# vpc_flow_log_destination_type = "cloud-watch-logs"
-
-# vpc_instance_tenancy = "default"
-# vpc_ipv6_association_id = ""
-# vpc_ipv6_cidr_block = ""
-# vpc_main_route_table_id = "rtb-014dd7a2bcfc284ec"
-# vpc_owner_id = "767503528736"
-# vpc_secondary_cidr_blocks = tolist([])
-
 provider "aws" {
   region = "us-east-1"
 }
@@ -51,54 +13,12 @@ locals {
   }
 }
 
-# data "aws_ami" "ubuntu" {
-#   most_recent = true
-#   owners = ["099720109477"] # Ubuntu's account ID
-#   filter {
-#     name   = "name"
-#     values = [
-#       #"ubuntu/images/hvm-ssd/ubuntu*24*amd64-server*"
-#       "ubuntu/images/hvm-ssd-gp3/ubuntu-noble-24.04-amd64-server-*",
-#     ]
-
-# # from https://us-east-1.console.aws.amazon.com/ec2/home?region=us-east-1#AMICatalog:https://us-east-1.console.aws.amazon.com/ec2/home?region=us-east-1#AMICatalog:    
-# # ubuntu (2 filtered, 8 unfiltered)
-# # Free tier eligible
-# # Ubuntu Server 24.04 LTS (HVM), SSD Volume Type
-# # ami-0e2c8caa4b6378d8c (64-bit (x86)) / ami-0932ffb346ea84d48 (64-bit (Arm))
-# # Platform: ubuntu
-# # Root device type: ebs
-# # Virtualization: hvm
-# # ENA enabled: Yes
-# # Select
-# # 64-bit (x86)
-# # 64-bit (Arm)
-# # Ubuntu
-
-
-# # ami-005fc0f236362e99f (64-bit (x86)) / ami-07ee04759daf109de (64-bit (Arm))
-# # Ubuntu Server 22.04 LTS (HVM),EBS General Purpose (SSD) Volume Type. 
-# # Platform: ubuntu
-# # Root device type: ebs
-# # Virtualization: hvm
-# # ENA enabled: Yes
-# # Select
-# # 64-bit (x86)
-# #   64-bit (Arm)
-  
-#     #"ubuntu/images/hvm-ssd-gp3/ubuntu-noble-24.04-arm64-server-20240823",
-#     #"ubuntu-minimal/images/hvm-ssd-gp3/ubuntu-noble-24.04-arm64-minimal-20240824",
-#     #"ubuntu-minimal/images/hvm-ssd-gp3/ubuntu-noble-24.04-amd64-minimal-20240813",
-#   }
-# }
-
 module "security_group_instance" {
   source  = "terraform-aws-modules/security-group/aws"
   version = "~> 5.0"
   name        = "${local.name}-ec2"
   description = "Security Group for EC2 Instance"
   vpc_id = local.vpc_id
-  #ingress_rules            = ["https-443-tcp"]
   ingress_with_cidr_blocks = [
      {
        from_port   = 443
@@ -115,15 +35,6 @@ module "security_group_instance" {
   ]
 
   egress_rules = ["all-all"]
-  # egress_with_cidr_blocks = [
-  #   {
-  #     from_port   = 0
-  #     to_port     = 0
-  #     protocol    = "tcp"
-  #     cidr_blocks = "0.0.0.0/0"
-  #   }
-  # ]
-
   tags = local.tags
 }
 
@@ -142,8 +53,6 @@ module "ec2" {
 
   root_block_device = [
     {
-
-      # best practice is encrypted at rest
       encrypted   = true
       volume_size = 30
       volume_type           = "gp3"
@@ -168,37 +77,10 @@ bash -x /opt/swarms/api/install.sh
   tags = local.tags  
   create_spot_instance = true
   subnet_id     = local.ec2_subnet_id
-  #instance_market_options {    market_type = "spot"    spot_options {      #max_price = 0.0031
-  #}
-#}
 }
 
+TASK FOR GPT:
+#1/ create an autoscaling group
+#2/ create a launch template
+#3/ create a lambda function to trigger the launching of new instances
 
-# module "vpc_endpoints" {
-#   source  = "terraform-aws-modules/vpc/aws//modules/vpc-endpoints"
-#   version = "~> 5.0"
-
-#   vpc_id = module.vpc.vpc_id
-
-#   endpoints = { for service in toset(["ssm", "ssmmessages", "ec2messages"]) :
-#     replace(service, ".", "_") =>
-#     {
-#       service             = service
-#       subnet_ids          = module.vpc.intra_subnets
-#       private_dns_enabled = true
-#       tags                = { Name = "${local.name}-${service}" }
-#     }
-#   }
-
-#   create_security_group      = true
-#   security_group_name_prefix = "${local.name}-vpc-endpoints-"
-#   security_group_description = "VPC endpoint security group"
-#   security_group_rules = {
-#     ingress_https = {
-#       description = "HTTPS from subnets"
-#       cidr_blocks = #module.vpc.intra_subnets_cidr_blocks
-#     }
-#   }
-
-#   tags = local.tags
-# }
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/main.tf.asg b/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/main.tf.asg
new file mode 100644
index 0000000..b05f717
--- /dev/null
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/main.tf.asg
@@ -0,0 +1,253 @@
+provider "aws" {
+  region = "us-east-1"
+}
+
+locals {
+  ami = "ami-0e2c8caa4b6378d8c"
+  name   = "swarms"
+  region = "us-east-1"
+  ec2_subnet_id = "subnet-057c90cfe7b2e5646"
+  vpc_id = "vpc-04f28c9347af48b55"
+  tags = {
+    project="swarms"
+  }
+}
+
+module "security_group_instance" {
+  source  = "terraform-aws-modules/security-group/aws"
+  version = "~> 5.0"
+  name        = "${local.name}-ec2"
+  description = "Security Group for EC2 Instance"
+  vpc_id = local.vpc_id
+  ingress_with_cidr_blocks = [
+     {
+       from_port   = 443
+       to_port     = 443
+       protocol    = "tcp"
+       cidr_blocks = "0.0.0.0/0"
+     },
+    {
+      from_port   = 80
+      to_port     = 80
+      protocol    = "tcp"
+      cidr_blocks = "0.0.0.0/0"
+    }
+  ]
+
+  egress_rules = ["all-all"]
+  tags = local.tags
+}
+
+module "ec2" {
+  source  = "terraform-aws-modules/ec2-instance/aws"
+  associate_public_ip_address = true # for now
+  name =  local.name
+  ami   = local.ami # data.aws_ami.ubuntu.id
+  instance_type = "t3.large"
+  create_iam_instance_profile = true
+  iam_role_description        = "IAM role for EC2 instance"
+  iam_role_policies = {
+    AmazonSSMManagedInstanceCore = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
+  }
+  vpc_security_group_ids = [module.security_group_instance.security_group_id]
+
+  root_block_device = [
+    {
+      encrypted   = true
+      volume_size = 30
+      volume_type           = "gp3"
+    }
+  ]
+
+  user_data = <<-EOF
+#!/bin/bash
+export HOME=/root
+apt update
+apt-get install -y ec2-instance-connect git virtualenv
+
+if [ ! -d "/opt/swarms/" ];
+  then
+  git clone https://github.com/jmikedupont2/swarms "/opt/swarms/"
+fi    
+cd "/opt/swarms/" || exit 1 # "we need swarms"
+export BRANCH=feature/ec2
+git checkout --force  $BRANCH
+bash -x /opt/swarms/api/install.sh
+              EOF
+  tags = local.tags  
+  create_spot_instance = true
+  subnet_id     = local.ec2_subnet_id
+}
+
+TASK FOR GPT:
+#1/ create an autoscaling group
+#2/ create a launch template
+#3/ create a lambda function to trigger the launching of new instances
+
+
+
+To create an Auto Scaling group, a launch template, and a Lambda function to trigger the launching of new instances, you can add the following configurations to your Terraform script:
+
+### 1. Create a Launch Template
+
+```hcl
+resource "aws_launch_template" "ec2_launch_template" {
+  name_prefix           = "${local.name}-launch-template-"
+  image_id              = local.ami
+  instance_type        = "t3.large"
+  associate_public_ip_address = true
+  
+  iam_instance_profile {
+    name = aws_iam_instance_profile.ec2_instance_profile.name
+  }
+
+  key_name = "your-key-pair" # Replace with your key pair name
+
+  lifecycle {
+    create_before_destroy = true
+  }
+
+  block_device_mappings {
+    device_name = "/dev/xvda"
+    ebs {
+      volume_size = 30
+      volume_type = "gp3"
+      encrypted   = true
+    }
+  }
+
+  user_data = <<-EOF
+  #!/bin/bash
+  export HOME=/root
+  apt update
+  apt-get install -y ec2-instance-connect git virtualenv
+
+  if [ ! -d "/opt/swarms/" ]; then
+    git clone https://github.com/jmikedupont2/swarms "/opt/swarms/"
+  fi
+  cd "/opt/swarms/" || exit 1
+  export BRANCH=feature/ec2
+  git checkout --force $BRANCH
+  bash -x /opt/swarms/api/install.sh
+  EOF
+
+  tags = local.tags  
+}
+```
+
+### 2. Create an Auto Scaling Group
+
+```hcl
+resource "aws_autoscaling_group" "ec2_autoscaling_group" {
+  desired_capacity     = 1
+  max_size             = 5
+  min_size             = 1
+
+  launch_template {
+    id      = aws_launch_template.ec2_launch_template.id
+    version = "$Latest"
+  }
+
+  vpc_zone_identifier = [local.ec2_subnet_id]
+
+  tags = [
+    {
+      key                 = "Name"
+      value               = local.name
+      propagate_at_launch = true
+    },
+    {
+      key                 = "Project"
+      value               = local.tags.project
+      propagate_at_launch = true
+    }
+  ]
+}
+```
+
+### 3. Create a Lambda Function to Trigger New Instances
+
+```hcl
+resource "aws_iam_role" "lambda_role" {
+  name = "${local.name}-lambda-role"
+
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [{
+      Action = "sts:AssumeRole"
+      Effect = "Allow"
+      Principal = {
+        Service = "lambda.amazonaws.com"
+      }
+    }]
+  })
+}
+
+resource "aws_iam_policy" "lambda_scaling_policy" {
+  name        = "${local.name}-scaling-policy"
+  description = "Policy to allow Lambda to manage Auto Scaling"
+
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [{
+      Action = [
+        "autoscaling:DescribeAutoScalingGroups",
+        "autoscaling:SetDesiredCapacity"
+      ]
+      Resource = "*"
+      Effect = "Allow"
+    }]
+  })
+}
+
+resource "aws_iam_role_policy_attachment" "lambda_policy_attach" {
+  role       = aws_iam_role.lambda_role.name
+  policy_arn = aws_iam_policy.lambda_scaling_policy.arn
+}
+
+resource "aws_lambda_function" "scale_lambda" {
+  function_name = "${local.name}-scale-lambda"
+  role          = aws_iam_role.lambda_role.arn
+
+  runtime        = "python3.8"
+  handler        = "scale_lambda.handler"
+
+  source_code_hash = filebase64sha256("lambda/scale_lambda.zip")
+  
+  # Environment variables for the Lambda function
+  environment = {
+    AUTO_SCALING_GROUP_NAME = aws_autoscaling_group.ec2_autoscaling_group.name
+  }
+}
+```
+
+### 4. Lambda Function Code (Python)
+
+You'll need to create a file named `scale_lambda.py` in the `lambda/` directory with content like the following:
+
+```python
+import boto3
+import os
+
+def handler(event, context):
+    asg_name = os.environ['AUTO_SCALING_GROUP_NAME']
+    client = boto3.client('autoscaling')
+
+    response = client.describe_auto_scaling_groups(AutoScalingGroupNames=[asg_name])
+    desired_capacity = response['AutoScalingGroups'][0]['DesiredCapacity']
+    
+    # Example scaling logic
+    client.set_desired_capacity(
+        AutoScalingGroupName=asg_name,
+        DesiredCapacity=desired_capacity + 1,  # Increment desired instances
+        HonorCooldown=True
+    )
+```
+
+### Note
+- Replace `"your-key-pair"` in the launch template with your actual key pair name.
+- Ensure you have the right IAM permissions for your Lambda function.
+- You may need to handle packaging and deploying your Lambda function code (`scale_lambda.py`) as a zip file for Terraform.
+- Adjust desired capacity and scaling logic as per your requirement.
+
+This configuration sets up an Auto Scaling group with a launch template and a Lambda function that can adjust the desired number of running instances based on certain conditions (you would need to implement those conditions).
\ No newline at end of file
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/main.tf.consts.org b/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/main.tf.consts.org
new file mode 100644
index 0000000..192c054
--- /dev/null
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/main.tf.consts.org
@@ -0,0 +1,194 @@
+provider "aws" {
+  region = "us-east-1"
+}
+
+#1. create an interface to import these constants from other modules in a clean way
+locals {
+  ami = "ami-0e2c8caa4b6378d8c"
+  name   = "swarms"
+  region = "us-east-1"
+  ec2_subnet_id = "subnet-057c90cfe7b2e5646"
+  vpc_id = "vpc-04f28c9347af48b55"
+  tags = {
+    project="swarms"
+  }
+}
+
+module "security_group_instance" {
+  source  = "terraform-aws-modules/security-group/aws"
+  version = "~> 5.0"
+  name        = "${local.name}-ec2"
+  description = "Security Group for EC2 Instance"
+  vpc_id = local.vpc_id
+  ingress_with_cidr_blocks = [
+     {
+       from_port   = 443
+       to_port     = 443
+       protocol    = "tcp"
+       cidr_blocks = "0.0.0.0/0"
+     },
+    {
+      from_port   = 80
+      to_port     = 80
+      protocol    = "tcp"
+      cidr_blocks = "0.0.0.0/0"
+    }
+  ]
+
+  egress_rules = ["all-all"]
+  tags = local.tags
+}
+
+module "ec2" {
+  source  = "terraform-aws-modules/ec2-instance/aws"
+  associate_public_ip_address = true # for now
+  name =  local.name
+  ami   = local.ami # data.aws_ami.ubuntu.id
+  instance_type = "t3.large"
+  create_iam_instance_profile = true
+  iam_role_description        = "IAM role for EC2 instance"
+  iam_role_policies = {
+    AmazonSSMManagedInstanceCore = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
+  }
+  vpc_security_group_ids = [module.security_group_instance.security_group_id]
+
+  root_block_device = [
+    {
+      encrypted   = true
+      volume_size = 30
+      volume_type           = "gp3"
+    }
+  ]
+
+  user_data = <<-EOF
+#!/bin/bash
+export HOME=/root
+apt update
+apt-get install -y ec2-instance-connect git virtualenv
+
+if [ ! -d "/opt/swarms/" ];
+  then
+  git clone https://github.com/jmikedupont2/swarms "/opt/swarms/"
+fi    
+cd "/opt/swarms/" || exit 1 # "we need swarms"
+export BRANCH=feature/ec2
+git checkout --force  $BRANCH
+bash -x /opt/swarms/api/install.sh
+              EOF
+  tags = local.tags  
+  create_spot_instance = true
+  subnet_id     = local.ec2_subnet_id
+}
+
+# create an autoscaling group
+# create a launch template
+# create a lambda function to trigger the launching of new instances
+
+
+To create a clean interface for importing constants from other modules in Terraform, you can follow the structure outlined below. This involves the use of variables and outputs to encapsulate the constants while maintaining modularity. Here's a concise example:
+
+### 1. Define Variables in a `variables.tf` File
+
+```hcl
+variable "ami" {
+  description = "AMI ID for the EC2 instance"
+  type        = string
+}
+
+variable "name" {
+  description = "Name for the resources"
+  type        = string
+}
+
+variable "region" {
+  description = "AWS region"
+  type        = string
+}
+
+variable "ec2_subnet_id" {
+  description = "Subnet ID for the EC2 instance"
+  type        = string
+}
+
+variable "vpc_id" {
+  description = "VPC ID where resources are deployed"
+  type        = string
+}
+
+variable "tags" {
+  description = "Tags to assign to resources"
+  type        = map(string)
+}
+```
+
+### 2. Create a `locals.tf` File to Define Constants
+
+```hcl
+locals {
+  ami          = "ami-0e2c8caa4b6378d8c"
+  name         = "swarms"
+  region       = "us-east-1"
+  ec2_subnet_id = "subnet-057c90cfe7b2e5646"
+  vpc_id       = "vpc-04f28c9347af48b55"
+  tags         = {
+    project = "swarms"
+  }
+}
+```
+
+### 3. Outputs for Constants in an `outputs.tf` File
+
+```hcl
+output "ami" {
+  value = local.ami
+}
+
+output "name" {
+  value = local.name
+}
+
+output "region" {
+  value = local.region
+}
+
+output "ec2_subnet_id" {
+  value = local.ec2_subnet_id
+}
+
+output "vpc_id" {
+  value = local.vpc_id
+}
+
+output "tags" {
+  value = local.tags
+}
+```
+
+### 4. Import Variables in Other Modules
+
+In your main module or other resource modules, import these variables as shown below:
+
+```hcl
+module "constants" {
+  source = "./path-to-constants-module"  # replace with the actual path
+}
+
+# Use them as follows
+module "security_group_instance" {
+  source = "terraform-aws-modules/security-group/aws"
+  name   = "${module.constants.name}-ec2"
+  vpc_id = module.constants.vpc_id
+  # ... other configurations
+}
+
+module "ec2" {
+  ami   = module.constants.ami
+  name  = module.constants.name
+  subnet_id = module.constants.ec2_subnet_id
+  # ... other configurations
+}
+```
+
+### Summary
+
+This structure ensures that you can import and use constants across your Terraform module cleanly without hardcoding values in multiple places. Each module can reference these shared values as needed for configurations.

From 5c7e3a27f80deb187e16c888288c1a4f62702857 Mon Sep 17 00:00:00 2001
From: mike dupont <mike.dupont@introspector.local>
Date: Fri, 13 Dec 2024 14:46:41 -0500
Subject: [PATCH 09/39] work in progress

---
 .../components/autoscaling_group/main.tf      | 25 +++++++
 .../components/launch_template/main.tf        | 43 +++++++++++
 .../components/resource_launchers/main.tf     | 74 +++++++++++++++++++
 3 files changed, 142 insertions(+)
 create mode 100644 environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf
 create mode 100644 environments/swarms-aws-agent-api/dev/us-east-1/components/launch_template/main.tf
 create mode 100644 environments/swarms-aws-agent-api/dev/us-east-1/components/resource_launchers/main.tf

diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf
new file mode 100644
index 0000000..68456c2
--- /dev/null
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf
@@ -0,0 +1,25 @@
+resource "aws_autoscaling_group" "ec2_autoscaling_group" {
+  desired_capacity     = 1
+  max_size             = 5
+  min_size             = 1
+
+  launch_template {
+    id      = aws_launch_template.ec2_launch_template.id
+    version = "$Latest"
+  }
+
+  vpc_zone_identifier = [local.ec2_subnet_id]
+
+  tags = [
+    {
+      key                 = "Name"
+      value               = local.name
+      propagate_at_launch = true
+    },
+    {
+      key                 = "Project"
+      value               = local.tags.project
+      propagate_at_launch = true
+    }
+  ]
+}
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/launch_template/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/launch_template/main.tf
new file mode 100644
index 0000000..c0df856
--- /dev/null
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/launch_template/main.tf
@@ -0,0 +1,43 @@
+
+resource "aws_launch_template" "ec2_launch_template" {
+  name_prefix           = "${local.name}-launch-template-"
+  image_id              = local.ami
+  instance_type        = "t3.large"
+  associate_public_ip_address = true
+  
+  iam_instance_profile {
+    name = aws_iam_instance_profile.ec2_instance_profile.name
+  }
+
+  key_name = "your-key-pair" # Replace with your key pair name
+
+  lifecycle {
+    create_before_destroy = true
+  }
+
+  block_device_mappings {
+    device_name = "/dev/xvda"
+    ebs {
+      volume_size = 30
+      volume_type = "gp3"
+      encrypted   = true
+    }
+  }
+
+  user_data = <<-EOF
+  #!/bin/bash
+  export HOME=/root
+  apt update
+  apt-get install -y ec2-instance-connect git virtualenv
+
+  if [ ! -d "/opt/swarms/" ]; then
+    git clone https://github.com/jmikedupont2/swarms "/opt/swarms/"
+  fi
+  cd "/opt/swarms/" || exit 1
+  export BRANCH=feature/ec2
+  git checkout --force $BRANCH
+  bash -x /opt/swarms/api/install.sh
+  EOF
+
+  tags = local.tags  
+}
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/resource_launchers/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/resource_launchers/main.tf
new file mode 100644
index 0000000..70a86cd
--- /dev/null
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/resource_launchers/main.tf
@@ -0,0 +1,74 @@
+resource "aws_iam_role" "lambda_role" {
+  name = "${local.name}-lambda-role"
+
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [{
+      Action = "sts:AssumeRole"
+      Effect = "Allow"
+      Principal = {
+        Service = "lambda.amazonaws.com"
+      }
+    }]
+  })
+}
+
+resource "aws_iam_policy" "lambda_scaling_policy" {
+  name        = "${local.name}-scaling-policy"
+  description = "Policy to allow Lambda to manage Auto Scaling"
+
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [{
+      Action = [
+        "autoscaling:DescribeAutoScalingGroups",
+        "autoscaling:SetDesiredCapacity"
+      ]
+      Resource = "*"
+      Effect = "Allow"
+    }]
+  })
+}
+
+resource "aws_iam_role_policy_attachment" "lambda_policy_attach" {
+  role       = aws_iam_role.lambda_role.name
+  policy_arn = aws_iam_policy.lambda_scaling_policy.arn
+}
+
+resource "aws_lambda_function" "scale_lambda" {
+  function_name = "${local.name}-scale-lambda"
+  role          = aws_iam_role.lambda_role.arn
+
+  runtime        = "python3.8"
+  handler        = "scale_lambda.handler"
+
+  source_code_hash = filebase64sha256("lambda/scale_lambda.zip")
+  
+  # Environment variables for the Lambda function
+  environment = {
+    AUTO_SCALING_GROUP_NAME = aws_autoscaling_group.ec2_autoscaling_group.name
+  }
+}
+```
+
+### 4. Lambda Function Code (Python)
+
+You'll need to create a file named `scale_lambda.py` in the `lambda/` directory with content like the following:
+
+```python
+import boto3
+import os
+
+def handler(event, context):
+    asg_name = os.environ['AUTO_SCALING_GROUP_NAME']
+    client = boto3.client('autoscaling')
+
+    response = client.describe_auto_scaling_groups(AutoScalingGroupNames=[asg_name])
+    desired_capacity = response['AutoScalingGroups'][0]['DesiredCapacity']
+    
+    # Example scaling logic
+    client.set_desired_capacity(
+        AutoScalingGroupName=asg_name,
+        DesiredCapacity=desired_capacity + 1,  # Increment desired instances
+        HonorCooldown=True
+    )

From 7f1fd3accc38b76ea019e4d6aed804f9e666b4de Mon Sep 17 00:00:00 2001
From: mike dupont <mike.dupont@introspector.local>
Date: Fri, 13 Dec 2024 14:47:05 -0500
Subject: [PATCH 10/39] starting

---
 .../autoscaling_group/.terraform.lock.hcl     |  19 ++++
 .../components/autoscaling_group/Makefile     |   4 +
 .../components/autoscaling_group/main.tf      | 104 +++++++++++++++---
 .../launch_template/.terraform.lock.hcl       |  19 ++++
 .../components/launch_template/Makefile       |   4 +
 .../components/launch_template/main.tf        |  32 +++++-
 .../components/machine_image/main.tf          |  12 +-
 7 files changed, 172 insertions(+), 22 deletions(-)
 create mode 100644 environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/.terraform.lock.hcl
 create mode 100644 environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/Makefile
 create mode 100644 environments/swarms-aws-agent-api/dev/us-east-1/components/launch_template/.terraform.lock.hcl
 create mode 100644 environments/swarms-aws-agent-api/dev/us-east-1/components/launch_template/Makefile

diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/.terraform.lock.hcl b/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/.terraform.lock.hcl
new file mode 100644
index 0000000..a720cb2
--- /dev/null
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/.terraform.lock.hcl
@@ -0,0 +1,19 @@
+# This file is maintained automatically by "tofu init".
+# Manual edits may be lost in future updates.
+
+provider "registry.opentofu.org/hashicorp/aws" {
+  version = "5.81.0"
+  hashes = [
+    "h1:ird967uf44WBZ0u9rMlOdO4nCKJZMlUknLcD3lz4dWs=",
+    "zh:0d0c7cc1e16b16cd00ab36de35038162e1871b51a902e9016d08c55c9fc4de35",
+    "zh:0e4b8c6e46999015292ab4fb9a430ab00107a276f25243552cde66db53c58661",
+    "zh:30041314cdd4e877d75ee8c9d36aecfca094e276f7a3d8150f929cf5169b2fa5",
+    "zh:5ebd248ce3e5a7ef9cc2f41499668f182146325e10ea305c70469122f6161a13",
+    "zh:888a69d371373b418549e03f5922becb2b8074cb463552ecfa65f30455708db0",
+    "zh:8a21bb7fe60383ff5ca9db8630a287e41fd520d2514c08874a16dc74500fadd7",
+    "zh:9c4663dcbfe58544642d70ebfdc6c5fa91592ff04164f77c655e32e6024483e2",
+    "zh:b322873f1209443a8407d5f782d7d917de6a1391239dbd0e7f809ce6507bed76",
+    "zh:b7c9d5ca14b818b5932ac58a490646a425ebc41b33d149090aa5f48d1ca35c99",
+    "zh:e76cd202b03749f3082b0cbe849fd2e731cf3f9a6aa994d2d629602c3aede36c",
+  ]
+}
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/Makefile b/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/Makefile
new file mode 100644
index 0000000..6a6bebf
--- /dev/null
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/Makefile
@@ -0,0 +1,4 @@
+doit :
+	tofu init
+	tofu plan
+	tofu apply -auto-approve
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf
index 68456c2..f4d7b81 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf
@@ -1,25 +1,103 @@
+provider "aws" {
+  region = "us-east-1"
+}
+
+locals {
+  ami = "ami-0e2c8caa4b6378d8c"
+  name   = "swarms"
+  region = "us-east-1"
+  ec2_subnet_id = "subnet-057c90cfe7b2e5646"
+  vpc_id = "vpc-04f28c9347af48b55"
+  iam_instance_profile_name = "swarms-20241213150629570500000003"
+  tags = {
+    project="swarms"
+  }
+  launch_template_id = "lt-042e08d77d0fe4376"
+}
+
+
+# lt = {
+#   "arn" = "arn:aws:ec2:us-east-1:767503528736:launch-template/lt-042e08d77d0fe4376"
+#   "block_device_mappings" = tolist([
+#     {
+#       "device_name" = "/dev/xvda"
+#       "ebs" = tolist([
+#         {
+#           "delete_on_termination" = ""
+#           "encrypted" = "true"
+#           "iops" = 0
+#           "kms_key_id" = ""
+#           "snapshot_id" = ""
+#           "throughput" = 0
+#           "volume_size" = 30
+#           "volume_type" = "gp3"
+#         },
+#       ])
+#       "no_device" = ""
+#       "virtual_name" = ""
+#     },
+#   ])
+#   "capacity_reservation_specification" = tolist([])
+#   "cpu_options" = tolist([])
+#   "credit_specification" = tolist([])
+#   "default_version" = 1
+#   "description" = ""
+#   "disable_api_stop" = false
+#   "disable_api_termination" = false
+#   "ebs_optimized" = ""
+#   "elastic_gpu_specifications" = tolist([])
+#   "elastic_inference_accelerator" = tolist([])
+#   "enclave_options" = tolist([])
+#   "hibernation_options" = tolist([])
+#   "iam_instance_profile" = tolist([
+#     {
+#       "arn" = ""
+#       "name" = "swarms-20241213150629570500000003"
+#     },
+#   ])
+
+#   "image_id" = "ami-0e2c8caa4b6378d8c"
+#   "instance_initiated_shutdown_behavior" = ""
+#   "instance_market_options" = tolist([])
+#   "instance_requirements" = tolist([])
+#   "instance_type" = "t3.large"
+#   "kernel_id" = ""
+#   "key_name" = ""
+#   "latest_version" = 1
+#   "license_specification" = toset([])
+#   "maintenance_options" = tolist([])
+#   "metadata_options" = tolist([])
+#   "monitoring" = tolist([])
+#   "name" = "swarms-launch-template-20241213193104143500000001"
+#   "name_prefix" = "swarms-launch-template-"
+#   "network_interfaces" = tolist([])
+#   "placement" = tolist([])
+#   "private_dns_name_options" = tolist([])
+#   "ram_disk_id" = ""
+#   "security_group_names" = toset([])
+#   "tag_specifications" = tolist([])
+#   "tags" = tomap({
+#     "project" = "swarms"
+#   })
+#   "tags_all" = tomap({
+#     "project" = "swarms"
+#   })
+#   "update_default_version" = tobool(null)
+#   "user_data" = "IyEvYmluL2Jhc2gKZXhwb3J0IEhPTUU9L3Jvb3QKYXB0IHVwZGF0ZQphcHQtZ2V0IGluc3RhbGwgLXkgZWMyLWluc3RhbmNlLWNvbm5lY3QgZ2l0IHZpcnR1YWxlbnYKCmlmIFsgISAtZCAiL29wdC9zd2FybXMvIiBdOyB0aGVuCiAgZ2l0IGNsb25lIGh0dHBzOi8vZ2l0aHViLmNvbS9qbWlrZWR1cG9udDIvc3dhcm1zICIvb3B0L3N3YXJtcy8iCmZpCmNkICIvb3B0L3N3YXJtcy8iIHx8IGV4aXQgMQpleHBvcnQgQlJBTkNIPWZlYXR1cmUvZWMyCmdpdCBjaGVja291dCAtLWZvcmNlICRCUkFOQ0gKYmFzaCAteCAvb3B0L3N3YXJtcy9hcGkvaW5zdGFsbC5zaAo="
+#   "vpc_security_group_ids" = toset([])
+# }
+
 resource "aws_autoscaling_group" "ec2_autoscaling_group" {
   desired_capacity     = 1
   max_size             = 5
   min_size             = 1
 
   launch_template {
-    id      = aws_launch_template.ec2_launch_template.id
+    id      = local.launch_template_id #<aws_launch_template.ec2_launch_template.id
     version = "$Latest"
   }
 
   vpc_zone_identifier = [local.ec2_subnet_id]
 
-  tags = [
-    {
-      key                 = "Name"
-      value               = local.name
-      propagate_at_launch = true
-    },
-    {
-      key                 = "Project"
-      value               = local.tags.project
-      propagate_at_launch = true
-    }
-  ]
+
 }
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/launch_template/.terraform.lock.hcl b/environments/swarms-aws-agent-api/dev/us-east-1/components/launch_template/.terraform.lock.hcl
new file mode 100644
index 0000000..a720cb2
--- /dev/null
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/launch_template/.terraform.lock.hcl
@@ -0,0 +1,19 @@
+# This file is maintained automatically by "tofu init".
+# Manual edits may be lost in future updates.
+
+provider "registry.opentofu.org/hashicorp/aws" {
+  version = "5.81.0"
+  hashes = [
+    "h1:ird967uf44WBZ0u9rMlOdO4nCKJZMlUknLcD3lz4dWs=",
+    "zh:0d0c7cc1e16b16cd00ab36de35038162e1871b51a902e9016d08c55c9fc4de35",
+    "zh:0e4b8c6e46999015292ab4fb9a430ab00107a276f25243552cde66db53c58661",
+    "zh:30041314cdd4e877d75ee8c9d36aecfca094e276f7a3d8150f929cf5169b2fa5",
+    "zh:5ebd248ce3e5a7ef9cc2f41499668f182146325e10ea305c70469122f6161a13",
+    "zh:888a69d371373b418549e03f5922becb2b8074cb463552ecfa65f30455708db0",
+    "zh:8a21bb7fe60383ff5ca9db8630a287e41fd520d2514c08874a16dc74500fadd7",
+    "zh:9c4663dcbfe58544642d70ebfdc6c5fa91592ff04164f77c655e32e6024483e2",
+    "zh:b322873f1209443a8407d5f782d7d917de6a1391239dbd0e7f809ce6507bed76",
+    "zh:b7c9d5ca14b818b5932ac58a490646a425ebc41b33d149090aa5f48d1ca35c99",
+    "zh:e76cd202b03749f3082b0cbe849fd2e731cf3f9a6aa994d2d629602c3aede36c",
+  ]
+}
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/launch_template/Makefile b/environments/swarms-aws-agent-api/dev/us-east-1/components/launch_template/Makefile
new file mode 100644
index 0000000..6a6bebf
--- /dev/null
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/launch_template/Makefile
@@ -0,0 +1,4 @@
+doit :
+	tofu init
+	tofu plan
+	tofu apply -auto-approve
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/launch_template/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/launch_template/main.tf
index c0df856..b798573 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/launch_template/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/launch_template/main.tf
@@ -1,15 +1,30 @@
+provider "aws" {
+  region = "us-east-1"
+}
+
+locals {
+  ami = "ami-0e2c8caa4b6378d8c"
+  name   = "swarms"
+  region = "us-east-1"
+  ec2_subnet_id = "subnet-057c90cfe7b2e5646"
+  vpc_id = "vpc-04f28c9347af48b55"
+  iam_instance_profile_name = "swarms-20241213150629570500000003"
+  tags = {
+    project="swarms"
+  }
+}
 
 resource "aws_launch_template" "ec2_launch_template" {
   name_prefix           = "${local.name}-launch-template-"
   image_id              = local.ami
   instance_type        = "t3.large"
-  associate_public_ip_address = true
+  #associate_public_ip_address = true
   
   iam_instance_profile {
-    name = aws_iam_instance_profile.ec2_instance_profile.name
+    name = local.iam_instance_profile_name #aws_iam_instance_profile.ec2_instance_profile.name
   }
 
-  key_name = "your-key-pair" # Replace with your key pair name
+#  key_name = "your-key-pair" # Replace with your key pair name
 
   lifecycle {
     create_before_destroy = true
@@ -24,7 +39,9 @@ resource "aws_launch_template" "ec2_launch_template" {
     }
   }
 
-  user_data = <<-EOF
+  # GPT:TASK base64gz this  user data
+  #│ Error: creating EC2 Launch Template (swarms-launch-template-20241213192904511200000001): operation error EC2: CreateLaunchTemplate, https response error StatusCode: 400, RequestID: 6533fb57-90af-4a5a-9e63-3f995bc64672, api error InvalidUserData.Malformed: Invalid BASE64 encoding of user data.
+  user_data = base64encode(<<-EOF
   #!/bin/bash
   export HOME=/root
   apt update
@@ -38,6 +55,11 @@ resource "aws_launch_template" "ec2_launch_template" {
   git checkout --force $BRANCH
   bash -x /opt/swarms/api/install.sh
   EOF
-
+    )
   tags = local.tags  
 }
+
+
+output "lt" {
+  value = resource.aws_launch_template.ec2_launch_template
+}
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/main.tf
index 2dbea5b..ec203e8 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/main.tf
@@ -79,8 +79,12 @@ bash -x /opt/swarms/api/install.sh
   subnet_id     = local.ec2_subnet_id
 }
 
-TASK FOR GPT:
-#1/ create an autoscaling group
-#2/ create a launch template
-#3/ create a lambda function to trigger the launching of new instances
 
+output "ec2_data" {
+  value = module.ec2
+}
+
+output "iam_instance_profile_name" {
+  value = module.ec2.iam_instance_profile_id
+  description = "IAM Instance Profile Name created for EC2 instance"
+}

From b9a7e36288bb4685ab81bab728539ed03c31848d Mon Sep 17 00:00:00 2001
From: mike dupont <mike.dupont@introspector.local>
Date: Sat, 14 Dec 2024 08:55:45 -0500
Subject: [PATCH 11/39] moving towards asg support

---
 .../.terraform.lock.hcl                       |   3 +-
 .../dev/us-east-1/Makefile                    |   4 +
 .../application_load_balancer/Readme.md       |   2 +
 .../application_load_balancer/main.tf         | 627 ++++++++++++++++++
 .../components/autoscaling_group/main.tf      | 160 ++---
 .../dev/us-east-1/components/keypairs/main.tf |   4 +
 .../components/launch_template/main.tf        |  38 +-
 .../dev/us-east-1/components/security/main.tf | 123 ++++
 .../dev/us-east-1/main.tf                     | 542 ++++++++-------
 .../dev/us-east-1/refresh.sh                  |   2 +
 10 files changed, 1175 insertions(+), 330 deletions(-)
 rename environments/swarms-aws-agent-api/dev/us-east-1/{components/autoscaling_group => }/.terraform.lock.hcl (94%)
 create mode 100644 environments/swarms-aws-agent-api/dev/us-east-1/Makefile
 create mode 100644 environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf
 create mode 100644 environments/swarms-aws-agent-api/dev/us-east-1/components/keypairs/main.tf
 create mode 100644 environments/swarms-aws-agent-api/dev/us-east-1/components/security/main.tf
 create mode 100644 environments/swarms-aws-agent-api/dev/us-east-1/refresh.sh

diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/.terraform.lock.hcl b/environments/swarms-aws-agent-api/dev/us-east-1/.terraform.lock.hcl
similarity index 94%
rename from environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/.terraform.lock.hcl
rename to environments/swarms-aws-agent-api/dev/us-east-1/.terraform.lock.hcl
index a720cb2..4ae256b 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/.terraform.lock.hcl
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/.terraform.lock.hcl
@@ -2,7 +2,8 @@
 # Manual edits may be lost in future updates.
 
 provider "registry.opentofu.org/hashicorp/aws" {
-  version = "5.81.0"
+  version     = "5.81.0"
+  constraints = ">= 5.55.0"
   hashes = [
     "h1:ird967uf44WBZ0u9rMlOdO4nCKJZMlUknLcD3lz4dWs=",
     "zh:0d0c7cc1e16b16cd00ab36de35038162e1871b51a902e9016d08c55c9fc4de35",
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/Makefile b/environments/swarms-aws-agent-api/dev/us-east-1/Makefile
new file mode 100644
index 0000000..6a6bebf
--- /dev/null
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/Makefile
@@ -0,0 +1,4 @@
+doit :
+	tofu init
+	tofu plan
+	tofu apply -auto-approve
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/Readme.md b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/Readme.md
index 5a93134..0ca19bd 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/Readme.md
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/Readme.md
@@ -1 +1,3 @@
 application_load_balancer
+
+https://github.com/terraform-aws-modules/terraform-aws-alb.git
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf
new file mode 100644
index 0000000..a2ff758
--- /dev/null
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf
@@ -0,0 +1,627 @@
+#   variable "provider_alias" {
+#     type = any
+#   }
+
+variable  name    {} #   = local.name
+variable  vpc_id  {}  #= module.vpc.vpc_id
+variable  subnets {} #= module.vpc.public_subnets
+
+provider "aws" {
+  region = local.region
+}
+
+data "aws_availability_zones" "available" {}
+
+locals {
+  region = "eu-west-1"
+  name   = "ex-${basename(path.cwd)}"
+
+  vpc_cidr = "10.0.0.0/16"
+  azs      = slice(data.aws_availability_zones.available.names, 0, 3)
+
+  tags = {
+    Name       = local.name
+    Example    = local.name
+    Repository = "https://github.com/terraform-aws-modules/terraform-aws-alb"
+  }
+}
+
+##################################################################
+# Application Load Balancer
+##################################################################
+
+
+module "alb" {
+#  provider = var.provider_alias
+  source  = "terraform-aws-modules/alb/aws"
+  version = "9.12.0"
+
+  name    = var.name # local.name
+  vpc_id  = var.vpc_id # module.vpc.vpc_id
+  subnets = var.public_subnets # module.vpc.public_subnets
+
+  # For example only
+  #enable_deletion_protection = false
+
+  # Security Group
+  security_group_ingress_rules = {
+    all_http = {
+      from_port   = 80
+      to_port     = 80      
+      ip_protocol = "tcp"
+      description = "HTTP web traffic"
+      cidr_ipv4   = "0.0.0.0/0"
+    }
+    all_https = {
+      from_port   = 443
+      to_port     = 443
+      ip_protocol = "tcp"
+      description = "HTTPS web traffic"
+      cidr_ipv4   = "0.0.0.0/0"
+    }
+  }
+  security_group_egress_rules = {
+    all = {
+      ip_protocol = "-1"
+      cidr_ipv4   = module.vpc.vpc_cidr_block
+    }
+  }
+
+#  access_logs = {
+#    bucket = module.log_bucket.s3_bucket_id
+#    prefix = "access-logs"
+#  }
+
+#  connection_logs = {
+#    bucket  = module.log_bucket.s3_bucket_id
+#    enabled = true
+#    prefix  = "connection-logs"
+#  }
+
+  client_keep_alive = 7200
+
+  # listeners = {
+  #   ex-http-https-redirect = {
+  #     port     = 80
+  #     protocol = "HTTP"
+  #     redirect = {
+  #       port        = "443"
+  #       protocol    = "HTTPS"
+  #       status_code = "HTTP_301"
+  #     }
+
+  #     rules = {
+  #       ex-fixed-response = {
+  #         priority = 3
+  #         actions = [{
+  #           type         = "fixed-response"
+  #           content_type = "text/plain"
+  #           status_code  = 200
+  #           message_body = "This is a fixed response"
+  #         }]
+
+  #         conditions = [{
+  #           http_header = {
+  #             http_header_name = "x-Gimme-Fixed-Response"
+  #             values           = ["yes", "please", "right now"]
+  #           }
+  #         }]
+  #       }
+
+  #       ex-weighted-forward = {
+  #         priority = 4
+  #         actions = [{
+  #           type = "weighted-forward"
+  #           target_groups = [
+  #             {
+  #               target_group_key = "ex-lambda-with-trigger"
+  #               weight           = 2
+  #             },
+  #             {
+  #               target_group_key = "ex-instance"
+  #               weight           = 1
+  #             }
+  #           ]
+  #           stickiness = {
+  #             enabled  = true
+  #             duration = 3600
+  #           }
+  #         }]
+
+  #         conditions = [{
+  #           query_string = {
+  #             key   = "weighted"
+  #             value = "true"
+  #           }
+  #         }]
+  #       }
+
+  #       ex-redirect = {
+  #         priority = 5000
+  #         actions = [{
+  #           type        = "redirect"
+  #           status_code = "HTTP_302"
+  #           host        = "www.youtube.com"
+  #           path        = "/watch"
+  #           query       = "v=dQw4w9WgXcQ"
+  #           protocol    = "HTTPS"
+  #         }]
+
+  #         conditions = [{
+  #           query_string = [{
+  #             key   = "video"
+  #             value = "random"
+  #             },
+  #             {
+  #               key   = "image"
+  #               value = "next"
+  #           }]
+  #         }]
+  #       }
+  #     }
+  #   }
+
+  #   ex-http-weighted-target = {
+  #     port     = 81
+  #     protocol = "HTTP"
+  #     weighted_forward = {
+  #       target_groups = [
+  #         {
+  #           target_group_key = "ex-lambda-with-trigger"
+  #           weight           = 60
+  #         },
+  #         {
+  #           target_group_key = "ex-instance"
+  #           weight           = 40
+  #         }
+  #       ]
+  #     }
+  #   }
+
+  #   ex-fixed-response = {
+  #     port     = 82
+  #     protocol = "HTTP"
+  #     fixed_response = {
+  #       content_type = "text/plain"
+  #       message_body = "Fixed message"
+  #       status_code  = "200"
+  #     }
+  #   }
+
+  #   ex-https = {
+  #     port                        = 443
+  #     protocol                    = "HTTPS"
+  #     ssl_policy                  = "ELBSecurityPolicy-TLS13-1-2-Res-2021-06"
+  #     certificate_arn             = module.acm.acm_certificate_arn
+  #     additional_certificate_arns = [module.wildcard_cert.acm_certificate_arn]
+
+  #     forward = {
+  #       target_group_key = "ex-instance"
+  #     }
+
+  #     rules = {
+  #       ex-cognito = {
+  #         actions = [
+  #           {
+  #             type                       = "authenticate-cognito"
+  #             on_unauthenticated_request = "authenticate"
+  #             session_cookie_name        = "session-${local.name}"
+  #             session_timeout            = 3600
+  #             user_pool_arn              = aws_cognito_user_pool.this.arn
+  #             user_pool_client_id        = aws_cognito_user_pool_client.this.id
+  #             user_pool_domain           = aws_cognito_user_pool_domain.this.domain
+  #           },
+  #           {
+  #             type             = "forward"
+  #             target_group_key = "ex-instance"
+  #           }
+  #         ]
+
+  #         conditions = [{
+  #           path_pattern = {
+  #             values = ["/some/auth/required/route"]
+  #           }
+  #         }]
+  #       }
+
+  #       ex-fixed-response = {
+  #         priority = 3
+  #         actions = [{
+  #           type         = "fixed-response"
+  #           content_type = "text/plain"
+  #           status_code  = 200
+  #           message_body = "This is a fixed response"
+  #         }]
+
+  #         conditions = [{
+  #           http_header = {
+  #             http_header_name = "x-Gimme-Fixed-Response"
+  #             values           = ["yes", "please", "right now"]
+  #           }
+  #         }]
+  #       }
+
+  #       ex-weighted-forward = {
+  #         priority = 4
+  #         actions = [{
+  #           type = "weighted-forward"
+  #           target_groups = [
+  #             {
+  #               target_group_key = "ex-instance"
+  #               weight           = 2
+  #             },
+  #             {
+  #               target_group_key = "ex-lambda-with-trigger"
+  #               weight           = 1
+  #             }
+  #           ]
+  #           stickiness = {
+  #             enabled  = true
+  #             duration = 3600
+  #           }
+  #         }]
+
+  #         conditions = [{
+  #           query_string = {
+  #             key   = "weighted"
+  #             value = "true"
+  #           },
+  #           path_pattern = {
+  #             values = ["/some/path"]
+  #           }
+  #         }]
+  #       }
+
+  #       ex-redirect = {
+  #         priority = 5000
+  #         actions = [{
+  #           type        = "redirect"
+  #           status_code = "HTTP_302"
+  #           host        = "www.youtube.com"
+  #           path        = "/watch"
+  #           query       = "v=dQw4w9WgXcQ"
+  #           protocol    = "HTTPS"
+  #         }]
+
+  #         conditions = [{
+  #           query_string = {
+  #             key   = "video"
+  #             value = "random"
+  #           }
+  #         }]
+  #       }
+  #     }
+  #   }
+
+  #   ex-cognito = {
+  #     port            = 444
+  #     protocol        = "HTTPS"
+  #     certificate_arn = module.acm.acm_certificate_arn
+
+  #     authenticate_cognito = {
+  #       authentication_request_extra_params = {
+  #         display = "page"
+  #         prompt  = "login"
+  #       }
+  #       on_unauthenticated_request = "authenticate"
+  #       session_cookie_name        = "session-${local.name}"
+  #       session_timeout            = 3600
+  #       user_pool_arn              = aws_cognito_user_pool.this.arn
+  #       user_pool_client_id        = aws_cognito_user_pool_client.this.id
+  #       user_pool_domain           = aws_cognito_user_pool_domain.this.domain
+  #     }
+
+  #     forward = {
+  #       target_group_key = "ex-instance"
+  #     }
+
+  #     rules = {
+  #       ex-oidc = {
+  #         priority = 2
+
+  #         actions = [
+  #           {
+  #             type = "authenticate-oidc"
+  #             authentication_request_extra_params = {
+  #               display = "page"
+  #               prompt  = "login"
+  #             }
+  #             authorization_endpoint = "https://${var.domain_name}/auth"
+  #             client_id              = "client_id"
+  #             client_secret          = "client_secret"
+  #             issuer                 = "https://${var.domain_name}"
+  #             token_endpoint         = "https://${var.domain_name}/token"
+  #             user_info_endpoint     = "https://${var.domain_name}/user_info"
+  #           },
+  #           {
+  #             type             = "forward"
+  #             target_group_key = "ex-lambda-with-trigger"
+  #           }
+  #         ]
+
+  #         conditions = [{
+  #           host_header = {
+  #             values = ["foobar.com"]
+  #           }
+  #         }]
+  #       }
+  #     }
+  #   }
+
+  #   ex-oidc = {
+  #     port            = 445
+  #     protocol        = "HTTPS"
+  #     certificate_arn = module.acm.acm_certificate_arn
+  #     action_type     = "authenticate-oidc"
+  #     authenticate_oidc = {
+  #       authentication_request_extra_params = {
+  #         display = "page"
+  #         prompt  = "login"
+  #       }
+  #       authorization_endpoint = "https://${var.domain_name}/auth"
+  #       client_id              = "client_id"
+  #       client_secret          = "client_secret"
+  #       issuer                 = "https://${var.domain_name}"
+  #       token_endpoint         = "https://${var.domain_name}/token"
+  #       user_info_endpoint     = "https://${var.domain_name}/user_info"
+  #     }
+
+  #     forward = {
+  #       target_group_key = "ex-instance"
+  #     }
+  #   }
+  # }
+
+  # target_groups = {
+  #   ex-instance = {
+  #     name_prefix                       = "h1"
+  #     protocol                          = "HTTP"
+  #     port                              = 80
+  #     target_type                       = "instance"
+  #     deregistration_delay              = 10
+  #     load_balancing_algorithm_type     = "weighted_random"
+  #     load_balancing_anomaly_mitigation = "on"
+  #     load_balancing_cross_zone_enabled = false
+
+  #     target_group_health = {
+  #       dns_failover = {
+  #         minimum_healthy_targets_count = 2
+  #       }
+  #       unhealthy_state_routing = {
+  #         minimum_healthy_targets_percentage = 50
+  #       }
+  #     }
+
+  #     health_check = {
+  #       enabled             = true
+  #       interval            = 30
+  #       path                = "/healthz"
+  #       port                = "traffic-port"
+  #       healthy_threshold   = 3
+  #       unhealthy_threshold = 3
+  #       timeout             = 6
+  #       protocol            = "HTTP"
+  #       matcher             = "200-399"
+  #     }
+
+  #     protocol_version = "HTTP1"
+  #     target_id        = aws_instance.this.id
+  #     port             = 80
+  #     tags = {
+  #       InstanceTargetGroupTag = "baz"
+  #     }
+  #   }
+
+  #   ex-lambda-with-trigger = {
+  #     name_prefix                        = "l1-"
+  #     target_type                        = "lambda"
+  #     lambda_multi_value_headers_enabled = true
+  #     target_id                          = module.lambda_with_allowed_triggers.lambda_function_arn
+  #   }
+
+  #   ex-lambda-without-trigger = {
+  #     name_prefix              = "l2-"
+  #     target_type              = "lambda"
+  #     target_id                = module.lambda_without_allowed_triggers.lambda_function_arn
+  #     attach_lambda_permission = true
+  #   }
+  # }
+
+  # additional_target_group_attachments = {
+  #   ex-instance-other = {
+  #     target_group_key = "ex-instance"
+  #     target_type      = "instance"
+  #     target_id        = aws_instance.other.id
+  #     port             = "80"
+  #   }
+  # }
+
+  # # Route53 Record(s)
+  # route53_records = {
+  #   A = {
+  #     name    = local.name
+  #     type    = "A"
+  #     zone_id = data.aws_route53_zone.this.id
+  #   }
+  #   AAAA = {
+  #     name    = local.name
+  #     type    = "AAAA"
+  #     zone_id = data.aws_route53_zone.this.id
+  #   }
+  # }
+
+  tags = local.tags
+}
+
+#module "alb_disabled" {
+#  source = "../../"#
+#
+#  create = false
+#}
+
+# ################################################################################
+# # Using packaged function from Lambda module
+# ################################################################################
+
+# locals {
+#   package_url = "https://raw.githubusercontent.com/terraform-aws-modules/terraform-aws-lambda/master/examples/fixtures/python3.8-zip/existing_package.zip"
+#   downloaded  = "downloaded_package_${md5(local.package_url)}.zip"
+# }
+
+# resource "null_resource" "download_package" {
+#   triggers = {
+#     downloaded = local.downloaded
+#   }
+
+#   provisioner "local-exec" {
+#     command = "curl -L -o ${local.downloaded} ${local.package_url}"
+#   }
+# }
+
+# module "lambda_with_allowed_triggers" {
+#   source  = "terraform-aws-modules/lambda/aws"
+#   version = "~> 6.0"
+
+#   function_name = "${local.name}-with-allowed-triggers"
+#   description   = "My awesome lambda function (with allowed triggers)"
+#   handler       = "index.lambda_handler"
+#   runtime       = "python3.8"
+
+#   publish                = true
+#   create_package         = false
+#   local_existing_package = local.downloaded
+
+#   allowed_triggers = {
+#     AllowExecutionFromELB = {
+#       service    = "elasticloadbalancing"
+#       source_arn = module.alb.target_groups["ex-lambda-with-trigger"].arn
+#     }
+#   }
+
+#   depends_on = [null_resource.download_package]
+# }
+
+# module "lambda_without_allowed_triggers" {
+#   source  = "terraform-aws-modules/lambda/aws"
+#   version = "~> 6.0"
+
+#   function_name = "${local.name}-without-allowed-triggers"
+#   description   = "My awesome lambda function (without allowed triggers)"
+#   handler       = "index.lambda_handler"
+#   runtime       = "python3.8"
+
+#   publish                = true
+#   create_package         = false
+#   local_existing_package = local.downloaded
+
+#   # Allowed triggers will be managed by ALB module
+#   allowed_triggers = {}
+
+#   depends_on = [null_resource.download_package]
+# }
+
+# ################################################################################
+# # Supporting resources
+# ################################################################################
+
+# module "vpc" {
+#   source  = "terraform-aws-modules/vpc/aws"
+#   version = "~> 5.0"
+
+#   name = local.name
+#   cidr = local.vpc_cidr
+
+#   azs             = local.azs
+#   private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)]
+#   public_subnets  = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)]
+
+#   tags = local.tags
+# }
+
+# data "aws_route53_zone" "this" {
+#   name = var.domain_name
+# }
+
+# module "acm" {
+#   source  = "terraform-aws-modules/acm/aws"
+#   version = "~> 4.0"
+
+#   domain_name = var.domain_name
+#   zone_id     = data.aws_route53_zone.this.id
+# }
+
+# module "wildcard_cert" {
+#   source  = "terraform-aws-modules/acm/aws"
+#   version = "~> 4.0"
+
+#   domain_name = "*.${var.domain_name}"
+#   zone_id     = data.aws_route53_zone.this.id
+# }
+
+# data "aws_ssm_parameter" "al2" {
+#   name = "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2"
+# }
+
+# resource "aws_instance" "this" {
+#   ami           = data.aws_ssm_parameter.al2.value
+#   instance_type = "t3.nano"
+#   subnet_id     = element(module.vpc.private_subnets, 0)
+# }
+
+# resource "aws_instance" "other" {
+#   ami           = data.aws_ssm_parameter.al2.value
+#   instance_type = "t3.nano"
+#   subnet_id     = element(module.vpc.private_subnets, 0)
+# }
+
+# ##################################################################
+# # AWS Cognito User Pool
+# ##################################################################
+
+# resource "aws_cognito_user_pool" "this" {
+#   name = "user-pool-${local.name}"
+# }
+
+# resource "aws_cognito_user_pool_client" "this" {
+#   name                                 = "user-pool-client-${local.name}"
+#   user_pool_id                         = aws_cognito_user_pool.this.id
+#   generate_secret                      = true
+#   allowed_oauth_flows                  = ["code", "implicit"]
+#   callback_urls                        = ["https://${var.domain_name}/callback"]
+#   allowed_oauth_scopes                 = ["email", "openid"]
+#   allowed_oauth_flows_user_pool_client = true
+# }
+
+# resource "random_string" "this" {
+#   length  = 5
+#   upper   = false
+#   special = false
+# }
+
+# resource "aws_cognito_user_pool_domain" "this" {
+#   domain       = "${local.name}-${random_string.this.result}"
+#   user_pool_id = aws_cognito_user_pool.this.id
+# }
+
+#module#  "log_bucket" {
+#   source  = "terraform-aws-modules/s3-bucket/aws"
+#   version = "~> 3.0"
+
+#   bucket_prefix = "${local.name}-logs-"
+#   acl           = "log-delivery-write"
+
+#   # For example only
+#   force_destroy = true
+
+#   control_object_ownership = true
+#   object_ownership         = "ObjectWriter"
+
+#   attach_elb_log_delivery_policy = true # Required for ALB logs
+#   attach_lb_log_delivery_policy  = true # Required for ALB/NLB logs
+
+#   attach_deny_insecure_transport_policy = true
+#   attach_require_latest_tls_policy      = true
+
+#   tags = local.tags
+# }
+
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf
index f4d7b81..3e398f0 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf
@@ -1,3 +1,17 @@
+variable security_group_id {}
+variable instance_type {
+ # default = "t3.micro"
+}
+
+variable launch_template_id {
+
+}
+variable  image_id {
+  default = "ami-0e2c8caa4b6378d8c"
+}
+variable  vpc_id {
+  default = "vpc-04f28c9347af48b55"
+}
 provider "aws" {
   region = "us-east-1"
 }
@@ -7,97 +21,85 @@ locals {
   name   = "swarms"
   region = "us-east-1"
   ec2_subnet_id = "subnet-057c90cfe7b2e5646"
-  vpc_id = "vpc-04f28c9347af48b55"
-  iam_instance_profile_name = "swarms-20241213150629570500000003"
+
+  #iam_instance_profile_name = "swarms-20241213150629570500000003"
+  iam_instance_profile_arn = aws_iam_instance_profile.ssm.arn
   tags = {
     project="swarms"
   }
-  launch_template_id = "lt-042e08d77d0fe4376"
+
+  instance_type = var.instance_type
+}
+
+resource "aws_iam_instance_profile" "ssm" {
+  name = "ssm-${local.name}"
+  role = aws_iam_role.ssm.name
+  tags = local.tags
 }
+resource "aws_iam_role" "ssm" {
+  name = "ssm-${local.name}"
+  tags = local.tags
+
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17",
+    Statement = [
+      {
+        Action = "sts:AssumeRole",
+        Principal = {
+          Service = "ec2.amazonaws.com"
+        },
+        Effect = "Allow",
+        Sid    = ""
+      }
+    ]
+  })
+}
+
+module "autoscaling" {
+  source  = "terraform-aws-modules/autoscaling/aws"
+  version = "8.0.0"
+  name = local.name
 
 
-# lt = {
-#   "arn" = "arn:aws:ec2:us-east-1:767503528736:launch-template/lt-042e08d77d0fe4376"
-#   "block_device_mappings" = tolist([
-#     {
-#       "device_name" = "/dev/xvda"
-#       "ebs" = tolist([
-#         {
-#           "delete_on_termination" = ""
-#           "encrypted" = "true"
-#           "iops" = 0
-#           "kms_key_id" = ""
-#           "snapshot_id" = ""
-#           "throughput" = 0
-#           "volume_size" = 30
-#           "volume_type" = "gp3"
-#         },
-#       ])
-#       "no_device" = ""
-#       "virtual_name" = ""
-#     },
-#   ])
-#   "capacity_reservation_specification" = tolist([])
-#   "cpu_options" = tolist([])
-#   "credit_specification" = tolist([])
-#   "default_version" = 1
-#   "description" = ""
-#   "disable_api_stop" = false
-#   "disable_api_termination" = false
-#   "ebs_optimized" = ""
-#   "elastic_gpu_specifications" = tolist([])
-#   "elastic_inference_accelerator" = tolist([])
-#   "enclave_options" = tolist([])
-#   "hibernation_options" = tolist([])
-#   "iam_instance_profile" = tolist([
-#     {
-#       "arn" = ""
-#       "name" = "swarms-20241213150629570500000003"
-#     },
-#   ])
-
-#   "image_id" = "ami-0e2c8caa4b6378d8c"
-#   "instance_initiated_shutdown_behavior" = ""
-#   "instance_market_options" = tolist([])
-#   "instance_requirements" = tolist([])
-#   "instance_type" = "t3.large"
-#   "kernel_id" = ""
-#   "key_name" = ""
-#   "latest_version" = 1
-#   "license_specification" = toset([])
-#   "maintenance_options" = tolist([])
-#   "metadata_options" = tolist([])
-#   "monitoring" = tolist([])
-#   "name" = "swarms-launch-template-20241213193104143500000001"
-#   "name_prefix" = "swarms-launch-template-"
-#   "network_interfaces" = tolist([])
-#   "placement" = tolist([])
-#   "private_dns_name_options" = tolist([])
-#   "ram_disk_id" = ""
-#   "security_group_names" = toset([])
-#   "tag_specifications" = tolist([])
-#   "tags" = tomap({
-#     "project" = "swarms"
-#   })
-#   "tags_all" = tomap({
-#     "project" = "swarms"
-#   })
-#   "update_default_version" = tobool(null)
-#   "user_data" = "IyEvYmluL2Jhc2gKZXhwb3J0IEhPTUU9L3Jvb3QKYXB0IHVwZGF0ZQphcHQtZ2V0IGluc3RhbGwgLXkgZWMyLWluc3RhbmNlLWNvbm5lY3QgZ2l0IHZpcnR1YWxlbnYKCmlmIFsgISAtZCAiL29wdC9zd2FybXMvIiBdOyB0aGVuCiAgZ2l0IGNsb25lIGh0dHBzOi8vZ2l0aHViLmNvbS9qbWlrZWR1cG9udDIvc3dhcm1zICIvb3B0L3N3YXJtcy8iCmZpCmNkICIvb3B0L3N3YXJtcy8iIHx8IGV4aXQgMQpleHBvcnQgQlJBTkNIPWZlYXR1cmUvZWMyCmdpdCBjaGVja291dCAtLWZvcmNlICRCUkFOQ0gKYmFzaCAteCAvb3B0L3N3YXJtcy9hcGkvaW5zdGFsbC5zaAo="
-#   "vpc_security_group_ids" = toset([])
-# }
-
-resource "aws_autoscaling_group" "ec2_autoscaling_group" {
   desired_capacity     = 1
   max_size             = 5
   min_size             = 1
 
-  launch_template {
-    id      = local.launch_template_id #<aws_launch_template.ec2_launch_template.id
-    version = "$Latest"
-  }
+  create_launch_template = false
+  #launch_template_name        = "complete-${local.name}"
+  #launch_template_description = "Complete launch template example"
+  update_default_version      = true
+  
+  launch_template_id   = var.launch_template_id
+  launch_template_version   = "$Latest"
 
   vpc_zone_identifier = [local.ec2_subnet_id]
 
+  instance_market_options = {
+    market_type = "spot"
+  }
+  network_interfaces = [{
+    associate_public_ip_address=true
+    device_index                = 0
+    delete_on_termination       = true
+    description                 = "interface1"
+    security_groups       = [var.security_group_id]
+  }
+  ]
+  instance_type = var.instance_type
+  image_id = var.image_id
+
+  
+  create_iam_instance_profile = true
+  iam_role_name               = "ssm-${local.name}"
+  iam_role_path               = "/ec2/"
+  iam_role_description        = "SSM IAM role for swarms"
+  iam_role_tags = {
+    CustomIamRole = "Yes"
+  }
+
+  iam_role_policies = {
+    AmazonSSMManagedInstanceCore = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
+  }
 
 }
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/keypairs/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/keypairs/main.tf
new file mode 100644
index 0000000..8a8040b
--- /dev/null
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/keypairs/main.tf
@@ -0,0 +1,4 @@
+resource "aws_key_pair" "mdupont-deployer" {
+  key_name   = "mdupont-deployer-key"
+  public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCYh8dzILXDkDpXDJ+wUiru8EPNPETWWHHFlnVI7Uc2Bb2f/yHJL9bV0QUQ+/hN2OGeN3r4z34vf444A7oMXT8T2bnMDzXqGfrqpQ6+Xs7Cu2F6wGik+KDBsu52vhaATVLOnDegbhpQW+IikSvxe4huKOvQpF+p7Ex80B+XpBPEV23DXapjZI+FIsbYoD4Mp5qY/PmXisNCByayhBG7WBhCEtHxkvpFntkz/9bwk2kC/z2W1SIHufN5TbrxKPKWY5iguW0Mn2e/rNvxnxFZaRx224rQnRFBMSq4Oi91MNdilwDHFzkv4oVBtpUmCet84np8+DxCfzphyIpo899dRV+/f7dwb6ZY3cvBkALcWahsscuE4ypbroXQ40UPAa3gW1PirTNdMEiX+Ie/IzEDWWCJKdDv4JaGtKAPORfC7bbXnBYn5RASglOjI24w974Llyj5TXXKexjxsjF3wlSS6pNHFlFJnQzVfemcY6AqSJ0Xr8dfFbxpSYH9OFkvBhzPaec= mdupont@mdupont-G470"
+}
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/launch_template/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/launch_template/main.tf
index b798573..0a7e984 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/launch_template/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/launch_template/main.tf
@@ -1,3 +1,15 @@
+variable security_group_id {}
+variable  vpc_id {
+  default = "vpc-04f28c9347af48b55"
+}
+
+variable key_name {
+  default = "mdupont-deployer-key"
+}
+variable instance_type {
+ # default = "t3.micro"
+}
+
 provider "aws" {
   region = "us-east-1"
 }
@@ -14,11 +26,20 @@ locals {
   }
 }
 
+
+
 resource "aws_launch_template" "ec2_launch_template" {
   name_prefix           = "${local.name}-launch-template-"
   image_id              = local.ami
-  instance_type        = "t3.large"
-  #associate_public_ip_address = true
+  #  instance_type        = "t3.large"
+  key_name = var.key_name
+  instance_type        = var.instance_type#"t3.micro"
+#  vpc_security_group_ids          = [var.security_group_id]
+  network_interfaces {
+    associate_public_ip_address = true
+    delete_on_termination = true
+    security_groups          = [var.security_group_id]
+  }
   
   iam_instance_profile {
     name = local.iam_instance_profile_name #aws_iam_instance_profile.ec2_instance_profile.name
@@ -31,7 +52,7 @@ resource "aws_launch_template" "ec2_launch_template" {
   }
 
   block_device_mappings {
-    device_name = "/dev/xvda"
+    device_name = "/dev/sda1"
     ebs {
       volume_size = 30
       volume_type = "gp3"
@@ -39,19 +60,23 @@ resource "aws_launch_template" "ec2_launch_template" {
     }
   }
 
-  # GPT:TASK base64gz this  user data
-  #│ Error: creating EC2 Launch Template (swarms-launch-template-20241213192904511200000001): operation error EC2: CreateLaunchTemplate, https response error StatusCode: 400, RequestID: 6533fb57-90af-4a5a-9e63-3f995bc64672, api error InvalidUserData.Malformed: Invalid BASE64 encoding of user data.
   user_data = base64encode(<<-EOF
   #!/bin/bash
   export HOME=/root
   apt update
   apt-get install -y ec2-instance-connect git virtualenv
+  snap install amazon-ssm-agent --classic || echo oops1
+  snap start amazon-ssm-agent || echo oops2
+  apt-get install -y --no-install-recommends ca-certificates=20230311 curl=7.88.1-10+deb12u7 |  echo oops
+  curl -O "https://s3.amazonaws.com/amazoncloudwatch-agent/ubuntu/$(dpkg --print-architecture)/latest/amazon-cloudwatch-agent.deb"
+  dpkg -i -E amazon-cloudwatch-agent.deb
 
   if [ ! -d "/opt/swarms/" ]; then
     git clone https://github.com/jmikedupont2/swarms "/opt/swarms/"
   fi
   cd "/opt/swarms/" || exit 1
   export BRANCH=feature/ec2
+  git stash
   git checkout --force $BRANCH
   bash -x /opt/swarms/api/install.sh
   EOF
@@ -63,3 +88,6 @@ resource "aws_launch_template" "ec2_launch_template" {
 output "lt" {
   value = resource.aws_launch_template.ec2_launch_template
 }
+output "launch_template_id" {
+  value = resource.aws_launch_template.ec2_launch_template.id
+}
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/security/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/security/main.tf
new file mode 100644
index 0000000..d15c7d1
--- /dev/null
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/security/main.tf
@@ -0,0 +1,123 @@
+variable  vpc_id {
+  default = "vpc-04f28c9347af48b55"
+}
+
+locals {
+  ami = "ami-0e2c8caa4b6378d8c"
+  name   = "swarms"
+  region = "us-east-1"
+  ec2_subnet_id = "subnet-057c90cfe7b2e5646"
+
+  tags = {
+    project="swarms"
+  }
+
+}
+
+module "asg_sg" {
+  source  = "terraform-aws-modules/security-group/aws"
+  version = "~> 5.0"
+
+  name        = local.name
+  description = "A security group"
+  vpc_id      = var.vpc_id
+
+  ingress_cidr_blocks = ["0.0.0.0/0"]
+  ingress_rules = [
+    "https-443-tcp",
+    "http-80-tcp",
+    "ssh-tcp"
+  ]
+
+  egress_rules = ["all-all"]
+
+  tags = local.tags
+}
+
+output "security_group_id" {
+  value = module.asg_sg.security_group_id 
+}
+
+
+# tofu state show module.security.module.asg_sg.aws_security_group.this_name_prefix[0]
+# resource "aws_security_group" "this_name_prefix" {
+#     arn                    = "arn:aws:ec2:us-east-1:767503528736:security-group/sg-03c9752b62d0bcfe4"
+#     description            = "A security group"
+#     egress                 = [
+#         {
+#             cidr_blocks      = [
+#                 "0.0.0.0/0",
+#             ]
+#             description      = "All protocols"
+#             from_port        = 0
+#             ipv6_cidr_blocks = [
+#                 "::/0",
+#             ]
+#             prefix_list_ids  = []
+#             protocol         = "-1"
+#             security_groups  = []
+#             self             = false
+#             to_port          = 0
+#         },
+#     ]
+#     id                     = "sg-03c9752b62d0bcfe4"
+#     ingress                = [
+#         {
+#             cidr_blocks      = [
+#                 "0.0.0.0/0",
+#             ]
+#             description      = "HTTP"
+#             from_port        = 80
+#             ipv6_cidr_blocks = []
+#             prefix_list_ids  = []
+#             protocol         = "tcp"
+#             security_groups  = []
+#             self             = false
+#             to_port          = 80
+#         },
+#         {
+#             cidr_blocks      = [
+#                 "0.0.0.0/0",
+#             ]
+#             description      = "HTTPS"
+#             from_port        = 443
+#             ipv6_cidr_blocks = []
+#             prefix_list_ids  = []
+#             protocol         = "tcp"
+#             security_groups  = []
+#             self             = false
+#             to_port          = 443
+#         },
+#         {
+#             cidr_blocks      = [
+#                 "0.0.0.0/0",
+#             ]
+#             description      = "SSH"
+#             from_port        = 22
+#             ipv6_cidr_blocks = []
+#             prefix_list_ids  = []
+#             protocol         = "tcp"
+#             security_groups  = []
+#             self             = false
+#             to_port          = 22
+#         },
+#     ]
+#     name                   = "swarms-20241214133959057000000001"
+#     name_prefix            = "swarms-"
+#     owner_id               = "767503528736"
+#     revoke_rules_on_delete = false
+#     tags                   = {
+#         "Name"    = "swarms"
+#         "project" = "swarms"
+#     }
+#     tags_all               = {
+#         "Name"    = "swarms"
+#         "project" = "swarms"
+#     }
+#     vpc_id                 = "vpc-04f28c9347af48b55"
+
+#     timeouts {
+#         create = "10m"
+#         delete = "15m"
+#     }
+# }
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf
index fedbe36..6f907fe 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf
@@ -1,304 +1,356 @@
-#task :break this up into subtasks we will call you back for each subtask with this large text.
-# meta terraform quine meme 
-# create a terraform module that will call you back with its text.
-# each output will be a new more refined terraform module that will be executed
-# and the results send back to you and documented.
-
-# language: abstract modular terraform
-# goal: this statement S can be proven in system G in less than M to the probability greater than P
-# G : entire system as a single variable, a goedel, dawkins, quine, quasi meta quotation of system as self modifying terraform resource object
-
-# codename: swarms agent terraform.
-# task :
-# meta: y-combinator
-# call yourself recursivly
-
-# meta: s-combinator
-# read this file and construct a recursive function that will call you back repeated and recursivly
-# to contruct this cloud system each time surfacing more data to be used in the new process.
-# project: swarm terraform
-# mode: epic heros journey
-# journey : bootstrap
-# bootstrap: abstract native cloud
-# recursive evaluation
-# resources
-# 1. local kind cluster
-# 1.2 running argo cicd
-
-# 1.2.1 creating resources
-# 1.2.1.1 build or buy
-# 1.2.1.1.1 market quote
-
-# 1.1.1 creating other cloud resources
-
-# 1.1.1.1 creating aws accounts
-
-# 1.1.1.2 configuring secrets
-# 1.1.1.2.1 to hold wallets
-# 1.1.1.3 configuring IAM user authentication
-# 1.1.1.3.0 creating siloed accounts that have minimal access needed.
-# 1.1.1.3.1 configuring oauth providers on cloud
-# 1.1.1.3.1.1 auth0|cognito|github apps as entry points to our network.
-# 1.1.1.3.1.2 eth wallets as entry point
-# 1.1.1.3.1.3 otp links
-# 1.1.1.3.1.4 otp qr code
-# qr codes as urls as entry points
-# 1.1.1.3.1.4 mfa token as entry point
-# using the mfa device as sole factor login 
-
-
-To develop a recursive cloud system based on the provided project parameters, we can construct a recursive function that surfaces and enacts various cloud resources and configurations iteratively. Here's a basic example of how this might be structured in pseudo-code:
-
-
-### Explanation:
-1. **Recursive Function**: `swarm_terraform(level)` serves as the main function that sets up resources based on the current recursion depth.
-2. **Setup Functions**: Helper functions are defined for local clusters, CI/CD, AWS accounts, secrets, and IAM.
-3. **Level-Based Logic**: The creation of resources and configurations is determined based on the recursion level, allowing the system to build incrementally.
-4. **Termination Condition**: The recursion stops at a defined `MAX_LEVEL` to prevent infinite execution.
-
-### Steps to Execution:
-- Implement specific logic within each helper function as per your project needs.
-- Adjust the `MAX_LEVEL` variable based on how detailed or expansive you want the recursive processing to be.
-
-This structure provides a solid foundation for building out the cloud infrastructure recursively, driven by the initial parameters you've outlined.
-
-
-To express this concept in a modular Terraform-style pseudo-language, you may want to define a resource that captures the essence of your statement S while incorporating the probabilistic and self-referential properties of system G. Here’s a concise example:
-
-```hcl
-resource "godel_dawkins_quine" "system_G" {
-  name        = "G"
-  probability = var.P
-  threshold   = var.M
-
-  statement {
-    content = "S can be proven in system G"
-    complexity = calculate_complexity(content) # define this function for complexity measure
-    proven_in_time_less_than_M = complexity < var.M
-  }
+# #task :break this up into subtasks we will call you back for each subtask with this large text.
+# # meta terraform quine meme 
+# # create a terraform module that will call you back with its text.
+# # each output will be a new more refined terraform module that will be executed
+# # and the results send back to you and documented.
+
+# # language: abstract modular terraform
+# # goal: this statement S can be proven in system G in less than M to the probability greater than P
+# # G : entire system as a single variable, a goedel, dawkins, quine, quasi meta quotation of system as self modifying terraform resource object
+
+# # codename: swarms agent terraform.
+# # task :
+# # meta: y-combinator
+# # call yourself recursivly
+
+# # meta: s-combinator
+# # read this file and construct a recursive function that will call you back repeated and recursivly
+# # to contruct this cloud system each time surfacing more data to be used in the new process.
+# # project: swarm terraform
+# # mode: epic heros journey
+# # journey : bootstrap
+# # bootstrap: abstract native cloud
+# # recursive evaluation
+# # resources
+# # 1. local kind cluster
+# # 1.2 running argo cicd
+
+# # 1.2.1 creating resources
+# # 1.2.1.1 build or buy
+# # 1.2.1.1.1 market quote
+
+# # 1.1.1 creating other cloud resources
+
+# # 1.1.1.1 creating aws accounts
+
+# # 1.1.1.2 configuring secrets
+# # 1.1.1.2.1 to hold wallets
+# # 1.1.1.3 configuring IAM user authentication
+# # 1.1.1.3.0 creating siloed accounts that have minimal access needed.
+# # 1.1.1.3.1 configuring oauth providers on cloud
+# # 1.1.1.3.1.1 auth0|cognito|github apps as entry points to our network.
+# # 1.1.1.3.1.2 eth wallets as entry point
+# # 1.1.1.3.1.3 otp links
+# # 1.1.1.3.1.4 otp qr code
+# # qr codes as urls as entry points
+# # 1.1.1.3.1.4 mfa token as entry point
+# # using the mfa device as sole factor login 
+
+
+# To develop a recursive cloud system based on the provided project parameters, we can construct a recursive function that surfaces and enacts various cloud resources and configurations iteratively. Here's a basic example of how this might be structured in pseudo-code:
 
-  self_modifying {
-    enabled = true
-    modifications = ["update_probability", "redefine_threshold"]
-  }
-}
 
-variable "P" {
-  description = "Probability threshold"
-  type        = number
-  default     = 0.95
-}
+# ### Explanation:
+# 1. **Recursive Function**: `swarm_terraform(level)` serves as the main function that sets up resources based on the current recursion depth.
+# 2. **Setup Functions**: Helper functions are defined for local clusters, CI/CD, AWS accounts, secrets, and IAM.
+# 3. **Level-Based Logic**: The creation of resources and configurations is determined based on the recursion level, allowing the system to build incrementally.
+# 4. **Termination Condition**: The recursion stops at a defined `MAX_LEVEL` to prevent infinite execution.
+
+# ### Steps to Execution:
+# - Implement specific logic within each helper function as per your project needs.
+# - Adjust the `MAX_LEVEL` variable based on how detailed or expansive you want the recursive processing to be.
 
-variable "M" {
-  description = "Maximum time for proof"
-  type        = number
-  default     = 100  # example limit on time
-}
-```
+# This structure provides a solid foundation for building out the cloud infrastructure recursively, driven by the initial parameters you've outlined.
 
 
+# To express this concept in a modular Terraform-style pseudo-language, you may want to define a resource that captures the essence of your statement S while incorporating the probabilistic and self-referential properties of system G. Here’s a concise example:
 
+# ```hcl
+# resource "godel_dawkins_quine" "system_G" {
+#   name        = "G"
+#   probability = var.P
+#   threshold   = var.M
 
-It seems there might have been a misunderstanding or you are looking for further clarification. Here's an extended Terraform module example that incorporates recursive processes and configurations for cloud resources based on your initial request:
+#   statement {
+#     content = "S can be proven in system G"
+#     complexity = calculate_complexity(content) # define this function for complexity measure
+#     proven_in_time_less_than_M = complexity < var.M
+#   }
 
-```hcl
-terraform {
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = "~> 3.0"
-    }
-  }
-}
+#   self_modifying {
+#     enabled = true
+#     modifications = ["update_probability", "redefine_threshold"]
+#   }
+# }
 
-variable "max_levels" {
-  description = "Maximum level of recursion"
-  type        = number
-  default     = 3
-}
+# variable "P" {
+#   description = "Probability threshold"
+#   type        = number
+#   default     = 0.95
+# }
 
-resource "aws_iam_user" "swarm_user" {
-  count = var.max_levels
+# variable "M" {
+#   description = "Maximum time for proof"
+#   type        = number
+#   default     = 100  # example limit on time
+# }
+# ```
 
-  name = "swarm_user_${count.index}"
 
-  tags = {
-    Level = count.index
-  }
-}
 
-resource "aws_secretsmanager_secret" "swarm_secret" {
-  count = var.max_levels
 
-  name = "swarm_secret_${count.index}"
+# It seems there might have been a misunderstanding or you are looking for further clarification. Here's an extended Terraform module example that incorporates recursive processes and configurations for cloud resources based on your initial request:
 
-  description = "Secret for level ${count.index}"
-}
+# ```hcl
+# terraform {
+#   required_providers {
+#     aws = {
+#       source  = "hashicorp/aws"
+#       version = "~> 3.0"
+#     }
+#   }
+# }
 
-resource "aws_cognito_user_pool" "swarm_user_pool" {
-  count = var.max_levels
+# variable "max_levels" {
+#   description = "Maximum level of recursion"
+#   type        = number
+#   default     = 3
+# }
 
-  name = "swarm_user_pool_${count.index}"
-  alias_attributes = ["email"]
+# resource "aws_iam_user" "swarm_user" {
+#   count = var.max_levels
 
-  lambda_config {
-    pre_sign_up = aws_lambda_function.pre_sign_up[count.index].arn
-  }
-}
+#   name = "swarm_user_${count.index}"
 
-resource "aws_lambda_function" "pre_sign_up" {
-  count = var.max_levels
+#   tags = {
+#     Level = count.index
+#   }
+# }
 
-  function_name = "pre_sign_up_${count.index}"
-  runtime       = "nodejs14.x"
+# resource "aws_secretsmanager_secret" "swarm_secret" {
+#   count = var.max_levels
 
-  handler = "index.handler"
-  source_code_hash = filebase64sha256("path_to_your_lambda_zip_${count.index}.zip")
+#   name = "swarm_secret_${count.index}"
 
-  role = aws_iam_role.lambda_exec.arn
-}
+#   description = "Secret for level ${count.index}"
+# }
 
-resource "aws_iam_role" "lambda_exec" {
-  name = "lambda_exec_role"
-  
-  assume_role_policy = jsonencode({
-    Version = "2012-10-17"
-    Statement = [{
-      Action = "sts:AssumeRole"
-      Principal = {
-        Service = "lambda.amazonaws.com"
-      }
-      Effect = "Allow"
-      Sid = ""
-    }]
-  })
-}
+# resource "aws_cognito_user_pool" "swarm_user_pool" {
+#   count = var.max_levels
 
-output "swarm_users" {
-  value = aws_iam_user.swarm_user[*].name
-}
+#   name = "swarm_user_pool_${count.index}"
+#   alias_attributes = ["email"]
 
-output "swarm_secrets" {
-  value = aws_secretsmanager_secret.swarm_secret[*].name
-}
+#   lambda_config {
+#     pre_sign_up = aws_lambda_function.pre_sign_up[count.index].arn
+#   }
+# }
 
-output "swarm_user_pools" {
-  value = aws_cognito_user_pool.swarm_user_pool[*].id
-}
-```
+# resource "aws_lambda_function" "pre_sign_up" {
+#   count = var.max_levels
+
+#   function_name = "pre_sign_up_${count.index}"
+#   runtime       = "nodejs14.x"
+
+#   handler = "index.handler"
+#   source_code_hash = filebase64sha256("path_to_your_lambda_zip_${count.index}.zip")
 
-### Key Components:
+#   role = aws_iam_role.lambda_exec.arn
+# }
 
-- **Recursive Resource Creation**: The use of the `count` parameter simulates recursion by creating multiple instances of resources based on the specified `max_levels`.
+# resource "aws_iam_role" "lambda_exec" {
+#   name = "lambda_exec_role"
   
-- **IAM Users and Secrets**: Creates IAM users and AWS secrets for each level.
+#   assume_role_policy = jsonencode({
+#     Version = "2012-10-17"
+#     Statement = [{
+#       Action = "sts:AssumeRole"
+#       Principal = {
+#         Service = "lambda.amazonaws.com"
+#       }
+#       Effect = "Allow"
+#       Sid = ""
+#     }]
+#   })
+# }
+
+# output "swarm_users" {
+#   value = aws_iam_user.swarm_user[*].name
+# }
+
+# output "swarm_secrets" {
+#   value = aws_secretsmanager_secret.swarm_secret[*].name
+# }
+
+# output "swarm_user_pools" {
+#   value = aws_cognito_user_pool.swarm_user_pool[*].id
+# }
+# ```
+
+# ### Key Components:
+
+# - **Recursive Resource Creation**: The use of the `count` parameter simulates recursion by creating multiple instances of resources based on the specified `max_levels`.
+  
+# - **IAM Users and Secrets**: Creates IAM users and AWS secrets for each level.
 
-- **Cognito User Pools**: Sets up a user pool for authentication at each recursion depth.
+# - **Cognito User Pools**: Sets up a user pool for authentication at each recursion depth.
 
-- **Outputs**: Outputs the created IAM users, secrets, and Cognito user pools, allowing you to track the resources created at each level.
+# - **Outputs**: Outputs the created IAM users, secrets, and Cognito user pools, allowing you to track the resources created at each level.
 
-### Execution:
-- Adjust `max_levels` as needed to control the depth of resource creation.
-- Ensure that the paths to any Lambda function code or specific policies are set correctly.
+# ### Execution:
+# - Adjust `max_levels` as needed to control the depth of resource creation.
+# - Ensure that the paths to any Lambda function code or specific policies are set correctly.
 
-This example captures the essence of a meta Terraform module while following the recursive and self-referential principles you've outlined. Let me know how you would like to expand or modify this!
+# This example captures the essence of a meta Terraform module while following the recursive and self-referential principles you've outlined. Let me know how you would like to expand or modify this!
 
 
-It seems you're looking for further examples or a continuation of the Terraform module design. Here's a more comprehensive modular approach that emphasizes recursion and the creation of various cloud resources, broken down into subtasks for clarity:
+# It seems you're looking for further examples or a continuation of the Terraform module design. Here's a more comprehensive modular approach that emphasizes recursion and the creation of various cloud resources, broken down into subtasks for clarity:
 
-### Main Terraform Configuration
+# ### Main Terraform Configuration
 
-```hcl
-module "swarm_terraform" {
-  source        = "./modules/swarm" # Define the module source
-  level         = 1                  # Start at recursion level 1
-  max_levels    = var.max_levels     # Maximum recursion depth
-  aws_region    = var.aws_region      # AWS region variable
-}
+# ```hcl
+# module "swarm_terraform" {
+#   source        = "./modules/swarm" # Define the module source
+#   level         = 1                  # Start at recursion level 1
+#   max_levels    = var.max_levels     # Maximum recursion depth
+#   aws_region    = var.aws_region      # AWS region variable
+# }
 
-variable "max_levels" {
-  description = "Maximum depth for resource creation"
-  type        = number
-  default     = 3
-}
+# variable "max_levels" {
+#   description = "Maximum depth for resource creation"
+#   type        = number
+#   default     = 3
+# }
 
-variable "aws_region" {
-  description = "AWS region to deploy resources"
-  type        = string
-  default     = "us-east-1"
-}
-```
+# variable "aws_region" {
+#   description = "AWS region to deploy resources"
+#   type        = string
+#   default     = "us-east-1"
+# }
+# ```
 
-### Module: `modules/swarm/main.tf`
+# ### Module: `modules/swarm/main.tf`
 
-```hcl
-resource "aws_iam_user" "swarm_user" {
-  count = var.level <= var.max_levels ? 1 : 0
+# ```hcl
+# resource "aws_iam_user" "swarm_user" {
+#   count = var.level <= var.max_levels ? 1 : 0
   
-  name = "swarm_user_${var.level}"
+#   name = "swarm_user_${var.level}"
+
+#   tags = {
+#     Level = var.level
+#   }
+# }
+
+# resource "aws_secretsmanager_secret" "swarm_secret" {
+#   count = var.level <= var.max_levels ? 1 : 0
+
+#   name = "swarm_secret_${var.level}"
+# }
+
+# resource "aws_lambda_function" "pre_sign_up" {
+#   count = var.level <= var.max_levels ? 1 : 0
+
+#   function_name = "pre_sign_up_${var.level}"
+#   runtime       = "nodejs14.x"
+#   handler       = "index.handler"
+
+#   # Assuming the source code is provided
+#   source_code_hash = filebase64sha256("path_to_your_lambda_zip_${var.level}.zip")
+#   role            = aws_iam_role.lambda_exec.arn
+# }
+
+# resource "aws_iam_role" "lambda_exec" {
+#   name = "lambda_exec_role"
+
+#   assume_role_policy = jsonencode({
+#     Version = "2012-10-17"
+#     Statement = [{
+#       Action = "sts:AssumeRole"
+#       Principal = {
+#         Service = "lambda.amazonaws.com"
+#       }
+#       Effect = "Allow"
+#       Sid = ""
+#     }]
+#   })
+# }
+
+# # Recursive module call to create resources for the next level
+# module "swarm_terraform_next" {
+#   source        = "./main.tf"
+#   level         = var.level + 1
+#   max_levels    = var.max_levels
+#   aws_region    = var.aws_region
+#   depends_on    = [aws_iam_user.swarm_user, aws_secretsmanager_secret.swarm_secret, aws_lambda_function.pre_sign_up]
+# }
+# ```
+
+# ### Explanation:
+
+# 1. **Modular Structure**: This approach divides the resources into a module, making it reusable and expandable.
+   
+# 2. **Recursion Handling**: The module checks if the current `level` is less than or equal to `max_levels`. If it is, it creates the corresponding resources and calls itself for the next level.
 
-  tags = {
-    Level = var.level
-  }
-}
+# 3. **IAM User and Lambda Function**: Each recurred level creates new IAM users, Secrets Manager secrets, and Lambda functions, maintaining the recursion.
 
-resource "aws_secretsmanager_secret" "swarm_secret" {
-  count = var.level <= var.max_levels ? 1 : 0
+# 4. **Outputs**: Outputs can be included to retrieve created resource details at the end of processing, although they are not explicitly shown in this snippet.
 
-  name = "swarm_secret_${var.level}"
-}
+# ### Execution Steps:
+# - Ensure you have the appropriate IAM permissions and AWS configuration.
+# - Adjust the `max_levels` variable as desired, and ensure the paths to any Lambda function source code are correctly defined.
+# - Use `terraform apply` to trigger the recursion and monitor resource creation.
 
-resource "aws_lambda_function" "pre_sign_up" {
-  count = var.level <= var.max_levels ? 1 : 0
+# This format should give you a robust foundation for developing a complex, recursive Terraform setup. If you need further adjustments or detailed explanations on specific elements, let me know!
 
-  function_name = "pre_sign_up_${var.level}"
-  runtime       = "nodejs14.x"
-  handler       = "index.handler"
+#module "vpc" {
+#  source = "./components/vpc"
+#}
+locals {
+  ami = "ami-0e2c8caa4b6378d8c"
+  name   = "swarms"
+  region = "us-east-1"
+  ec2_subnet_id = "subnet-057c90cfe7b2e5646"
+  vpc_id = "vpc-04f28c9347af48b55"
+  tags = {
+    project="swarms"
+  }
+}
 
-  # Assuming the source code is provided
-  source_code_hash = filebase64sha256("path_to_your_lambda_zip_${var.level}.zip")
-  role            = aws_iam_role.lambda_exec.arn
+module "security" {
+  source = "./components/security"
 }
 
-resource "aws_iam_role" "lambda_exec" {
-  name = "lambda_exec_role"
-
-  assume_role_policy = jsonencode({
-    Version = "2012-10-17"
-    Statement = [{
-      Action = "sts:AssumeRole"
-      Principal = {
-        Service = "lambda.amazonaws.com"
-      }
-      Effect = "Allow"
-      Sid = ""
-    }]
-  })
+module "kp" {
+  source = "./components/keypairs"
 }
 
-# Recursive module call to create resources for the next level
-module "swarm_terraform_next" {
-  source        = "./main.tf"
-  level         = var.level + 1
-  max_levels    = var.max_levels
-  aws_region    = var.aws_region
-  depends_on    = [aws_iam_user.swarm_user, aws_secretsmanager_secret.swarm_secret, aws_lambda_function.pre_sign_up]
+module "lt" {
+  instance_type = "t3.medium"
+  security_group_id = module.security.security_group_id
+  source = "./components/launch_template"
 }
-```
 
-### Explanation:
 
-1. **Modular Structure**: This approach divides the resources into a module, making it reusable and expandable.
-   
-2. **Recursion Handling**: The module checks if the current `level` is less than or equal to `max_levels`. If it is, it creates the corresponding resources and calls itself for the next level.
+module "asg" {
+  source = "./components/autoscaling_group"
+  security_group_id = module.security.security_group_id
+  instance_type = "t3.medium"
+  launch_template_id = module.lt.launch_template_id
+}
 
-3. **IAM User and Lambda Function**: Each recurred level creates new IAM users, Secrets Manager secrets, and Lambda functions, maintaining the recursion.
+# module "alb" {
+# #  count = 0
+#   source = "./components/application_load_balancer"
+#   vpc_id = local.vpc_id
+# }
+# │
 
-4. **Outputs**: Outputs can be included to retrieve created resource details at the end of processing, although they are not explicitly shown in this snippet.
 
-### Execution Steps:
-- Ensure you have the appropriate IAM permissions and AWS configuration.
-- Adjust the `max_levels` variable as desired, and ensure the paths to any Lambda function source code are correctly defined.
-- Use `terraform apply` to trigger the recursion and monitor resource creation.
+output launch_template_id {
+  value = module.lt.launch_template_id
+}
 
-This format should give you a robust foundation for developing a complex, recursive Terraform setup. If you need further adjustments or detailed explanations on specific elements, let me know!
+output security_group_id {
+  value = module.security.security_group_id
+}
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/refresh.sh b/environments/swarms-aws-agent-api/dev/us-east-1/refresh.sh
new file mode 100644
index 0000000..40ce118
--- /dev/null
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/refresh.sh
@@ -0,0 +1,2 @@
+aws autoscaling start-instance-refresh \
+    --auto-scaling-group-name swarms-20241214050736278200000007

From d8898a44dec3c71b5b9eb9148cc6db318b2dd987 Mon Sep 17 00:00:00 2001
From: mike dupont <mike.dupont@introspector.local>
Date: Sat, 14 Dec 2024 09:37:50 -0500
Subject: [PATCH 12/39] now trying again with medium

had to wait for terraform to finish
---
 .../components/launch_template/main.tf        |   2 +-
 .../dev/us-east-1/components/security/main.tf |   2 +-
 .../dev/us-east-1/main.tf                     | 314 +-----------------
 .../dev/us-east-1/seed.md                     | 304 +++++++++++++++++
 4 files changed, 310 insertions(+), 312 deletions(-)
 create mode 100644 environments/swarms-aws-agent-api/dev/us-east-1/seed.md

diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/launch_template/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/launch_template/main.tf
index 0a7e984..1833dc9 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/launch_template/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/launch_template/main.tf
@@ -70,7 +70,7 @@ resource "aws_launch_template" "ec2_launch_template" {
   apt-get install -y --no-install-recommends ca-certificates=20230311 curl=7.88.1-10+deb12u7 |  echo oops
   curl -O "https://s3.amazonaws.com/amazoncloudwatch-agent/ubuntu/$(dpkg --print-architecture)/latest/amazon-cloudwatch-agent.deb"
   dpkg -i -E amazon-cloudwatch-agent.deb
-
+ 
   if [ ! -d "/opt/swarms/" ]; then
     git clone https://github.com/jmikedupont2/swarms "/opt/swarms/"
   fi
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/security/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/security/main.tf
index d15c7d1..779a1b1 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/security/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/security/main.tf
@@ -26,7 +26,7 @@ module "asg_sg" {
   ingress_rules = [
     "https-443-tcp",
     "http-80-tcp",
-    "ssh-tcp"
+#    "ssh-tcp" dont need this now
   ]
 
   egress_rules = ["all-all"]
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf
index 6f907fe..423543a 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf
@@ -1,312 +1,6 @@
-# #task :break this up into subtasks we will call you back for each subtask with this large text.
-# # meta terraform quine meme 
-# # create a terraform module that will call you back with its text.
-# # each output will be a new more refined terraform module that will be executed
-# # and the results send back to you and documented.
-
-# # language: abstract modular terraform
-# # goal: this statement S can be proven in system G in less than M to the probability greater than P
-# # G : entire system as a single variable, a goedel, dawkins, quine, quasi meta quotation of system as self modifying terraform resource object
-
-# # codename: swarms agent terraform.
-# # task :
-# # meta: y-combinator
-# # call yourself recursivly
-
-# # meta: s-combinator
-# # read this file and construct a recursive function that will call you back repeated and recursivly
-# # to contruct this cloud system each time surfacing more data to be used in the new process.
-# # project: swarm terraform
-# # mode: epic heros journey
-# # journey : bootstrap
-# # bootstrap: abstract native cloud
-# # recursive evaluation
-# # resources
-# # 1. local kind cluster
-# # 1.2 running argo cicd
-
-# # 1.2.1 creating resources
-# # 1.2.1.1 build or buy
-# # 1.2.1.1.1 market quote
-
-# # 1.1.1 creating other cloud resources
-
-# # 1.1.1.1 creating aws accounts
-
-# # 1.1.1.2 configuring secrets
-# # 1.1.1.2.1 to hold wallets
-# # 1.1.1.3 configuring IAM user authentication
-# # 1.1.1.3.0 creating siloed accounts that have minimal access needed.
-# # 1.1.1.3.1 configuring oauth providers on cloud
-# # 1.1.1.3.1.1 auth0|cognito|github apps as entry points to our network.
-# # 1.1.1.3.1.2 eth wallets as entry point
-# # 1.1.1.3.1.3 otp links
-# # 1.1.1.3.1.4 otp qr code
-# # qr codes as urls as entry points
-# # 1.1.1.3.1.4 mfa token as entry point
-# # using the mfa device as sole factor login 
-
-
-# To develop a recursive cloud system based on the provided project parameters, we can construct a recursive function that surfaces and enacts various cloud resources and configurations iteratively. Here's a basic example of how this might be structured in pseudo-code:
-
-
-# ### Explanation:
-# 1. **Recursive Function**: `swarm_terraform(level)` serves as the main function that sets up resources based on the current recursion depth.
-# 2. **Setup Functions**: Helper functions are defined for local clusters, CI/CD, AWS accounts, secrets, and IAM.
-# 3. **Level-Based Logic**: The creation of resources and configurations is determined based on the recursion level, allowing the system to build incrementally.
-# 4. **Termination Condition**: The recursion stops at a defined `MAX_LEVEL` to prevent infinite execution.
-
-# ### Steps to Execution:
-# - Implement specific logic within each helper function as per your project needs.
-# - Adjust the `MAX_LEVEL` variable based on how detailed or expansive you want the recursive processing to be.
-
-# This structure provides a solid foundation for building out the cloud infrastructure recursively, driven by the initial parameters you've outlined.
-
-
-# To express this concept in a modular Terraform-style pseudo-language, you may want to define a resource that captures the essence of your statement S while incorporating the probabilistic and self-referential properties of system G. Here’s a concise example:
-
-# ```hcl
-# resource "godel_dawkins_quine" "system_G" {
-#   name        = "G"
-#   probability = var.P
-#   threshold   = var.M
-
-#   statement {
-#     content = "S can be proven in system G"
-#     complexity = calculate_complexity(content) # define this function for complexity measure
-#     proven_in_time_less_than_M = complexity < var.M
-#   }
-
-#   self_modifying {
-#     enabled = true
-#     modifications = ["update_probability", "redefine_threshold"]
-#   }
-# }
-
-# variable "P" {
-#   description = "Probability threshold"
-#   type        = number
-#   default     = 0.95
-# }
-
-# variable "M" {
-#   description = "Maximum time for proof"
-#   type        = number
-#   default     = 100  # example limit on time
-# }
-# ```
-
-
-
-
-# It seems there might have been a misunderstanding or you are looking for further clarification. Here's an extended Terraform module example that incorporates recursive processes and configurations for cloud resources based on your initial request:
-
-# ```hcl
-# terraform {
-#   required_providers {
-#     aws = {
-#       source  = "hashicorp/aws"
-#       version = "~> 3.0"
-#     }
-#   }
-# }
-
-# variable "max_levels" {
-#   description = "Maximum level of recursion"
-#   type        = number
-#   default     = 3
-# }
-
-# resource "aws_iam_user" "swarm_user" {
-#   count = var.max_levels
-
-#   name = "swarm_user_${count.index}"
-
-#   tags = {
-#     Level = count.index
-#   }
-# }
-
-# resource "aws_secretsmanager_secret" "swarm_secret" {
-#   count = var.max_levels
-
-#   name = "swarm_secret_${count.index}"
-
-#   description = "Secret for level ${count.index}"
-# }
-
-# resource "aws_cognito_user_pool" "swarm_user_pool" {
-#   count = var.max_levels
-
-#   name = "swarm_user_pool_${count.index}"
-#   alias_attributes = ["email"]
-
-#   lambda_config {
-#     pre_sign_up = aws_lambda_function.pre_sign_up[count.index].arn
-#   }
-# }
-
-# resource "aws_lambda_function" "pre_sign_up" {
-#   count = var.max_levels
-
-#   function_name = "pre_sign_up_${count.index}"
-#   runtime       = "nodejs14.x"
-
-#   handler = "index.handler"
-#   source_code_hash = filebase64sha256("path_to_your_lambda_zip_${count.index}.zip")
-
-#   role = aws_iam_role.lambda_exec.arn
-# }
-
-# resource "aws_iam_role" "lambda_exec" {
-#   name = "lambda_exec_role"
-  
-#   assume_role_policy = jsonencode({
-#     Version = "2012-10-17"
-#     Statement = [{
-#       Action = "sts:AssumeRole"
-#       Principal = {
-#         Service = "lambda.amazonaws.com"
-#       }
-#       Effect = "Allow"
-#       Sid = ""
-#     }]
-#   })
-# }
-
-# output "swarm_users" {
-#   value = aws_iam_user.swarm_user[*].name
-# }
-
-# output "swarm_secrets" {
-#   value = aws_secretsmanager_secret.swarm_secret[*].name
-# }
-
-# output "swarm_user_pools" {
-#   value = aws_cognito_user_pool.swarm_user_pool[*].id
-# }
-# ```
-
-# ### Key Components:
-
-# - **Recursive Resource Creation**: The use of the `count` parameter simulates recursion by creating multiple instances of resources based on the specified `max_levels`.
-  
-# - **IAM Users and Secrets**: Creates IAM users and AWS secrets for each level.
-
-# - **Cognito User Pools**: Sets up a user pool for authentication at each recursion depth.
-
-# - **Outputs**: Outputs the created IAM users, secrets, and Cognito user pools, allowing you to track the resources created at each level.
-
-# ### Execution:
-# - Adjust `max_levels` as needed to control the depth of resource creation.
-# - Ensure that the paths to any Lambda function code or specific policies are set correctly.
-
-# This example captures the essence of a meta Terraform module while following the recursive and self-referential principles you've outlined. Let me know how you would like to expand or modify this!
-
-
-# It seems you're looking for further examples or a continuation of the Terraform module design. Here's a more comprehensive modular approach that emphasizes recursion and the creation of various cloud resources, broken down into subtasks for clarity:
-
-# ### Main Terraform Configuration
-
-# ```hcl
-# module "swarm_terraform" {
-#   source        = "./modules/swarm" # Define the module source
-#   level         = 1                  # Start at recursion level 1
-#   max_levels    = var.max_levels     # Maximum recursion depth
-#   aws_region    = var.aws_region      # AWS region variable
-# }
-
-# variable "max_levels" {
-#   description = "Maximum depth for resource creation"
-#   type        = number
-#   default     = 3
-# }
-
-# variable "aws_region" {
-#   description = "AWS region to deploy resources"
-#   type        = string
-#   default     = "us-east-1"
-# }
-# ```
-
-# ### Module: `modules/swarm/main.tf`
-
-# ```hcl
-# resource "aws_iam_user" "swarm_user" {
-#   count = var.level <= var.max_levels ? 1 : 0
-  
-#   name = "swarm_user_${var.level}"
-
-#   tags = {
-#     Level = var.level
-#   }
-# }
-
-# resource "aws_secretsmanager_secret" "swarm_secret" {
-#   count = var.level <= var.max_levels ? 1 : 0
-
-#   name = "swarm_secret_${var.level}"
-# }
-
-# resource "aws_lambda_function" "pre_sign_up" {
-#   count = var.level <= var.max_levels ? 1 : 0
-
-#   function_name = "pre_sign_up_${var.level}"
-#   runtime       = "nodejs14.x"
-#   handler       = "index.handler"
-
-#   # Assuming the source code is provided
-#   source_code_hash = filebase64sha256("path_to_your_lambda_zip_${var.level}.zip")
-#   role            = aws_iam_role.lambda_exec.arn
-# }
-
-# resource "aws_iam_role" "lambda_exec" {
-#   name = "lambda_exec_role"
-
-#   assume_role_policy = jsonencode({
-#     Version = "2012-10-17"
-#     Statement = [{
-#       Action = "sts:AssumeRole"
-#       Principal = {
-#         Service = "lambda.amazonaws.com"
-#       }
-#       Effect = "Allow"
-#       Sid = ""
-#     }]
-#   })
-# }
-
-# # Recursive module call to create resources for the next level
-# module "swarm_terraform_next" {
-#   source        = "./main.tf"
-#   level         = var.level + 1
-#   max_levels    = var.max_levels
-#   aws_region    = var.aws_region
-#   depends_on    = [aws_iam_user.swarm_user, aws_secretsmanager_secret.swarm_secret, aws_lambda_function.pre_sign_up]
-# }
-# ```
-
-# ### Explanation:
-
-# 1. **Modular Structure**: This approach divides the resources into a module, making it reusable and expandable.
-   
-# 2. **Recursion Handling**: The module checks if the current `level` is less than or equal to `max_levels`. If it is, it creates the corresponding resources and calls itself for the next level.
-
-# 3. **IAM User and Lambda Function**: Each recurred level creates new IAM users, Secrets Manager secrets, and Lambda functions, maintaining the recursion.
-
-# 4. **Outputs**: Outputs can be included to retrieve created resource details at the end of processing, although they are not explicitly shown in this snippet.
-
-# ### Execution Steps:
-# - Ensure you have the appropriate IAM permissions and AWS configuration.
-# - Adjust the `max_levels` variable as desired, and ensure the paths to any Lambda function source code are correctly defined.
-# - Use `terraform apply` to trigger the recursion and monitor resource creation.
-
-# This format should give you a robust foundation for developing a complex, recursive Terraform setup. If you need further adjustments or detailed explanations on specific elements, let me know!
-
-#module "vpc" {
-#  source = "./components/vpc"
-#}
 locals {
+  #  instance_type = "t3.large"
+  instance_type = "t3.medium"
   ami = "ami-0e2c8caa4b6378d8c"
   name   = "swarms"
   region = "us-east-1"
@@ -326,7 +20,7 @@ module "kp" {
 }
 
 module "lt" {
-  instance_type = "t3.medium"
+  instance_type = local.instance_type
   security_group_id = module.security.security_group_id
   source = "./components/launch_template"
 }
@@ -335,7 +29,7 @@ module "lt" {
 module "asg" {
   source = "./components/autoscaling_group"
   security_group_id = module.security.security_group_id
-  instance_type = "t3.medium"
+  instance_type = local.instance_type
   launch_template_id = module.lt.launch_template_id
 }
 
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/seed.md b/environments/swarms-aws-agent-api/dev/us-east-1/seed.md
new file mode 100644
index 0000000..e49e882
--- /dev/null
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/seed.md
@@ -0,0 +1,304 @@
+# #task :break this up into subtasks we will call you back for each subtask with this large text.
+# # meta terraform quine meme 
+# # create a terraform module that will call you back with its text.
+# # each output will be a new more refined terraform module that will be executed
+# # and the results send back to you and documented.
+
+# # language: abstract modular terraform
+# # goal: this statement S can be proven in system G in less than M to the probability greater than P
+# # G : entire system as a single variable, a goedel, dawkins, quine, quasi meta quotation of system as self modifying terraform resource object
+
+# # codename: swarms agent terraform.
+# # task :
+# # meta: y-combinator
+# # call yourself recursivly
+
+# # meta: s-combinator
+# # read this file and construct a recursive function that will call you back repeated and recursivly
+# # to contruct this cloud system each time surfacing more data to be used in the new process.
+# # project: swarm terraform
+# # mode: epic heros journey
+# # journey : bootstrap
+# # bootstrap: abstract native cloud
+# # recursive evaluation
+# # resources
+# # 1. local kind cluster
+# # 1.2 running argo cicd
+
+# # 1.2.1 creating resources
+# # 1.2.1.1 build or buy
+# # 1.2.1.1.1 market quote
+
+# # 1.1.1 creating other cloud resources
+
+# # 1.1.1.1 creating aws accounts
+
+# # 1.1.1.2 configuring secrets
+# # 1.1.1.2.1 to hold wallets
+# # 1.1.1.3 configuring IAM user authentication
+# # 1.1.1.3.0 creating siloed accounts that have minimal access needed.
+# # 1.1.1.3.1 configuring oauth providers on cloud
+# # 1.1.1.3.1.1 auth0|cognito|github apps as entry points to our network.
+# # 1.1.1.3.1.2 eth wallets as entry point
+# # 1.1.1.3.1.3 otp links
+# # 1.1.1.3.1.4 otp qr code
+# # qr codes as urls as entry points
+# # 1.1.1.3.1.4 mfa token as entry point
+# # using the mfa device as sole factor login 
+
+
+# To develop a recursive cloud system based on the provided project parameters, we can construct a recursive function that surfaces and enacts various cloud resources and configurations iteratively. Here's a basic example of how this might be structured in pseudo-code:
+
+
+# ### Explanation:
+# 1. **Recursive Function**: `swarm_terraform(level)` serves as the main function that sets up resources based on the current recursion depth.
+# 2. **Setup Functions**: Helper functions are defined for local clusters, CI/CD, AWS accounts, secrets, and IAM.
+# 3. **Level-Based Logic**: The creation of resources and configurations is determined based on the recursion level, allowing the system to build incrementally.
+# 4. **Termination Condition**: The recursion stops at a defined `MAX_LEVEL` to prevent infinite execution.
+
+# ### Steps to Execution:
+# - Implement specific logic within each helper function as per your project needs.
+# - Adjust the `MAX_LEVEL` variable based on how detailed or expansive you want the recursive processing to be.
+
+# This structure provides a solid foundation for building out the cloud infrastructure recursively, driven by the initial parameters you've outlined.
+
+
+# To express this concept in a modular Terraform-style pseudo-language, you may want to define a resource that captures the essence of your statement S while incorporating the probabilistic and self-referential properties of system G. Here’s a concise example:
+
+# ```hcl
+# resource "godel_dawkins_quine" "system_G" {
+#   name        = "G"
+#   probability = var.P
+#   threshold   = var.M
+
+#   statement {
+#     content = "S can be proven in system G"
+#     complexity = calculate_complexity(content) # define this function for complexity measure
+#     proven_in_time_less_than_M = complexity < var.M
+#   }
+
+#   self_modifying {
+#     enabled = true
+#     modifications = ["update_probability", "redefine_threshold"]
+#   }
+# }
+
+# variable "P" {
+#   description = "Probability threshold"
+#   type        = number
+#   default     = 0.95
+# }
+
+# variable "M" {
+#   description = "Maximum time for proof"
+#   type        = number
+#   default     = 100  # example limit on time
+# }
+# ```
+
+
+
+
+# It seems there might have been a misunderstanding or you are looking for further clarification. Here's an extended Terraform module example that incorporates recursive processes and configurations for cloud resources based on your initial request:
+
+# ```hcl
+# terraform {
+#   required_providers {
+#     aws = {
+#       source  = "hashicorp/aws"
+#       version = "~> 3.0"
+#     }
+#   }
+# }
+
+# variable "max_levels" {
+#   description = "Maximum level of recursion"
+#   type        = number
+#   default     = 3
+# }
+
+# resource "aws_iam_user" "swarm_user" {
+#   count = var.max_levels
+
+#   name = "swarm_user_${count.index}"
+
+#   tags = {
+#     Level = count.index
+#   }
+# }
+
+# resource "aws_secretsmanager_secret" "swarm_secret" {
+#   count = var.max_levels
+
+#   name = "swarm_secret_${count.index}"
+
+#   description = "Secret for level ${count.index}"
+# }
+
+# resource "aws_cognito_user_pool" "swarm_user_pool" {
+#   count = var.max_levels
+
+#   name = "swarm_user_pool_${count.index}"
+#   alias_attributes = ["email"]
+
+#   lambda_config {
+#     pre_sign_up = aws_lambda_function.pre_sign_up[count.index].arn
+#   }
+# }
+
+# resource "aws_lambda_function" "pre_sign_up" {
+#   count = var.max_levels
+
+#   function_name = "pre_sign_up_${count.index}"
+#   runtime       = "nodejs14.x"
+
+#   handler = "index.handler"
+#   source_code_hash = filebase64sha256("path_to_your_lambda_zip_${count.index}.zip")
+
+#   role = aws_iam_role.lambda_exec.arn
+# }
+
+# resource "aws_iam_role" "lambda_exec" {
+#   name = "lambda_exec_role"
+  
+#   assume_role_policy = jsonencode({
+#     Version = "2012-10-17"
+#     Statement = [{
+#       Action = "sts:AssumeRole"
+#       Principal = {
+#         Service = "lambda.amazonaws.com"
+#       }
+#       Effect = "Allow"
+#       Sid = ""
+#     }]
+#   })
+# }
+
+# output "swarm_users" {
+#   value = aws_iam_user.swarm_user[*].name
+# }
+
+# output "swarm_secrets" {
+#   value = aws_secretsmanager_secret.swarm_secret[*].name
+# }
+
+# output "swarm_user_pools" {
+#   value = aws_cognito_user_pool.swarm_user_pool[*].id
+# }
+# ```
+
+# ### Key Components:
+
+# - **Recursive Resource Creation**: The use of the `count` parameter simulates recursion by creating multiple instances of resources based on the specified `max_levels`.
+  
+# - **IAM Users and Secrets**: Creates IAM users and AWS secrets for each level.
+
+# - **Cognito User Pools**: Sets up a user pool for authentication at each recursion depth.
+
+# - **Outputs**: Outputs the created IAM users, secrets, and Cognito user pools, allowing you to track the resources created at each level.
+
+# ### Execution:
+# - Adjust `max_levels` as needed to control the depth of resource creation.
+# - Ensure that the paths to any Lambda function code or specific policies are set correctly.
+
+# This example captures the essence of a meta Terraform module while following the recursive and self-referential principles you've outlined. Let me know how you would like to expand or modify this!
+
+
+# It seems you're looking for further examples or a continuation of the Terraform module design. Here's a more comprehensive modular approach that emphasizes recursion and the creation of various cloud resources, broken down into subtasks for clarity:
+
+# ### Main Terraform Configuration
+
+# ```hcl
+# module "swarm_terraform" {
+#   source        = "./modules/swarm" # Define the module source
+#   level         = 1                  # Start at recursion level 1
+#   max_levels    = var.max_levels     # Maximum recursion depth
+#   aws_region    = var.aws_region      # AWS region variable
+# }
+
+# variable "max_levels" {
+#   description = "Maximum depth for resource creation"
+#   type        = number
+#   default     = 3
+# }
+
+# variable "aws_region" {
+#   description = "AWS region to deploy resources"
+#   type        = string
+#   default     = "us-east-1"
+# }
+# ```
+
+# ### Module: `modules/swarm/main.tf`
+
+# ```hcl
+# resource "aws_iam_user" "swarm_user" {
+#   count = var.level <= var.max_levels ? 1 : 0
+  
+#   name = "swarm_user_${var.level}"
+
+#   tags = {
+#     Level = var.level
+#   }
+# }
+
+# resource "aws_secretsmanager_secret" "swarm_secret" {
+#   count = var.level <= var.max_levels ? 1 : 0
+
+#   name = "swarm_secret_${var.level}"
+# }
+
+# resource "aws_lambda_function" "pre_sign_up" {
+#   count = var.level <= var.max_levels ? 1 : 0
+
+#   function_name = "pre_sign_up_${var.level}"
+#   runtime       = "nodejs14.x"
+#   handler       = "index.handler"
+
+#   # Assuming the source code is provided
+#   source_code_hash = filebase64sha256("path_to_your_lambda_zip_${var.level}.zip")
+#   role            = aws_iam_role.lambda_exec.arn
+# }
+
+# resource "aws_iam_role" "lambda_exec" {
+#   name = "lambda_exec_role"
+
+#   assume_role_policy = jsonencode({
+#     Version = "2012-10-17"
+#     Statement = [{
+#       Action = "sts:AssumeRole"
+#       Principal = {
+#         Service = "lambda.amazonaws.com"
+#       }
+#       Effect = "Allow"
+#       Sid = ""
+#     }]
+#   })
+# }
+
+# # Recursive module call to create resources for the next level
+# module "swarm_terraform_next" {
+#   source        = "./main.tf"
+#   level         = var.level + 1
+#   max_levels    = var.max_levels
+#   aws_region    = var.aws_region
+#   depends_on    = [aws_iam_user.swarm_user, aws_secretsmanager_secret.swarm_secret, aws_lambda_function.pre_sign_up]
+# }
+# ```
+
+# ### Explanation:
+
+# 1. **Modular Structure**: This approach divides the resources into a module, making it reusable and expandable.
+   
+# 2. **Recursion Handling**: The module checks if the current `level` is less than or equal to `max_levels`. If it is, it creates the corresponding resources and calls itself for the next level.
+
+# 3. **IAM User and Lambda Function**: Each recurred level creates new IAM users, Secrets Manager secrets, and Lambda functions, maintaining the recursion.
+
+# 4. **Outputs**: Outputs can be included to retrieve created resource details at the end of processing, although they are not explicitly shown in this snippet.
+
+# ### Execution Steps:
+# - Ensure you have the appropriate IAM permissions and AWS configuration.
+# - Adjust the `max_levels` variable as desired, and ensure the paths to any Lambda function source code are correctly defined.
+# - Use `terraform apply` to trigger the recursion and monitor resource creation.
+
+# This format should give you a robust foundation for developing a complex, recursive Terraform setup. If you need further adjustments or detailed explanations on specific elements, let me know!

From 7e7f8f9f7378758b3bed306bac0cac2a3769c9ac Mon Sep 17 00:00:00 2001
From: mike dupont <mike.dupont@introspector.local>
Date: Sat, 14 Dec 2024 10:26:15 -0500
Subject: [PATCH 13/39] many sizes

---
 .../components/autoscaling_group/main.tf      |  6 +++---
 .../dev/us-east-1/main.tf                     | 19 ++++++++++++++++++-
 2 files changed, 21 insertions(+), 4 deletions(-)

diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf
index 3e398f0..0dad0a8 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf
@@ -12,9 +12,9 @@ variable  image_id {
 variable  vpc_id {
   default = "vpc-04f28c9347af48b55"
 }
-provider "aws" {
-  region = "us-east-1"
-}
+#provider "aws" {
+#  region = "us-east-1"
+#}
 
 locals {
   ami = "ami-0e2c8caa4b6378d8c"
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf
index 423543a..10e56ea 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf
@@ -25,7 +25,6 @@ module "lt" {
   source = "./components/launch_template"
 }
 
-
 module "asg" {
   source = "./components/autoscaling_group"
   security_group_id = module.security.security_group_id
@@ -33,6 +32,24 @@ module "asg" {
   launch_template_id = module.lt.launch_template_id
 }
 
+variable "instance_types" {
+  type    = list(string)
+  default = [
+    "t4g.nano", "t3a.nano", "t3.nano", "t2.nano",
+    "t4g.micro", "t3a.micro", "t3.micro", "t2.micro", "t1.micro",
+    "t4g.small", "t3a.small",  "t3.small",  "t2.small",
+   # t2.medium t3.medium
+  ]
+}
+
+module "asg_dynamic" {
+  for_each = toset(var.instance_types)
+  source              = "./components/autoscaling_group"
+  security_group_id   = module.security.security_group_id
+  instance_type       = each.key
+  launch_template_id   = module.lt.launch_template_id
+}
+
 # module "alb" {
 # #  count = 0
 #   source = "./components/application_load_balancer"

From 7f40ba18430ae8c36e1b263cb54edfe50ad3a410 Mon Sep 17 00:00:00 2001
From: mike dupont <mike.dupont@introspector.local>
Date: Sat, 14 Dec 2024 11:05:35 -0500
Subject: [PATCH 14/39] now creating more sizes

---
 .../components/autoscaling_group/main.tf      | 13 ++++-----
 .../components/launch_template/main.tf        | 28 ++++++++-----------
 .../dev/us-east-1/main.tf                     | 12 +++++++-
 3 files changed, 28 insertions(+), 25 deletions(-)

diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf
index 0dad0a8..a13b3a8 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf
@@ -1,4 +1,5 @@
 variable security_group_id {}
+variable name {}
 variable instance_type {
  # default = "t3.micro"
 }
@@ -18,7 +19,7 @@ variable  vpc_id {
 
 locals {
   ami = "ami-0e2c8caa4b6378d8c"
-  name   = "swarms"
+ # name   = "swarms"
   region = "us-east-1"
   ec2_subnet_id = "subnet-057c90cfe7b2e5646"
 
@@ -32,12 +33,12 @@ locals {
 }
 
 resource "aws_iam_instance_profile" "ssm" {
-  name = "ssm-${local.name}"
+  name = "ssm-${var.name}"
   role = aws_iam_role.ssm.name
   tags = local.tags
 }
 resource "aws_iam_role" "ssm" {
-  name = "ssm-${local.name}"
+  name = "ssm-${var.name}"
   tags = local.tags
 
   assume_role_policy = jsonencode({
@@ -58,7 +59,7 @@ resource "aws_iam_role" "ssm" {
 module "autoscaling" {
   source  = "terraform-aws-modules/autoscaling/aws"
   version = "8.0.0"
-  name = local.name
+  name = var.name
 
 
   desired_capacity     = 1
@@ -66,8 +67,6 @@ module "autoscaling" {
   min_size             = 1
 
   create_launch_template = false
-  #launch_template_name        = "complete-${local.name}"
-  #launch_template_description = "Complete launch template example"
   update_default_version      = true
   
   launch_template_id   = var.launch_template_id
@@ -91,7 +90,7 @@ module "autoscaling" {
 
   
   create_iam_instance_profile = true
-  iam_role_name               = "ssm-${local.name}"
+  iam_role_name               = "ssm-${var.name}"
   iam_role_path               = "/ec2/"
   iam_role_description        = "SSM IAM role for swarms"
   iam_role_tags = {
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/launch_template/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/launch_template/main.tf
index 1833dc9..b823712 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/launch_template/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/launch_template/main.tf
@@ -1,4 +1,7 @@
 variable security_group_id {}
+variable name {
+  default = "swarms"
+}
 variable  vpc_id {
   default = "vpc-04f28c9347af48b55"
 }
@@ -6,51 +9,42 @@ variable  vpc_id {
 variable key_name {
   default = "mdupont-deployer-key"
 }
-variable instance_type {
- # default = "t3.micro"
-}
-
-provider "aws" {
-  region = "us-east-1"
-}
+# dont use this 
+variable instance_type {}
 
 locals {
   ami = "ami-0e2c8caa4b6378d8c"
-  name   = "swarms"
+#  name   = "swarms"
   region = "us-east-1"
   ec2_subnet_id = "subnet-057c90cfe7b2e5646"
   vpc_id = "vpc-04f28c9347af48b55"
   iam_instance_profile_name = "swarms-20241213150629570500000003"
   tags = {
     project="swarms"
+    instance_type = var.instance_type
+    name = var.name
   }
 }
 
 
 
 resource "aws_launch_template" "ec2_launch_template" {
-  name_prefix           = "${local.name}-launch-template-"
+  name_prefix           = "${var.name}-launch-template-"
   image_id              = local.ami
-  #  instance_type        = "t3.large"
   key_name = var.key_name
-  instance_type        = var.instance_type#"t3.micro"
-#  vpc_security_group_ids          = [var.security_group_id]
+  instance_type        = var.instance_type
   network_interfaces {
     associate_public_ip_address = true
     delete_on_termination = true
     security_groups          = [var.security_group_id]
   }
-  
+ 
   iam_instance_profile {
     name = local.iam_instance_profile_name #aws_iam_instance_profile.ec2_instance_profile.name
   }
-
-#  key_name = "your-key-pair" # Replace with your key pair name
-
   lifecycle {
     create_before_destroy = true
   }
-
   block_device_mappings {
     device_name = "/dev/sda1"
     ebs {
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf
index 10e56ea..b638bae 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf
@@ -27,6 +27,7 @@ module "lt" {
 
 module "asg" {
   source = "./components/autoscaling_group"
+  name="swarms"
   security_group_id = module.security.security_group_id
   instance_type = local.instance_type
   launch_template_id = module.lt.launch_template_id
@@ -42,12 +43,21 @@ variable "instance_types" {
   ]
 }
 
+module "lt_dynamic" {
+  for_each = toset(var.instance_types)
+  instance_type       = each.key
+  name       = "swarms-size-${each.key}"
+  security_group_id = module.security.security_group_id
+  source = "./components/launch_template"
+}
+
 module "asg_dynamic" {
   for_each = toset(var.instance_types)
   source              = "./components/autoscaling_group"
   security_group_id   = module.security.security_group_id
   instance_type       = each.key
-  launch_template_id   = module.lt.launch_template_id
+  name       = "swarms-size-${each.key}"
+  launch_template_id   = module.lt_dynamic[each.key].launch_template_id
 }
 
 # module "alb" {

From 107ae6a3d1f2d9bd5f0269dc9c6b30c5a57fd272 Mon Sep 17 00:00:00 2001
From: mike dupont <mike.dupont@introspector.local>
Date: Sat, 14 Dec 2024 11:36:52 -0500
Subject: [PATCH 15/39] removing too small

---
 .../swarms-aws-agent-api/dev/us-east-1/main.tf         | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf
index b638bae..eb17126 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf
@@ -36,10 +36,12 @@ module "asg" {
 variable "instance_types" {
   type    = list(string)
   default = [
-    "t4g.nano", "t3a.nano", "t3.nano", "t2.nano",
-    "t4g.micro", "t3a.micro", "t3.micro", "t2.micro", "t1.micro",
-    "t4g.small", "t3a.small",  "t3.small",  "t2.small",
-   # t2.medium t3.medium
+   # "t4g.nano", "t3a.nano", "t3.nano", "t2.nano",
+   # "t4g.micro", "t3a.micro", "t3.micro", "t2.micro", "t1.micro",
+    #"t4g.small", "t3a.small",
+    "t3.small",
+    #"t2.small", not working
+    "t2.medium" # "t3.medium"
   ]
 }
 

From 68c39a9f993f2f59556000168baf9f4509475bee Mon Sep 17 00:00:00 2001
From: mike dupont <mike.dupont@introspector.local>
Date: Sun, 15 Dec 2024 21:51:06 -0500
Subject: [PATCH 16/39] alb

---
 .../application_load_balancer/main.tf         | 172 ++++++++----------
 .../dev/us-east-1/main.tf                     |  52 ++++--
 2 files changed, 106 insertions(+), 118 deletions(-)

diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf
index a2ff758..85a5934 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf
@@ -3,17 +3,14 @@
 #   }
 
 variable  name    {} #   = local.name
+variable  domain_name    {} #   = local.name
 variable  vpc_id  {}  #= module.vpc.vpc_id
-variable  subnets {} #= module.vpc.public_subnets
-
-provider "aws" {
-  region = local.region
-}
+#variable  subnets {} #= module.vpc.public_subnets
+variable  public_subnets {} #= module.vpc.public_subnets
 
 data "aws_availability_zones" "available" {}
 
 locals {
-  region = "eu-west-1"
   name   = "ex-${basename(path.cwd)}"
 
   vpc_cidr = "10.0.0.0/16"
@@ -30,12 +27,9 @@ locals {
 # Application Load Balancer
 ##################################################################
 
-
 module "alb" {
-#  provider = var.provider_alias
   source  = "terraform-aws-modules/alb/aws"
   version = "9.12.0"
-
   name    = var.name # local.name
   vpc_id  = var.vpc_id # module.vpc.vpc_id
   subnets = var.public_subnets # module.vpc.public_subnets
@@ -63,9 +57,43 @@ module "alb" {
   security_group_egress_rules = {
     all = {
       ip_protocol = "-1"
-      cidr_ipv4   = module.vpc.vpc_cidr_block
+      cidr_ipv4   = "0.0.0.0/32" #module.vpc.vpc_cidr_block
     }
   }
+  client_keep_alive = 7200
+  target_groups = {
+    # ex-swarms-instance = {
+    #   name_prefix                       = "swarms"
+    #   protocol                          = "HTTP"
+    #   port                              = 80
+    #   target_type                       = "instance"
+    #   #deregistration_delay              = 10
+    #   #load_balancing_algorithm_type     = "weighted_random"
+    #   #load_balancing_anomaly_mitigation = "on"
+    #   #load_balancing_cross_zone_enabled = false
+    #   #protocol_version = "HTTP1"
+    #   #target_id        = "aws_instance.this.id"
+    #   #tags = {
+    #   #  InstanceTargetGroupTag = "swarms"
+    #   #}
+    # }
+  }
+  # listeners = {
+  #   ex-https = {
+  #     port                        = 443
+  #     protocol                    = "HTTPS"
+  #     #ssl_policy                  = "ELBSecurityPolicy-TLS13-1-2-Res-2021-06"
+  #     certificate_arn             = module.acm.acm_certificate_arn
+  #     #additional_certificate_arns = [module.wildcard_cert.acm_certificate_arn]
+  #     #forward = {
+  #       #target_group_key = "ex-swarms-instance"
+  # 	target_group_arn = "ex-swarms-instance"
+  # 	#target_group = []
+  #     #}
+  #   }
+  # }
+  tags = local.tags
+}
 
 #  access_logs = {
 #    bucket = module.log_bucket.s3_bucket_id
@@ -78,19 +106,16 @@ module "alb" {
 #    prefix  = "connection-logs"
 #  }
 
-  client_keep_alive = 7200
-
-  # listeners = {
-  #   ex-http-https-redirect = {
-  #     port     = 80
-  #     protocol = "HTTP"
-  #     redirect = {
-  #       port        = "443"
-  #       protocol    = "HTTPS"
-  #       status_code = "HTTP_301"
-  #     }
-
-  #     rules = {
+    # ex-http-https-redirect = {
+    #   port     = 80
+    #   protocol = "HTTP"
+    #   redirect = {
+    #     port        = "443"
+    #     protocol    = "HTTPS"
+    #     status_code = "HTTP_301"
+    #   }
+    # }
+      #     rules = {
   #       ex-fixed-response = {
   #         priority = 3
   #         actions = [{
@@ -99,7 +124,6 @@ module "alb" {
   #           status_code  = 200
   #           message_body = "This is a fixed response"
   #         }]
-
   #         conditions = [{
   #           http_header = {
   #             http_header_name = "x-Gimme-Fixed-Response"
@@ -107,7 +131,6 @@ module "alb" {
   #           }
   #         }]
   #       }
-
   #       ex-weighted-forward = {
   #         priority = 4
   #         actions = [{
@@ -127,7 +150,6 @@ module "alb" {
   #             duration = 3600
   #           }
   #         }]
-
   #         conditions = [{
   #           query_string = {
   #             key   = "weighted"
@@ -135,7 +157,6 @@ module "alb" {
   #           }
   #         }]
   #       }
-
   #       ex-redirect = {
   #         priority = 5000
   #         actions = [{
@@ -146,7 +167,6 @@ module "alb" {
   #           query       = "v=dQw4w9WgXcQ"
   #           protocol    = "HTTPS"
   #         }]
-
   #         conditions = [{
   #           query_string = [{
   #             key   = "video"
@@ -160,7 +180,6 @@ module "alb" {
   #       }
   #     }
   #   }
-
   #   ex-http-weighted-target = {
   #     port     = 81
   #     protocol = "HTTP"
@@ -177,7 +196,6 @@ module "alb" {
   #       ]
   #     }
   #   }
-
   #   ex-fixed-response = {
   #     port     = 82
   #     protocol = "HTTP"
@@ -187,18 +205,6 @@ module "alb" {
   #       status_code  = "200"
   #     }
   #   }
-
-  #   ex-https = {
-  #     port                        = 443
-  #     protocol                    = "HTTPS"
-  #     ssl_policy                  = "ELBSecurityPolicy-TLS13-1-2-Res-2021-06"
-  #     certificate_arn             = module.acm.acm_certificate_arn
-  #     additional_certificate_arns = [module.wildcard_cert.acm_certificate_arn]
-
-  #     forward = {
-  #       target_group_key = "ex-instance"
-  #     }
-
   #     rules = {
   #       ex-cognito = {
   #         actions = [
@@ -216,14 +222,12 @@ module "alb" {
   #             target_group_key = "ex-instance"
   #           }
   #         ]
-
   #         conditions = [{
   #           path_pattern = {
   #             values = ["/some/auth/required/route"]
   #           }
   #         }]
   #       }
-
   #       ex-fixed-response = {
   #         priority = 3
   #         actions = [{
@@ -232,7 +236,6 @@ module "alb" {
   #           status_code  = 200
   #           message_body = "This is a fixed response"
   #         }]
-
   #         conditions = [{
   #           http_header = {
   #             http_header_name = "x-Gimme-Fixed-Response"
@@ -240,7 +243,6 @@ module "alb" {
   #           }
   #         }]
   #       }
-
   #       ex-weighted-forward = {
   #         priority = 4
   #         actions = [{
@@ -260,7 +262,6 @@ module "alb" {
   #             duration = 3600
   #           }
   #         }]
-
   #         conditions = [{
   #           query_string = {
   #             key   = "weighted"
@@ -271,7 +272,6 @@ module "alb" {
   #           }
   #         }]
   #       }
-
   #       ex-redirect = {
   #         priority = 5000
   #         actions = [{
@@ -282,7 +282,6 @@ module "alb" {
   #           query       = "v=dQw4w9WgXcQ"
   #           protocol    = "HTTPS"
   #         }]
-
   #         conditions = [{
   #           query_string = {
   #             key   = "video"
@@ -291,13 +290,10 @@ module "alb" {
   #         }]
   #       }
   #     }
-  #   }
-
   #   ex-cognito = {
   #     port            = 444
   #     protocol        = "HTTPS"
   #     certificate_arn = module.acm.acm_certificate_arn
-
   #     authenticate_cognito = {
   #       authentication_request_extra_params = {
   #         display = "page"
@@ -310,15 +306,12 @@ module "alb" {
   #       user_pool_client_id        = aws_cognito_user_pool_client.this.id
   #       user_pool_domain           = aws_cognito_user_pool_domain.this.domain
   #     }
-
   #     forward = {
   #       target_group_key = "ex-instance"
   #     }
-
   #     rules = {
   #       ex-oidc = {
   #         priority = 2
-
   #         actions = [
   #           {
   #             type = "authenticate-oidc"
@@ -338,7 +331,6 @@ module "alb" {
   #             target_group_key = "ex-lambda-with-trigger"
   #           }
   #         ]
-
   #         conditions = [{
   #           host_header = {
   #             values = ["foobar.com"]
@@ -347,7 +339,6 @@ module "alb" {
   #       }
   #     }
   #   }
-
   #   ex-oidc = {
   #     port            = 445
   #     protocol        = "HTTPS"
@@ -365,24 +356,11 @@ module "alb" {
   #       token_endpoint         = "https://${var.domain_name}/token"
   #       user_info_endpoint     = "https://${var.domain_name}/user_info"
   #     }
-
   #     forward = {
   #       target_group_key = "ex-instance"
   #     }
   #   }
   # }
-
-  # target_groups = {
-  #   ex-instance = {
-  #     name_prefix                       = "h1"
-  #     protocol                          = "HTTP"
-  #     port                              = 80
-  #     target_type                       = "instance"
-  #     deregistration_delay              = 10
-  #     load_balancing_algorithm_type     = "weighted_random"
-  #     load_balancing_anomaly_mitigation = "on"
-  #     load_balancing_cross_zone_enabled = false
-
   #     target_group_health = {
   #       dns_failover = {
   #         minimum_healthy_targets_count = 2
@@ -391,7 +369,6 @@ module "alb" {
   #         minimum_healthy_targets_percentage = 50
   #       }
   #     }
-
   #     health_check = {
   #       enabled             = true
   #       interval            = 30
@@ -402,23 +379,13 @@ module "alb" {
   #       timeout             = 6
   #       protocol            = "HTTP"
   #       matcher             = "200-399"
-  #     }
-
-  #     protocol_version = "HTTP1"
-  #     target_id        = aws_instance.this.id
-  #     port             = 80
-  #     tags = {
-  #       InstanceTargetGroupTag = "baz"
-  #     }
-  #   }
-
+  #     }	 
   #   ex-lambda-with-trigger = {
   #     name_prefix                        = "l1-"
   #     target_type                        = "lambda"
   #     lambda_multi_value_headers_enabled = true
   #     target_id                          = module.lambda_with_allowed_triggers.lambda_function_arn
   #   }
-
   #   ex-lambda-without-trigger = {
   #     name_prefix              = "l2-"
   #     target_type              = "lambda"
@@ -426,7 +393,6 @@ module "alb" {
   #     attach_lambda_permission = true
   #   }
   # }
-
   # additional_target_group_attachments = {
   #   ex-instance-other = {
   #     target_group_key = "ex-instance"
@@ -435,7 +401,6 @@ module "alb" {
   #     port             = "80"
   #   }
   # }
-
   # # Route53 Record(s)
   # route53_records = {
   #   A = {
@@ -450,8 +415,6 @@ module "alb" {
   #   }
   # }
 
-  tags = local.tags
-}
 
 #module "alb_disabled" {
 #  source = "../../"#
@@ -538,18 +501,6 @@ module "alb" {
 #   tags = local.tags
 # }
 
-# data "aws_route53_zone" "this" {
-#   name = var.domain_name
-# }
-
-# module "acm" {
-#   source  = "terraform-aws-modules/acm/aws"
-#   version = "~> 4.0"
-
-#   domain_name = var.domain_name
-#   zone_id     = data.aws_route53_zone.this.id
-# }
-
 # module "wildcard_cert" {
 #   source  = "terraform-aws-modules/acm/aws"
 #   version = "~> 4.0"
@@ -621,7 +572,28 @@ module "alb" {
 
 #   attach_deny_insecure_transport_policy = true
 #   attach_require_latest_tls_policy      = true
-
 #   tags = local.tags
-# }
+#}
+
 
+resource "aws_route53_zone" "primary" {
+   name = var.domain_name
+}
+
+module "acm" {
+  source  = "terraform-aws-modules/acm/aws"
+  version = "~> 4.0"
+  domain_name = var.domain_name
+  zone_id     = aws_route53_zone.primary.zone_id
+}
+
+output zone_id {
+  value = aws_route53_zone.primary.zone_id
+}
+
+output zone {
+  value = aws_route53_zone.primary
+}
+output alb_target_group {
+  value = module.alb  
+}
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf
index eb17126..291ccee 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf
@@ -4,7 +4,9 @@ locals {
   ami = "ami-0e2c8caa4b6378d8c"
   name   = "swarms"
   region = "us-east-1"
-  ec2_subnet_id = "subnet-057c90cfe7b2e5646"
+  domain = "api.introspector.meme"
+  ec2_public_subnet_id_1 = "subnet-057c90cfe7b2e5646" # swarms-public-us-east-1a
+  ec2_public_subnet_id_2 = "subnet-05d8aef1f71b5fe22" # b
   vpc_id = "vpc-04f28c9347af48b55"
   tags = {
     project="swarms"
@@ -19,19 +21,19 @@ module "kp" {
   source = "./components/keypairs"
 }
 
-module "lt" {
-  instance_type = local.instance_type
-  security_group_id = module.security.security_group_id
-  source = "./components/launch_template"
-}
+# module "lt" {
+#   instance_type = local.instance_type
+#   security_group_id = module.security.security_group_id
+#   source = "./components/launch_template"
+# }
 
-module "asg" {
-  source = "./components/autoscaling_group"
-  name="swarms"
-  security_group_id = module.security.security_group_id
-  instance_type = local.instance_type
-  launch_template_id = module.lt.launch_template_id
-}
+# module "asg" {
+#   source = "./components/autoscaling_group"
+#   name="swarms"
+#   security_group_id = module.security.security_group_id
+#   instance_type = local.instance_type
+#   launch_template_id = module.lt.launch_template_id
+# }
 
 variable "instance_types" {
   type    = list(string)
@@ -39,9 +41,9 @@ variable "instance_types" {
    # "t4g.nano", "t3a.nano", "t3.nano", "t2.nano",
    # "t4g.micro", "t3a.micro", "t3.micro", "t2.micro", "t1.micro",
     #"t4g.small", "t3a.small",
-    "t3.small",
+#    "t3.small",
     #"t2.small", not working
-    "t2.medium" # "t3.medium"
+#    "t2.medium" # "t3.medium"
   ]
 }
 
@@ -53,6 +55,16 @@ module "lt_dynamic" {
   source = "./components/launch_template"
 }
 
+module "alb" { 
+  source = "./components/application_load_balancer"
+  domain_name = local.domain
+  public_subnets = [
+    local.ec2_public_subnet_id_1,
+    local.ec2_public_subnet_id_2 ] 
+  vpc_id = local.vpc_id
+  name = local.name
+}
+
 module "asg_dynamic" {
   for_each = toset(var.instance_types)
   source              = "./components/autoscaling_group"
@@ -70,10 +82,14 @@ module "asg_dynamic" {
 # │
 
 
-output launch_template_id {
-  value = module.lt.launch_template_id
-}
+#output launch_template_id {
+#  value = module.lt.launch_template_id
+#}
 
 output security_group_id {
   value = module.security.security_group_id
 }
+
+output alb {
+  value = module.alb
+}

From 790bb6beeecc2e369df6fef06fd3ef3ad33ef59a Mon Sep 17 00:00:00 2001
From: mike dupont <mike.dupont@introspector.local>
Date: Sun, 15 Dec 2024 22:08:22 -0500
Subject: [PATCH 17/39] create tg

---
 .../application_load_balancer/main.tf         | 197 +++++++++++++++++-
 1 file changed, 188 insertions(+), 9 deletions(-)

diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf
index 85a5934..a4530b9 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf
@@ -80,15 +80,6 @@ module "alb" {
   }
   # listeners = {
   #   ex-https = {
-  #     port                        = 443
-  #     protocol                    = "HTTPS"
-  #     #ssl_policy                  = "ELBSecurityPolicy-TLS13-1-2-Res-2021-06"
-  #     certificate_arn             = module.acm.acm_certificate_arn
-  #     #additional_certificate_arns = [module.wildcard_cert.acm_certificate_arn]
-  #     #forward = {
-  #       #target_group_key = "ex-swarms-instance"
-  # 	target_group_arn = "ex-swarms-instance"
-  # 	#target_group = []
   #     #}
   #   }
   # }
@@ -587,6 +578,192 @@ module "acm" {
   zone_id     = aws_route53_zone.primary.zone_id
 }
 
+## now we just lift the listener code
+resource "aws_lb_listener" "this" {
+  port                        = 443
+  protocol                    = "HTTPS"
+  ssl_policy                  = "ELBSecurityPolicy-TLS13-1-2-Res-2021-06"
+  certificate_arn             = module.acm.acm_certificate_arn
+  load_balancer_arn = module.alb.arn
+  #additional_certificate_arns = [module.wildcard_cert.acm_certificate_arn]
+  #     #forward = {
+  #       #target_group_key = "ex-swarms-instance"
+  # 	target_group_arn = "ex-swarms-instance"
+  # 	#target_group = []
+
+  default_action {
+    target_group_arn =aws_lb_target_group.this.arn
+    #module.alb.target_groups["ex-lambda-with-trigger"].arn
+    #length(try(default_action.value.target_groups, [])) > 0 ? null : try(default_action.value.arn, aws_lb_target_group.this[default_action.value.target_group_key].arn, null)
+    type             = "forward"
+  }
+
+  # dynamic "default_action" {
+  #   for_each = try([each.value.weighted_forward], [])
+  #   content {
+  #     forward {
+  #       dynamic "target_group" {
+  #         for_each = try(default_action.value.target_groups, [])
+  #         content {
+  #           arn    = try(target_group.value.arn, aws_lb_target_group.this[target_group.value.target_group_key].arn, null)
+  #           weight = try(target_group.value.weight, null)
+  #         }
+  #       }
+  #       dynamic "stickiness" {
+  #         for_each = try([default_action.value.stickiness], [])
+  #         content {
+  #           duration = try(stickiness.value.duration, 60)
+  #           enabled  = try(stickiness.value.enabled, null)
+  #         }
+  #       }
+  #     }
+  #     order = try(default_action.value.order, null)
+  #     type  = "forward"
+  #   }
+  # }
+  # dynamic "default_action" {
+  #   for_each = try([each.value.redirect], [])
+  #   content {
+  #     order = try(default_action.value.order, null)
+  #     redirect {
+  #       host        = try(default_action.value.host, null)
+  #       path        = try(default_action.value.path, null)
+  #       port        = try(default_action.value.port, null)
+  #       protocol    = try(default_action.value.protocol, null)
+  #       query       = try(default_action.value.query, null)
+  #       status_code = default_action.value.status_code
+  #     }
+  #     type = "redirect"
+  #   }
+  # } 
+#  load_balancer_arn        = aws_lb.this[0].arn
+#  port                     = try(each.value.port, var.default_port)
+#  protocol                 = try(each.value.protocol, var.default_protocol)
+#  ssl_policy               = contains(["HTTPS", "TLS"], try(each.value.protocol, var.default_protocol)) ? try(each.value.ssl_policy, "ELBSecurityPolicy-TLS13-1-2-Res-2021-06") : try(each.value.ssl_policy, null)
+#  tcp_idle_timeout_seconds = try(each.value.tcp_idle_timeout_seconds, null)
+#  tags                     = merge(local.tags, try(each.value.tags, {}))
+}
+
+
+
+resource "aws_lb_target_group" "this" {
+  name_prefix                       = "swarms"
+  protocol                          = "HTTP"
+  port                              = 80
+  target_type                       = "instance"
+  vpc_id = var.vpc_id
+  deregistration_delay              = 10
+  load_balancing_algorithm_type     = "weighted_random"
+  load_balancing_anomaly_mitigation = "on"
+  load_balancing_cross_zone_enabled = false
+  protocol_version = "HTTP1"
+  #   #target_id        = "aws_instance.this.id"
+  #   #tags = {
+  #   #  InstanceTargetGroupTag = "swarms"
+  #   #}
+  # }
+  
+#  for_each = { for k, v in var.target_groups : k => v if local.create }
+#  connection_termination = try(each.value.connection_termination, null)
+#  deregistration_delay   = try(each.value.deregistration_delay, null)
+
+  # dynamic "health_check" {
+  #   for_each = try([each.value.health_check], [])
+
+  #   content {
+  #     enabled             = try(health_check.value.enabled, null)
+  #     healthy_threshold   = try(health_check.value.healthy_threshold, null)
+  #     interval            = try(health_check.value.interval, null)
+  #     matcher             = try(health_check.value.matcher, null)
+  #     path                = try(health_check.value.path, null)
+  #     port                = try(health_check.value.port, null)
+  #     protocol            = try(health_check.value.protocol, null)
+  #     timeout             = try(health_check.value.timeout, null)
+  #     unhealthy_threshold = try(health_check.value.unhealthy_threshold, null)
+  #   }
+  # }
+
+  # ip_address_type                    = try(each.value.ip_address_type, null)
+  # lambda_multi_value_headers_enabled = try(each.value.lambda_multi_value_headers_enabled, null)
+  # load_balancing_algorithm_type      = try(each.value.load_balancing_algorithm_type, null)
+  # load_balancing_anomaly_mitigation  = try(each.value.load_balancing_anomaly_mitigation, null)
+  # load_balancing_cross_zone_enabled  = try(each.value.load_balancing_cross_zone_enabled, null)
+  # name                               = try(each.value.name, null)
+  # name_prefix                        = try(each.value.name_prefix, null)
+  # port                               = try(each.value.target_type, null) == "lambda" ? null : try(each.value.port, var.default_port)
+  # preserve_client_ip                 = try(each.value.preserve_client_ip, null)
+  # protocol                           = try(each.value.target_type, null) == "lambda" ? null : try(each.value.protocol, var.default_protocol)
+  # protocol_version                   = try(each.value.protocol_version, null)
+  # proxy_protocol_v2                  = try(each.value.proxy_protocol_v2, null)
+  # slow_start                         = try(each.value.slow_start, null)
+
+  # dynamic "stickiness" {
+  #   for_each = try([each.value.stickiness], [])
+
+  #   content {
+  #     cookie_duration = try(stickiness.value.cookie_duration, null)
+  #     cookie_name     = try(stickiness.value.cookie_name, null)
+  #     enabled         = try(stickiness.value.enabled, true)
+  #     type            = var.load_balancer_type == "network" ? "source_ip" : stickiness.value.type
+  #   }
+  # }
+
+  # dynamic "target_failover" {
+  #   for_each = try(each.value.target_failover, [])
+
+  #   content {
+  #     on_deregistration = target_failover.value.on_deregistration
+  #     on_unhealthy      = target_failover.value.on_unhealthy
+  #   }
+  # }
+
+  # dynamic "target_group_health" {
+  #   for_each = try([each.value.target_group_health], [])
+
+  #   content {
+
+  #     dynamic "dns_failover" {
+  #       for_each = try([target_group_health.value.dns_failover], [])
+
+  #       content {
+  #         minimum_healthy_targets_count      = try(dns_failover.value.minimum_healthy_targets_count, null)
+  #         minimum_healthy_targets_percentage = try(dns_failover.value.minimum_healthy_targets_percentage, null)
+  #       }
+  #     }
+
+  #     dynamic "unhealthy_state_routing" {
+  #       for_each = try([target_group_health.value.unhealthy_state_routing], [])
+
+  #       content {
+  #         minimum_healthy_targets_count      = try(unhealthy_state_routing.value.minimum_healthy_targets_count, null)
+  #         minimum_healthy_targets_percentage = try(unhealthy_state_routing.value.minimum_healthy_targets_percentage, null)
+  #       }
+  #     }
+  #   }
+  # }
+
+  # dynamic "target_health_state" {
+  #   for_each = try([each.value.target_health_state], [])
+  #   content {
+  #     enable_unhealthy_connection_termination = try(target_health_state.value.enable_unhealthy_connection_termination, true)
+  #     unhealthy_draining_interval             = try(target_health_state.value.unhealthy_draining_interval, null)
+  #   }
+  # }
+
+  # target_type = try(each.value.target_type, null)
+  # vpc_id      = try(each.value.vpc_id, var.vpc_id)
+
+  # tags = merge(local.tags, try(each.value.tags, {}))
+
+  # lifecycle {
+  #   create_before_destroy = true
+  # }
+}
+
+
+
+
+
 output zone_id {
   value = aws_route53_zone.primary.zone_id
 }
@@ -597,3 +774,5 @@ output zone {
 output alb_target_group {
   value = module.alb  
 }
+
+

From 8c102138f7373be597dd2f0fe5334e18b871e0b9 Mon Sep 17 00:00:00 2001
From: mike dupont <mike.dupont@introspector.local>
Date: Sun, 15 Dec 2024 22:09:30 -0500
Subject: [PATCH 18/39] create tg

---
 .../dev/us-east-1/components/application_load_balancer/main.tf  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf
index a4530b9..8a17f4d 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf
@@ -772,7 +772,7 @@ output zone {
   value = aws_route53_zone.primary
 }
 output alb_target_group {
-  value = module.alb  
+  value = aws_lb_target_group.this.arn
 }
 
 

From bb62580ac4d8ef1d5eb75f8f03ad0a3e90d86713 Mon Sep 17 00:00:00 2001
From: mike dupont <mike.dupont@introspector.local>
Date: Sun, 15 Dec 2024 22:15:03 -0500
Subject: [PATCH 19/39] applied

---
 .../dev/us-east-1/components/application_load_balancer/main.tf | 2 +-
 .../dev/us-east-1/components/autoscaling_group/main.tf         | 3 ++-
 environments/swarms-aws-agent-api/dev/us-east-1/main.tf        | 1 +
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf
index 8a17f4d..f313ad5 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf
@@ -771,7 +771,7 @@ output zone_id {
 output zone {
   value = aws_route53_zone.primary
 }
-output alb_target_group {
+output alb_target_group_arn {
   value = aws_lb_target_group.this.arn
 }
 
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf
index a13b3a8..7218d7a 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf
@@ -1,3 +1,4 @@
+variable target_group_arn{}
 variable security_group_id {}
 variable name {}
 variable instance_type {
@@ -22,7 +23,7 @@ locals {
  # name   = "swarms"
   region = "us-east-1"
   ec2_subnet_id = "subnet-057c90cfe7b2e5646"
-
+  target_group_arn = var.target_group_arn
   #iam_instance_profile_name = "swarms-20241213150629570500000003"
   iam_instance_profile_arn = aws_iam_instance_profile.ssm.arn
   tags = {
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf
index 291ccee..6a333b3 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf
@@ -72,6 +72,7 @@ module "asg_dynamic" {
   instance_type       = each.key
   name       = "swarms-size-${each.key}"
   launch_template_id   = module.lt_dynamic[each.key].launch_template_id
+  target_group_arn = module.alb.alb_target_group_arn
 }
 
 # module "alb" {

From f9d0d563a2a811903880a71dddce4ec93a9d298d Mon Sep 17 00:00:00 2001
From: mike dupont <mike.dupont@introspector.local>
Date: Sun, 15 Dec 2024 22:44:15 -0500
Subject: [PATCH 20/39] group coming online

---
 .../dev/us-east-1/components/autoscaling_group/main.tf | 10 +++++++++-
 .../swarms-aws-agent-api/dev/us-east-1/main.tf         |  2 +-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf
index 7218d7a..e644aec 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf
@@ -23,7 +23,7 @@ locals {
  # name   = "swarms"
   region = "us-east-1"
   ec2_subnet_id = "subnet-057c90cfe7b2e5646"
-  target_group_arn = var.target_group_arn
+
   #iam_instance_profile_name = "swarms-20241213150629570500000003"
   iam_instance_profile_arn = aws_iam_instance_profile.ssm.arn
   tags = {
@@ -102,4 +102,12 @@ module "autoscaling" {
     AmazonSSMManagedInstanceCore = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
   }
 
+  #    target_group_arn = 
+  traffic_source_attachments = {
+    ex-alb = {
+      traffic_source_identifier = var.target_group_arn
+      traffic_source_type       = "elbv2" # default
+    }
+  }
+
 }
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf
index 6a333b3..49e90dc 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf
@@ -41,7 +41,7 @@ variable "instance_types" {
    # "t4g.nano", "t3a.nano", "t3.nano", "t2.nano",
    # "t4g.micro", "t3a.micro", "t3.micro", "t2.micro", "t1.micro",
     #"t4g.small", "t3a.small",
-#    "t3.small",
+    "t3.small",
     #"t2.small", not working
 #    "t2.medium" # "t3.medium"
   ]

From a135fe8743c6a9d0710ccfda7e6d5eb5c0ada7ba Mon Sep 17 00:00:00 2001
From: mike dupont <mike.dupont@introspector.local>
Date: Mon, 16 Dec 2024 09:05:24 -0500
Subject: [PATCH 21/39] plan

---
 .../application_load_balancer/main.tf         |   3 +-
 .../dev/us-east-1/components/security/main.tf | 104 ++++--------------
 .../dev/us-east-1/main.tf                     |   3 +-
 3 files changed, 26 insertions(+), 84 deletions(-)

diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf
index f313ad5..50c1a0f 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf
@@ -34,8 +34,7 @@ module "alb" {
   vpc_id  = var.vpc_id # module.vpc.vpc_id
   subnets = var.public_subnets # module.vpc.public_subnets
 
-  # For example only
-  #enable_deletion_protection = false
+  enable_deletion_protection = false
 
   # Security Group
   security_group_ingress_rules = {
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/security/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/security/main.tf
index 779a1b1..738dd9f 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/security/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/security/main.tf
@@ -34,90 +34,32 @@ module "asg_sg" {
   tags = local.tags
 }
 
+module "asg_sg_internal" {
+  source  = "terraform-aws-modules/security-group/aws"
+  version = "~> 5.0"
+
+  name        = local.name
+  description = "An internal security group"
+  vpc_id      = var.vpc_id
+  # see ~/2024/12/13/terraform-aws-security-group/examples/complete/main.tf
+  ingress_with_source_security_group_id = [  
+    {
+      rule        = "http-80-tcp",     
+      # only allow from load balancer for security
+      source_security_group_id = module.asg_sg.security_group_id 
+    }
+  ]
+  egress_rules = ["all-all"]
+
+  tags = local.tags
+}
+
 output "security_group_id" {
   value = module.asg_sg.security_group_id 
 }
 
+output "internal_security_group_id" {
+  value = module.asg_sg_internal.security_group_id 
+}
 
-# tofu state show module.security.module.asg_sg.aws_security_group.this_name_prefix[0]
-# resource "aws_security_group" "this_name_prefix" {
-#     arn                    = "arn:aws:ec2:us-east-1:767503528736:security-group/sg-03c9752b62d0bcfe4"
-#     description            = "A security group"
-#     egress                 = [
-#         {
-#             cidr_blocks      = [
-#                 "0.0.0.0/0",
-#             ]
-#             description      = "All protocols"
-#             from_port        = 0
-#             ipv6_cidr_blocks = [
-#                 "::/0",
-#             ]
-#             prefix_list_ids  = []
-#             protocol         = "-1"
-#             security_groups  = []
-#             self             = false
-#             to_port          = 0
-#         },
-#     ]
-#     id                     = "sg-03c9752b62d0bcfe4"
-#     ingress                = [
-#         {
-#             cidr_blocks      = [
-#                 "0.0.0.0/0",
-#             ]
-#             description      = "HTTP"
-#             from_port        = 80
-#             ipv6_cidr_blocks = []
-#             prefix_list_ids  = []
-#             protocol         = "tcp"
-#             security_groups  = []
-#             self             = false
-#             to_port          = 80
-#         },
-#         {
-#             cidr_blocks      = [
-#                 "0.0.0.0/0",
-#             ]
-#             description      = "HTTPS"
-#             from_port        = 443
-#             ipv6_cidr_blocks = []
-#             prefix_list_ids  = []
-#             protocol         = "tcp"
-#             security_groups  = []
-#             self             = false
-#             to_port          = 443
-#         },
-#         {
-#             cidr_blocks      = [
-#                 "0.0.0.0/0",
-#             ]
-#             description      = "SSH"
-#             from_port        = 22
-#             ipv6_cidr_blocks = []
-#             prefix_list_ids  = []
-#             protocol         = "tcp"
-#             security_groups  = []
-#             self             = false
-#             to_port          = 22
-#         },
-#     ]
-#     name                   = "swarms-20241214133959057000000001"
-#     name_prefix            = "swarms-"
-#     owner_id               = "767503528736"
-#     revoke_rules_on_delete = false
-#     tags                   = {
-#         "Name"    = "swarms"
-#         "project" = "swarms"
-#     }
-#     tags_all               = {
-#         "Name"    = "swarms"
-#         "project" = "swarms"
-#     }
-#     vpc_id                 = "vpc-04f28c9347af48b55"
 
-#     timeouts {
-#         create = "10m"
-#         delete = "15m"
-#     }
-# }
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf
index 49e90dc..acc88dc 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf
@@ -58,6 +58,7 @@ module "lt_dynamic" {
 module "alb" { 
   source = "./components/application_load_balancer"
   domain_name = local.domain
+  security_group_id   = module.security.security_group_id # allowed to talk to internal
   public_subnets = [
     local.ec2_public_subnet_id_1,
     local.ec2_public_subnet_id_2 ] 
@@ -68,7 +69,7 @@ module "alb" {
 module "asg_dynamic" {
   for_each = toset(var.instance_types)
   source              = "./components/autoscaling_group"
-  security_group_id   = module.security.security_group_id
+  security_group_id   = module.security.internal_security_group_id
   instance_type       = each.key
   name       = "swarms-size-${each.key}"
   launch_template_id   = module.lt_dynamic[each.key].launch_template_id

From b5616199e17d3f492c91c2e5ae7eef3c278781e6 Mon Sep 17 00:00:00 2001
From: mike dupont <mike.dupont@introspector.local>
Date: Mon, 16 Dec 2024 10:26:31 -0500
Subject: [PATCH 22/39] wip

---
 .../dev/us-east-1/.terraform.lock.hcl         | 22 +++++++
 .../dev/us-east-1/cloudflare.tf               |  4 ++
 .../application_load_balancer/main.tf         | 63 ++++++++++++-------
 .../dev/us-east-1/components/security/main.tf |  6 +-
 4 files changed, 69 insertions(+), 26 deletions(-)
 create mode 100644 environments/swarms-aws-agent-api/dev/us-east-1/cloudflare.tf

diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/.terraform.lock.hcl b/environments/swarms-aws-agent-api/dev/us-east-1/.terraform.lock.hcl
index 4ae256b..20cd0a1 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/.terraform.lock.hcl
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/.terraform.lock.hcl
@@ -18,3 +18,25 @@ provider "registry.opentofu.org/hashicorp/aws" {
     "zh:e76cd202b03749f3082b0cbe849fd2e731cf3f9a6aa994d2d629602c3aede36c",
   ]
 }
+
+provider "registry.opentofu.org/hashicorp/cloudflare" {
+  version = "4.48.0"
+  hashes = [
+    "h1:ePGvSurmlqOCkD761vkhRmz7bsK36/EnIvx2Xy8TdXo=",
+    "zh:04c0a49c2b23140b2f21cfd0d52f9798d70d3bdae3831613e156aabe519bbc6c",
+    "zh:185f21b4834ba63e8df1f84aa34639d8a7e126429a4007bb5f9ad82f2602a997",
+    "zh:234724f52cb4c0c3f7313d3b2697caef26d921d134f26ae14801e7afac522f7b",
+    "zh:38a56fcd1b3e40706af995611c977816543b53f1e55fe2720944aae2b6828fcb",
+    "zh:419938f5430fc78eff933470aefbf94a460a478f867cf7761a3dea177b4eb153",
+    "zh:4b46d92bfde1deab7de7ba1a6bbf4ba7c711e4fd925341ddf09d4cc28dae03d8",
+    "zh:537acd4a31c752f1bae305ba7190f60b71ad1a459f22d464f3f914336c9e919f",
+    "zh:5ff36b005aad07697dd0b30d4f0c35dbcdc30dc52b41722552060792fa87ce04",
+    "zh:635c5ee419daea098060f794d9d7d999275301181e49562c4e4c08f043076937",
+    "zh:859277c330d61f91abe9e799389467ca11b77131bf34bedbef52f8da68b2bb49",
+    "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",
+    "zh:927dfdb8d9aef37ead03fceaa29e87ba076a3dd24e19b6cefdbb0efe9987ff8c",
+    "zh:bbf2226f07f6b1e721877328e69ded4b64f9c196634d2e2429e3cfabbe41e532",
+    "zh:daeed873d6f38604232b46ee4a5830c85d195b967f8dbcafe2fcffa98daf9c5f",
+    "zh:f8f2fc4646c1ba44085612fa7f4dbb7cbcead43b4e661f2b98ddfb4f68afc758",
+  ]
+}
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/cloudflare.tf b/environments/swarms-aws-agent-api/dev/us-east-1/cloudflare.tf
new file mode 100644
index 0000000..e066b4a
--- /dev/null
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/cloudflare.tf
@@ -0,0 +1,4 @@
+#provider "cloudflare" {
+#  api_token = var.cloudflare_api_token
+#}
+#export CLOUDFLARE_API_TOKEN=`cat ~/.cloudflare`
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf
index 50c1a0f..888bb58 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf
@@ -1,7 +1,7 @@
 #   variable "provider_alias" {
 #     type = any
 #   }
-
+variable  security_group_id    {} #   = local.name
 variable  name    {} #   = local.name
 variable  domain_name    {} #   = local.name
 variable  vpc_id  {}  #= module.vpc.vpc_id
@@ -37,28 +37,30 @@ module "alb" {
   enable_deletion_protection = false
 
   # Security Group
-  security_group_ingress_rules = {
-    all_http = {
-      from_port   = 80
-      to_port     = 80      
-      ip_protocol = "tcp"
-      description = "HTTP web traffic"
-      cidr_ipv4   = "0.0.0.0/0"
-    }
-    all_https = {
-      from_port   = 443
-      to_port     = 443
-      ip_protocol = "tcp"
-      description = "HTTPS web traffic"
-      cidr_ipv4   = "0.0.0.0/0"
-    }
-  }
-  security_group_egress_rules = {
-    all = {
-      ip_protocol = "-1"
-      cidr_ipv4   = "0.0.0.0/32" #module.vpc.vpc_cidr_block
-    }
-  }
+  # security_group_ingress_rules = {
+  #   all_http = {
+  #     from_port   = 80
+  #     to_port     = 80      
+  #     ip_protocol = "tcp"
+  #     description = "HTTP web traffic"
+  #     cidr_ipv4   = "0.0.0.0/0"
+  #   }
+  #   all_https = {
+  #     from_port   = 443
+  #     to_port     = 443
+  #     ip_protocol = "tcp"
+  #     description = "HTTPS web traffic"
+  #     cidr_ipv4   = "0.0.0.0/0"
+  #   }
+  # }
+  # security_group_egress_rules = {
+  #   all = {
+  #     ip_protocol = "-1"
+  #     cidr_ipv4   = "0.0.0.0/32" #module.vpc.vpc_cidr_block
+  #   }
+  # }
+  create_security_group=false
+  security_groups = [var.security_group_id]
   client_keep_alive = 7200
   target_groups = {
     # ex-swarms-instance = {
@@ -569,8 +571,23 @@ module "alb" {
 resource "aws_route53_zone" "primary" {
    name = var.domain_name
 }
+data "cloudflare_zone" "zone" {
+  #type   = "full"
+  name   = "introspector.meme"
+  account_id = "0ceffbadd0a04623896f5317a1e40d94"
+}
+resource "cloudflare_record" "aws-ns-record" {
+  count = "${length(aws_route53_zone.primary.name_servers)}"
+  #domain = "${var.domain_name}"
+  name   = var.domain_name
+  zone_id = data.cloudflare_zone.zone.id
+  content = "${element(aws_route53_zone.primary.name_servers, count.index)}"
+  type     = "NS"
+  priority = 1
+}
 
 module "acm" {
+#  count = 0
   source  = "terraform-aws-modules/acm/aws"
   version = "~> 4.0"
   domain_name = var.domain_name
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/security/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/security/main.tf
index 738dd9f..796614a 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/security/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/security/main.tf
@@ -18,8 +18,8 @@ module "asg_sg" {
   source  = "terraform-aws-modules/security-group/aws"
   version = "~> 5.0"
 
-  name        = local.name
-  description = "A security group"
+  name        = "${local.name}-external"
+  description = "external group"
   vpc_id      = var.vpc_id
 
   ingress_cidr_blocks = ["0.0.0.0/0"]
@@ -38,7 +38,7 @@ module "asg_sg_internal" {
   source  = "terraform-aws-modules/security-group/aws"
   version = "~> 5.0"
 
-  name        = local.name
+  name        = "${local.name}-internal"
   description = "An internal security group"
   vpc_id      = var.vpc_id
   # see ~/2024/12/13/terraform-aws-security-group/examples/complete/main.tf

From 7e4cf291fc811bf5d36f8ab748f659617cac42be Mon Sep 17 00:00:00 2001
From: mike dupont <mike.dupont@introspector.local>
Date: Mon, 16 Dec 2024 11:37:46 -0500
Subject: [PATCH 23/39] update

---
 .../application_load_balancer/main.tf         | 698 +-----------------
 1 file changed, 20 insertions(+), 678 deletions(-)

diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf
index 888bb58..e4de884 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf
@@ -23,554 +23,44 @@ locals {
   }
 }
 
-##################################################################
-# Application Load Balancer
-##################################################################
-
 module "alb" {
   source  = "terraform-aws-modules/alb/aws"
   version = "9.12.0"
   name    = var.name # local.name
   vpc_id  = var.vpc_id # module.vpc.vpc_id
   subnets = var.public_subnets # module.vpc.public_subnets
-
   enable_deletion_protection = false
-
-  # Security Group
-  # security_group_ingress_rules = {
-  #   all_http = {
-  #     from_port   = 80
-  #     to_port     = 80      
-  #     ip_protocol = "tcp"
-  #     description = "HTTP web traffic"
-  #     cidr_ipv4   = "0.0.0.0/0"
-  #   }
-  #   all_https = {
-  #     from_port   = 443
-  #     to_port     = 443
-  #     ip_protocol = "tcp"
-  #     description = "HTTPS web traffic"
-  #     cidr_ipv4   = "0.0.0.0/0"
-  #   }
-  # }
-  # security_group_egress_rules = {
-  #   all = {
-  #     ip_protocol = "-1"
-  #     cidr_ipv4   = "0.0.0.0/32" #module.vpc.vpc_cidr_block
-  #   }
-  # }
   create_security_group=false
   security_groups = [var.security_group_id]
   client_keep_alive = 7200
-  target_groups = {
-    # ex-swarms-instance = {
-    #   name_prefix                       = "swarms"
-    #   protocol                          = "HTTP"
-    #   port                              = 80
-    #   target_type                       = "instance"
-    #   #deregistration_delay              = 10
-    #   #load_balancing_algorithm_type     = "weighted_random"
-    #   #load_balancing_anomaly_mitigation = "on"
-    #   #load_balancing_cross_zone_enabled = false
-    #   #protocol_version = "HTTP1"
-    #   #target_id        = "aws_instance.this.id"
-    #   #tags = {
-    #   #  InstanceTargetGroupTag = "swarms"
-    #   #}
-    # }
-  }
-  # listeners = {
-  #   ex-https = {
-  #     #}
-  #   }
-  # }
   tags = local.tags
 }
 
-#  access_logs = {
-#    bucket = module.log_bucket.s3_bucket_id
-#    prefix = "access-logs"
-#  }
-
-#  connection_logs = {
-#    bucket  = module.log_bucket.s3_bucket_id
-#    enabled = true
-#    prefix  = "connection-logs"
-#  }
-
-    # ex-http-https-redirect = {
-    #   port     = 80
-    #   protocol = "HTTP"
-    #   redirect = {
-    #     port        = "443"
-    #     protocol    = "HTTPS"
-    #     status_code = "HTTP_301"
-    #   }
-    # }
-      #     rules = {
-  #       ex-fixed-response = {
-  #         priority = 3
-  #         actions = [{
-  #           type         = "fixed-response"
-  #           content_type = "text/plain"
-  #           status_code  = 200
-  #           message_body = "This is a fixed response"
-  #         }]
-  #         conditions = [{
-  #           http_header = {
-  #             http_header_name = "x-Gimme-Fixed-Response"
-  #             values           = ["yes", "please", "right now"]
-  #           }
-  #         }]
-  #       }
-  #       ex-weighted-forward = {
-  #         priority = 4
-  #         actions = [{
-  #           type = "weighted-forward"
-  #           target_groups = [
-  #             {
-  #               target_group_key = "ex-lambda-with-trigger"
-  #               weight           = 2
-  #             },
-  #             {
-  #               target_group_key = "ex-instance"
-  #               weight           = 1
-  #             }
-  #           ]
-  #           stickiness = {
-  #             enabled  = true
-  #             duration = 3600
-  #           }
-  #         }]
-  #         conditions = [{
-  #           query_string = {
-  #             key   = "weighted"
-  #             value = "true"
-  #           }
-  #         }]
-  #       }
-  #       ex-redirect = {
-  #         priority = 5000
-  #         actions = [{
-  #           type        = "redirect"
-  #           status_code = "HTTP_302"
-  #           host        = "www.youtube.com"
-  #           path        = "/watch"
-  #           query       = "v=dQw4w9WgXcQ"
-  #           protocol    = "HTTPS"
-  #         }]
-  #         conditions = [{
-  #           query_string = [{
-  #             key   = "video"
-  #             value = "random"
-  #             },
-  #             {
-  #               key   = "image"
-  #               value = "next"
-  #           }]
-  #         }]
-  #       }
-  #     }
-  #   }
-  #   ex-http-weighted-target = {
-  #     port     = 81
-  #     protocol = "HTTP"
-  #     weighted_forward = {
-  #       target_groups = [
-  #         {
-  #           target_group_key = "ex-lambda-with-trigger"
-  #           weight           = 60
-  #         },
-  #         {
-  #           target_group_key = "ex-instance"
-  #           weight           = 40
-  #         }
-  #       ]
-  #     }
-  #   }
-  #   ex-fixed-response = {
-  #     port     = 82
-  #     protocol = "HTTP"
-  #     fixed_response = {
-  #       content_type = "text/plain"
-  #       message_body = "Fixed message"
-  #       status_code  = "200"
-  #     }
-  #   }
-  #     rules = {
-  #       ex-cognito = {
-  #         actions = [
-  #           {
-  #             type                       = "authenticate-cognito"
-  #             on_unauthenticated_request = "authenticate"
-  #             session_cookie_name        = "session-${local.name}"
-  #             session_timeout            = 3600
-  #             user_pool_arn              = aws_cognito_user_pool.this.arn
-  #             user_pool_client_id        = aws_cognito_user_pool_client.this.id
-  #             user_pool_domain           = aws_cognito_user_pool_domain.this.domain
-  #           },
-  #           {
-  #             type             = "forward"
-  #             target_group_key = "ex-instance"
-  #           }
-  #         ]
-  #         conditions = [{
-  #           path_pattern = {
-  #             values = ["/some/auth/required/route"]
-  #           }
-  #         }]
-  #       }
-  #       ex-fixed-response = {
-  #         priority = 3
-  #         actions = [{
-  #           type         = "fixed-response"
-  #           content_type = "text/plain"
-  #           status_code  = 200
-  #           message_body = "This is a fixed response"
-  #         }]
-  #         conditions = [{
-  #           http_header = {
-  #             http_header_name = "x-Gimme-Fixed-Response"
-  #             values           = ["yes", "please", "right now"]
-  #           }
-  #         }]
-  #       }
-  #       ex-weighted-forward = {
-  #         priority = 4
-  #         actions = [{
-  #           type = "weighted-forward"
-  #           target_groups = [
-  #             {
-  #               target_group_key = "ex-instance"
-  #               weight           = 2
-  #             },
-  #             {
-  #               target_group_key = "ex-lambda-with-trigger"
-  #               weight           = 1
-  #             }
-  #           ]
-  #           stickiness = {
-  #             enabled  = true
-  #             duration = 3600
-  #           }
-  #         }]
-  #         conditions = [{
-  #           query_string = {
-  #             key   = "weighted"
-  #             value = "true"
-  #           },
-  #           path_pattern = {
-  #             values = ["/some/path"]
-  #           }
-  #         }]
-  #       }
-  #       ex-redirect = {
-  #         priority = 5000
-  #         actions = [{
-  #           type        = "redirect"
-  #           status_code = "HTTP_302"
-  #           host        = "www.youtube.com"
-  #           path        = "/watch"
-  #           query       = "v=dQw4w9WgXcQ"
-  #           protocol    = "HTTPS"
-  #         }]
-  #         conditions = [{
-  #           query_string = {
-  #             key   = "video"
-  #             value = "random"
-  #           }
-  #         }]
-  #       }
-  #     }
-  #   ex-cognito = {
-  #     port            = 444
-  #     protocol        = "HTTPS"
-  #     certificate_arn = module.acm.acm_certificate_arn
-  #     authenticate_cognito = {
-  #       authentication_request_extra_params = {
-  #         display = "page"
-  #         prompt  = "login"
-  #       }
-  #       on_unauthenticated_request = "authenticate"
-  #       session_cookie_name        = "session-${local.name}"
-  #       session_timeout            = 3600
-  #       user_pool_arn              = aws_cognito_user_pool.this.arn
-  #       user_pool_client_id        = aws_cognito_user_pool_client.this.id
-  #       user_pool_domain           = aws_cognito_user_pool_domain.this.domain
-  #     }
-  #     forward = {
-  #       target_group_key = "ex-instance"
-  #     }
-  #     rules = {
-  #       ex-oidc = {
-  #         priority = 2
-  #         actions = [
-  #           {
-  #             type = "authenticate-oidc"
-  #             authentication_request_extra_params = {
-  #               display = "page"
-  #               prompt  = "login"
-  #             }
-  #             authorization_endpoint = "https://${var.domain_name}/auth"
-  #             client_id              = "client_id"
-  #             client_secret          = "client_secret"
-  #             issuer                 = "https://${var.domain_name}"
-  #             token_endpoint         = "https://${var.domain_name}/token"
-  #             user_info_endpoint     = "https://${var.domain_name}/user_info"
-  #           },
-  #           {
-  #             type             = "forward"
-  #             target_group_key = "ex-lambda-with-trigger"
-  #           }
-  #         ]
-  #         conditions = [{
-  #           host_header = {
-  #             values = ["foobar.com"]
-  #           }
-  #         }]
-  #       }
-  #     }
-  #   }
-  #   ex-oidc = {
-  #     port            = 445
-  #     protocol        = "HTTPS"
-  #     certificate_arn = module.acm.acm_certificate_arn
-  #     action_type     = "authenticate-oidc"
-  #     authenticate_oidc = {
-  #       authentication_request_extra_params = {
-  #         display = "page"
-  #         prompt  = "login"
-  #       }
-  #       authorization_endpoint = "https://${var.domain_name}/auth"
-  #       client_id              = "client_id"
-  #       client_secret          = "client_secret"
-  #       issuer                 = "https://${var.domain_name}"
-  #       token_endpoint         = "https://${var.domain_name}/token"
-  #       user_info_endpoint     = "https://${var.domain_name}/user_info"
-  #     }
-  #     forward = {
-  #       target_group_key = "ex-instance"
-  #     }
-  #   }
-  # }
-  #     target_group_health = {
-  #       dns_failover = {
-  #         minimum_healthy_targets_count = 2
-  #       }
-  #       unhealthy_state_routing = {
-  #         minimum_healthy_targets_percentage = 50
-  #       }
-  #     }
-  #     health_check = {
-  #       enabled             = true
-  #       interval            = 30
-  #       path                = "/healthz"
-  #       port                = "traffic-port"
-  #       healthy_threshold   = 3
-  #       unhealthy_threshold = 3
-  #       timeout             = 6
-  #       protocol            = "HTTP"
-  #       matcher             = "200-399"
-  #     }	 
-  #   ex-lambda-with-trigger = {
-  #     name_prefix                        = "l1-"
-  #     target_type                        = "lambda"
-  #     lambda_multi_value_headers_enabled = true
-  #     target_id                          = module.lambda_with_allowed_triggers.lambda_function_arn
-  #   }
-  #   ex-lambda-without-trigger = {
-  #     name_prefix              = "l2-"
-  #     target_type              = "lambda"
-  #     target_id                = module.lambda_without_allowed_triggers.lambda_function_arn
-  #     attach_lambda_permission = true
-  #   }
-  # }
-  # additional_target_group_attachments = {
-  #   ex-instance-other = {
-  #     target_group_key = "ex-instance"
-  #     target_type      = "instance"
-  #     target_id        = aws_instance.other.id
-  #     port             = "80"
-  #   }
-  # }
-  # # Route53 Record(s)
-  # route53_records = {
-  #   A = {
-  #     name    = local.name
-  #     type    = "A"
-  #     zone_id = data.aws_route53_zone.this.id
-  #   }
-  #   AAAA = {
-  #     name    = local.name
-  #     type    = "AAAA"
-  #     zone_id = data.aws_route53_zone.this.id
-  #   }
-  # }
-
-
-#module "alb_disabled" {
-#  source = "../../"#
-#
-#  create = false
-#}
-
-# ################################################################################
-# # Using packaged function from Lambda module
-# ################################################################################
-
-# locals {
-#   package_url = "https://raw.githubusercontent.com/terraform-aws-modules/terraform-aws-lambda/master/examples/fixtures/python3.8-zip/existing_package.zip"
-#   downloaded  = "downloaded_package_${md5(local.package_url)}.zip"
-# }
-
-# resource "null_resource" "download_package" {
-#   triggers = {
-#     downloaded = local.downloaded
-#   }
-
-#   provisioner "local-exec" {
-#     command = "curl -L -o ${local.downloaded} ${local.package_url}"
-#   }
-# }
-
-# module "lambda_with_allowed_triggers" {
-#   source  = "terraform-aws-modules/lambda/aws"
-#   version = "~> 6.0"
-
-#   function_name = "${local.name}-with-allowed-triggers"
-#   description   = "My awesome lambda function (with allowed triggers)"
-#   handler       = "index.lambda_handler"
-#   runtime       = "python3.8"
-
-#   publish                = true
-#   create_package         = false
-#   local_existing_package = local.downloaded
-
-#   allowed_triggers = {
-#     AllowExecutionFromELB = {
-#       service    = "elasticloadbalancing"
-#       source_arn = module.alb.target_groups["ex-lambda-with-trigger"].arn
-#     }
-#   }
-
-#   depends_on = [null_resource.download_package]
-# }
-
-# module "lambda_without_allowed_triggers" {
-#   source  = "terraform-aws-modules/lambda/aws"
-#   version = "~> 6.0"
-
-#   function_name = "${local.name}-without-allowed-triggers"
-#   description   = "My awesome lambda function (without allowed triggers)"
-#   handler       = "index.lambda_handler"
-#   runtime       = "python3.8"
-
-#   publish                = true
-#   create_package         = false
-#   local_existing_package = local.downloaded
-
-#   # Allowed triggers will be managed by ALB module
-#   allowed_triggers = {}
-
-#   depends_on = [null_resource.download_package]
-# }
-
-# ################################################################################
-# # Supporting resources
-# ################################################################################
-
-# module "vpc" {
-#   source  = "terraform-aws-modules/vpc/aws"
-#   version = "~> 5.0"
-
-#   name = local.name
-#   cidr = local.vpc_cidr
-
-#   azs             = local.azs
-#   private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)]
-#   public_subnets  = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)]
-
-#   tags = local.tags
-# }
-
-# module "wildcard_cert" {
-#   source  = "terraform-aws-modules/acm/aws"
-#   version = "~> 4.0"
-
-#   domain_name = "*.${var.domain_name}"
-#   zone_id     = data.aws_route53_zone.this.id
-# }
-
-# data "aws_ssm_parameter" "al2" {
-#   name = "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2"
-# }
-
-# resource "aws_instance" "this" {
-#   ami           = data.aws_ssm_parameter.al2.value
-#   instance_type = "t3.nano"
-#   subnet_id     = element(module.vpc.private_subnets, 0)
-# }
-
-# resource "aws_instance" "other" {
-#   ami           = data.aws_ssm_parameter.al2.value
-#   instance_type = "t3.nano"
-#   subnet_id     = element(module.vpc.private_subnets, 0)
-# }
-
-# ##################################################################
-# # AWS Cognito User Pool
-# ##################################################################
-
-# resource "aws_cognito_user_pool" "this" {
-#   name = "user-pool-${local.name}"
-# }
-
-# resource "aws_cognito_user_pool_client" "this" {
-#   name                                 = "user-pool-client-${local.name}"
-#   user_pool_id                         = aws_cognito_user_pool.this.id
-#   generate_secret                      = true
-#   allowed_oauth_flows                  = ["code", "implicit"]
-#   callback_urls                        = ["https://${var.domain_name}/callback"]
-#   allowed_oauth_scopes                 = ["email", "openid"]
-#   allowed_oauth_flows_user_pool_client = true
-# }
-
-# resource "random_string" "this" {
-#   length  = 5
-#   upper   = false
-#   special = false
-# }
-
-# resource "aws_cognito_user_pool_domain" "this" {
-#   domain       = "${local.name}-${random_string.this.result}"
-#   user_pool_id = aws_cognito_user_pool.this.id
-# }
+resource "aws_route53_zone" "primary" {
+   name = var.domain_name
+}
 
-#module#  "log_bucket" {
-#   source  = "terraform-aws-modules/s3-bucket/aws"
-#   version = "~> 3.0"
 
-#   bucket_prefix = "${local.name}-logs-"
-#   acl           = "log-delivery-write"
+#   name = var.domain_name
 
-#   # For example only
-#   force_destroy = true
+resource "aws_route53_record" "api-cname" {
+  zone_id = aws_route53_zone.primary.zone_id
+  name    = "us-east-1.${var.domain_name}"
+  type    = "CNAME"
+  ttl     = 5
 
-#   control_object_ownership = true
-#   object_ownership         = "ObjectWriter"
+  weighted_routing_policy {
+    weight = 10
+  }
 
-#   attach_elb_log_delivery_policy = true # Required for ALB logs
-#   attach_lb_log_delivery_policy  = true # Required for ALB/NLB logs
+  set_identifier = "dev"
+  records        = [
+    module.alb.dns_name
+  ]
+}
 
-#   attach_deny_insecure_transport_policy = true
-#   attach_require_latest_tls_policy      = true
-#   tags = local.tags
-#}
 
 
-resource "aws_route53_zone" "primary" {
-   name = var.domain_name
-}
 data "cloudflare_zone" "zone" {
   #type   = "full"
   name   = "introspector.meme"
@@ -592,6 +82,9 @@ module "acm" {
   version = "~> 4.0"
   domain_name = var.domain_name
   zone_id     = aws_route53_zone.primary.zone_id
+  subject_alternative_names = [
+    "*.${var.domain_name}"
+  ]
 }
 
 ## now we just lift the listener code
@@ -613,55 +106,9 @@ resource "aws_lb_listener" "this" {
     #length(try(default_action.value.target_groups, [])) > 0 ? null : try(default_action.value.arn, aws_lb_target_group.this[default_action.value.target_group_key].arn, null)
     type             = "forward"
   }
-
-  # dynamic "default_action" {
-  #   for_each = try([each.value.weighted_forward], [])
-  #   content {
-  #     forward {
-  #       dynamic "target_group" {
-  #         for_each = try(default_action.value.target_groups, [])
-  #         content {
-  #           arn    = try(target_group.value.arn, aws_lb_target_group.this[target_group.value.target_group_key].arn, null)
-  #           weight = try(target_group.value.weight, null)
-  #         }
-  #       }
-  #       dynamic "stickiness" {
-  #         for_each = try([default_action.value.stickiness], [])
-  #         content {
-  #           duration = try(stickiness.value.duration, 60)
-  #           enabled  = try(stickiness.value.enabled, null)
-  #         }
-  #       }
-  #     }
-  #     order = try(default_action.value.order, null)
-  #     type  = "forward"
-  #   }
-  # }
-  # dynamic "default_action" {
-  #   for_each = try([each.value.redirect], [])
-  #   content {
-  #     order = try(default_action.value.order, null)
-  #     redirect {
-  #       host        = try(default_action.value.host, null)
-  #       path        = try(default_action.value.path, null)
-  #       port        = try(default_action.value.port, null)
-  #       protocol    = try(default_action.value.protocol, null)
-  #       query       = try(default_action.value.query, null)
-  #       status_code = default_action.value.status_code
-  #     }
-  #     type = "redirect"
-  #   }
-  # } 
-#  load_balancer_arn        = aws_lb.this[0].arn
-#  port                     = try(each.value.port, var.default_port)
-#  protocol                 = try(each.value.protocol, var.default_protocol)
-#  ssl_policy               = contains(["HTTPS", "TLS"], try(each.value.protocol, var.default_protocol)) ? try(each.value.ssl_policy, "ELBSecurityPolicy-TLS13-1-2-Res-2021-06") : try(each.value.ssl_policy, null)
-#  tcp_idle_timeout_seconds = try(each.value.tcp_idle_timeout_seconds, null)
-#  tags                     = merge(local.tags, try(each.value.tags, {}))
 }
 
 
-
 resource "aws_lb_target_group" "this" {
   name_prefix                       = "swarms"
   protocol                          = "HTTP"
@@ -673,113 +120,8 @@ resource "aws_lb_target_group" "this" {
   load_balancing_anomaly_mitigation = "on"
   load_balancing_cross_zone_enabled = false
   protocol_version = "HTTP1"
-  #   #target_id        = "aws_instance.this.id"
-  #   #tags = {
-  #   #  InstanceTargetGroupTag = "swarms"
-  #   #}
-  # }
-  
-#  for_each = { for k, v in var.target_groups : k => v if local.create }
-#  connection_termination = try(each.value.connection_termination, null)
-#  deregistration_delay   = try(each.value.deregistration_delay, null)
-
-  # dynamic "health_check" {
-  #   for_each = try([each.value.health_check], [])
-
-  #   content {
-  #     enabled             = try(health_check.value.enabled, null)
-  #     healthy_threshold   = try(health_check.value.healthy_threshold, null)
-  #     interval            = try(health_check.value.interval, null)
-  #     matcher             = try(health_check.value.matcher, null)
-  #     path                = try(health_check.value.path, null)
-  #     port                = try(health_check.value.port, null)
-  #     protocol            = try(health_check.value.protocol, null)
-  #     timeout             = try(health_check.value.timeout, null)
-  #     unhealthy_threshold = try(health_check.value.unhealthy_threshold, null)
-  #   }
-  # }
-
-  # ip_address_type                    = try(each.value.ip_address_type, null)
-  # lambda_multi_value_headers_enabled = try(each.value.lambda_multi_value_headers_enabled, null)
-  # load_balancing_algorithm_type      = try(each.value.load_balancing_algorithm_type, null)
-  # load_balancing_anomaly_mitigation  = try(each.value.load_balancing_anomaly_mitigation, null)
-  # load_balancing_cross_zone_enabled  = try(each.value.load_balancing_cross_zone_enabled, null)
-  # name                               = try(each.value.name, null)
-  # name_prefix                        = try(each.value.name_prefix, null)
-  # port                               = try(each.value.target_type, null) == "lambda" ? null : try(each.value.port, var.default_port)
-  # preserve_client_ip                 = try(each.value.preserve_client_ip, null)
-  # protocol                           = try(each.value.target_type, null) == "lambda" ? null : try(each.value.protocol, var.default_protocol)
-  # protocol_version                   = try(each.value.protocol_version, null)
-  # proxy_protocol_v2                  = try(each.value.proxy_protocol_v2, null)
-  # slow_start                         = try(each.value.slow_start, null)
-
-  # dynamic "stickiness" {
-  #   for_each = try([each.value.stickiness], [])
-
-  #   content {
-  #     cookie_duration = try(stickiness.value.cookie_duration, null)
-  #     cookie_name     = try(stickiness.value.cookie_name, null)
-  #     enabled         = try(stickiness.value.enabled, true)
-  #     type            = var.load_balancer_type == "network" ? "source_ip" : stickiness.value.type
-  #   }
-  # }
-
-  # dynamic "target_failover" {
-  #   for_each = try(each.value.target_failover, [])
-
-  #   content {
-  #     on_deregistration = target_failover.value.on_deregistration
-  #     on_unhealthy      = target_failover.value.on_unhealthy
-  #   }
-  # }
-
-  # dynamic "target_group_health" {
-  #   for_each = try([each.value.target_group_health], [])
-
-  #   content {
-
-  #     dynamic "dns_failover" {
-  #       for_each = try([target_group_health.value.dns_failover], [])
-
-  #       content {
-  #         minimum_healthy_targets_count      = try(dns_failover.value.minimum_healthy_targets_count, null)
-  #         minimum_healthy_targets_percentage = try(dns_failover.value.minimum_healthy_targets_percentage, null)
-  #       }
-  #     }
-
-  #     dynamic "unhealthy_state_routing" {
-  #       for_each = try([target_group_health.value.unhealthy_state_routing], [])
-
-  #       content {
-  #         minimum_healthy_targets_count      = try(unhealthy_state_routing.value.minimum_healthy_targets_count, null)
-  #         minimum_healthy_targets_percentage = try(unhealthy_state_routing.value.minimum_healthy_targets_percentage, null)
-  #       }
-  #     }
-  #   }
-  # }
-
-  # dynamic "target_health_state" {
-  #   for_each = try([each.value.target_health_state], [])
-  #   content {
-  #     enable_unhealthy_connection_termination = try(target_health_state.value.enable_unhealthy_connection_termination, true)
-  #     unhealthy_draining_interval             = try(target_health_state.value.unhealthy_draining_interval, null)
-  #   }
-  # }
-
-  # target_type = try(each.value.target_type, null)
-  # vpc_id      = try(each.value.vpc_id, var.vpc_id)
-
-  # tags = merge(local.tags, try(each.value.tags, {}))
-
-  # lifecycle {
-  #   create_before_destroy = true
-  # }
 }
 
-
-
-
-
 output zone_id {
   value = aws_route53_zone.primary.zone_id
 }

From 1cf229557fc04a9996f3d40bd20ffac6b6a4e988 Mon Sep 17 00:00:00 2001
From: mike dupont <mike.dupont@introspector.local>
Date: Mon, 16 Dec 2024 12:28:59 -0500
Subject: [PATCH 24/39] health check

---
 .../application_load_balancer/main.tf         | 47 +++++++++++++------
 .../components/autoscaling_group/main.tf      |  6 +--
 .../dev/us-east-1/main.tf                     |  4 +-
 3 files changed, 38 insertions(+), 19 deletions(-)

diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf
index e4de884..6c06194 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf
@@ -26,7 +26,7 @@ locals {
 module "alb" {
   source  = "terraform-aws-modules/alb/aws"
   version = "9.12.0"
-  name    = var.name # local.name
+  name    = "${var.name}-api" # local.name
   vpc_id  = var.vpc_id # module.vpc.vpc_id
   subnets = var.public_subnets # module.vpc.public_subnets
   enable_deletion_protection = false
@@ -40,32 +40,27 @@ resource "aws_route53_zone" "primary" {
    name = var.domain_name
 }
 
-
-#   name = var.domain_name
-
 resource "aws_route53_record" "api-cname" {
   zone_id = aws_route53_zone.primary.zone_id
   name    = "us-east-1.${var.domain_name}"
   type    = "CNAME"
   ttl     = 5
 
-  weighted_routing_policy {
-    weight = 10
-  }
-
-  set_identifier = "dev"
+#  weighted_routing_policy {
+#    weight = 10
+#  }
+  #set_identifier = "dev"
   records        = [
     module.alb.dns_name
   ]
 }
 
-
-
 data "cloudflare_zone" "zone" {
   #type   = "full"
   name   = "introspector.meme"
   account_id = "0ceffbadd0a04623896f5317a1e40d94"
 }
+
 resource "cloudflare_record" "aws-ns-record" {
   count = "${length(aws_route53_zone.primary.name_servers)}"
   #domain = "${var.domain_name}"
@@ -116,10 +111,28 @@ resource "aws_lb_target_group" "this" {
   target_type                       = "instance"
   vpc_id = var.vpc_id
   deregistration_delay              = 10
-  load_balancing_algorithm_type     = "weighted_random"
-  load_balancing_anomaly_mitigation = "on"
-  load_balancing_cross_zone_enabled = false
+  #load_balancing_algorithm_type     = "weighted_random"
+  #load_balancing_anomaly_mitigation = "on"
+  #load_balancing_cross_zone_enabled = false
   protocol_version = "HTTP1"
+  #
+  health_check {
+    path = "/v1/docs" # the docs api
+    enabled             = true
+    healthy_threshold   = 10
+    interval            = 130
+    port                = "traffic-port"
+    protocol            = "HTTP"
+    timeout             = 120
+    unhealthy_threshold = 10
+  }
+  
+#  stickiness {
+#    cookie_duration = 86400
+#    enabled         = true
+#    type            = "lb_cookie"
+#  }
+  
 }
 
 output zone_id {
@@ -133,4 +146,10 @@ output alb_target_group_arn {
   value = aws_lb_target_group.this.arn
 }
 
+output dns {
+  value = module.alb.dns_name
+}
 
+output cname {
+  value = aws_route53_record.api-cname.fqdn
+}
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf
index e644aec..bb78a6e 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf
@@ -1,5 +1,5 @@
 variable target_group_arn{}
-variable security_group_id {}
+#variable security_group_id {}
 variable name {}
 variable instance_type {
  # default = "t3.micro"
@@ -62,7 +62,7 @@ module "autoscaling" {
   version = "8.0.0"
   name = var.name
 
-
+  health_check_type         = "EC2"
   desired_capacity     = 1
   max_size             = 5
   min_size             = 1
@@ -83,7 +83,7 @@ module "autoscaling" {
     device_index                = 0
     delete_on_termination       = true
     description                 = "interface1"
-    security_groups       = [var.security_group_id]
+#    security_groups       = [var.security_group_id]
   }
   ]
   instance_type = var.instance_type
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf
index acc88dc..744dcc3 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf
@@ -51,7 +51,7 @@ module "lt_dynamic" {
   for_each = toset(var.instance_types)
   instance_type       = each.key
   name       = "swarms-size-${each.key}"
-  security_group_id = module.security.security_group_id
+  security_group_id = module.security.internal_security_group_id
   source = "./components/launch_template"
 }
 
@@ -69,7 +69,7 @@ module "alb" {
 module "asg_dynamic" {
   for_each = toset(var.instance_types)
   source              = "./components/autoscaling_group"
-  security_group_id   = module.security.internal_security_group_id
+#  security_group_id   = module.security.internal_security_group_id
   instance_type       = each.key
   name       = "swarms-size-${each.key}"
   launch_template_id   = module.lt_dynamic[each.key].launch_template_id

From c6fd42cd730a1f68b233e7e54b15f009e0c4cf2e Mon Sep 17 00:00:00 2001
From: mike dupont <mike.dupont@introspector.local>
Date: Mon, 16 Dec 2024 12:43:25 -0500
Subject: [PATCH 25/39] update

---
 .../swarms-aws-agent-api/dev/us-east-1/Readme.md  |  9 ++++++++-
 .../dev/us-east-1/components/Readme.md            | 15 +++++++++------
 .../swarms-aws-agent-api/dev/us-east-1/main.tf    |  7 ++++---
 3 files changed, 21 insertions(+), 10 deletions(-)

diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/Readme.md b/environments/swarms-aws-agent-api/dev/us-east-1/Readme.md
index 4f57e60..144ec90 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/Readme.md
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/Readme.md
@@ -1,3 +1,10 @@
+# Done
+
 1. create vpc
+2. create iam roles and users
+3. create asg and alb and route53 and acm
+
+# Todo
+
+1. create cognito pool
 2. create ami
-4. create iam roles and users
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/Readme.md b/environments/swarms-aws-agent-api/dev/us-east-1/components/Readme.md
index b9e7c04..92f42ec 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/Readme.md
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/Readme.md
@@ -2,21 +2,24 @@
 ## Phase 1
 
 0. create standard vpc with a private network to host ec2, 
-this uses a natgw that costs money bhttps://aws.amazon.com/vpc/pricing/
-0.45 so we will put the intances in public for now and use security groups to limit access.
+this uses a natgw that costs money https://aws.amazon.com/vpc/pricing/
+so we will put the intances in public for now and use security groups to limit access.
 
 1. create minimal ec2 instance in machine_image
 
-terraform  (later packer) for ubuntu python uvicorn fastapi nginx systemd server with custom git modules
+terraform  for ubuntu python uvicorn fastapi nginx systemd server with custom git modules
 
 2. create minimal ec2 ami from instance in machine_image
 3. create autoscaling_group of size 1 for image
 4. create application load balancer
+5. create dns_entry
 
-send users back to server via sticky sessions or some id.
 
-5. create dns_entry
-6. create cognito user pool for login
+# todo 
+
+1.  alb sticky sessions :send users back to server via sticky sessions or some id.
+2. create cognito user pool for login
 7. create work_queue
 8. create lambda_workers on queue
 9. create resource_launchers to create new resources.
+10. packer ami for ubuntu python uvicorn fastapi nginx systemd server with custom git modules
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf
index 744dcc3..629d942 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf
@@ -1,6 +1,6 @@
 locals {
   #  instance_type = "t3.large"
-  instance_type = "t3.medium"
+  #  instance_type = "t3.medium"
   ami = "ami-0e2c8caa4b6378d8c"
   name   = "swarms"
   region = "us-east-1"
@@ -41,9 +41,10 @@ variable "instance_types" {
    # "t4g.nano", "t3a.nano", "t3.nano", "t2.nano",
    # "t4g.micro", "t3a.micro", "t3.micro", "t2.micro", "t1.micro",
     #"t4g.small", "t3a.small",
-    "t3.small",
+    #"t3.small",
     #"t2.small", not working
-#    "t2.medium" # "t3.medium"
+    #    "t2.medium" #
+    "t3.medium"
   ]
 }
 

From 049c6ef373d827a1b8da68acd117073a8e384c0a Mon Sep 17 00:00:00 2001
From: mike dupont <mike.dupont@introspector.local>
Date: Mon, 16 Dec 2024 13:47:43 -0500
Subject: [PATCH 26/39] start of swarms deploy

---
 accounts/swarms/.terraform.lock.hcl | 42 +++++++++++++++++++++++++++++
 accounts/swarms/main.tf             | 15 +++++++++++
 2 files changed, 57 insertions(+)
 create mode 100644 accounts/swarms/.terraform.lock.hcl
 create mode 100644 accounts/swarms/main.tf

diff --git a/accounts/swarms/.terraform.lock.hcl b/accounts/swarms/.terraform.lock.hcl
new file mode 100644
index 0000000..cb584db
--- /dev/null
+++ b/accounts/swarms/.terraform.lock.hcl
@@ -0,0 +1,42 @@
+# This file is maintained automatically by "tofu init".
+# Manual edits may be lost in future updates.
+
+provider "registry.opentofu.org/hashicorp/aws" {
+  version     = "5.81.0"
+  constraints = ">= 3.29.0, >= 4.40.0, >= 5.55.0, >= 5.73.0"
+  hashes = [
+    "h1:ird967uf44WBZ0u9rMlOdO4nCKJZMlUknLcD3lz4dWs=",
+    "zh:0d0c7cc1e16b16cd00ab36de35038162e1871b51a902e9016d08c55c9fc4de35",
+    "zh:0e4b8c6e46999015292ab4fb9a430ab00107a276f25243552cde66db53c58661",
+    "zh:30041314cdd4e877d75ee8c9d36aecfca094e276f7a3d8150f929cf5169b2fa5",
+    "zh:5ebd248ce3e5a7ef9cc2f41499668f182146325e10ea305c70469122f6161a13",
+    "zh:888a69d371373b418549e03f5922becb2b8074cb463552ecfa65f30455708db0",
+    "zh:8a21bb7fe60383ff5ca9db8630a287e41fd520d2514c08874a16dc74500fadd7",
+    "zh:9c4663dcbfe58544642d70ebfdc6c5fa91592ff04164f77c655e32e6024483e2",
+    "zh:b322873f1209443a8407d5f782d7d917de6a1391239dbd0e7f809ce6507bed76",
+    "zh:b7c9d5ca14b818b5932ac58a490646a425ebc41b33d149090aa5f48d1ca35c99",
+    "zh:e76cd202b03749f3082b0cbe849fd2e731cf3f9a6aa994d2d629602c3aede36c",
+  ]
+}
+
+provider "registry.opentofu.org/hashicorp/cloudflare" {
+  version = "4.48.0"
+  hashes = [
+    "h1:ePGvSurmlqOCkD761vkhRmz7bsK36/EnIvx2Xy8TdXo=",
+    "zh:04c0a49c2b23140b2f21cfd0d52f9798d70d3bdae3831613e156aabe519bbc6c",
+    "zh:185f21b4834ba63e8df1f84aa34639d8a7e126429a4007bb5f9ad82f2602a997",
+    "zh:234724f52cb4c0c3f7313d3b2697caef26d921d134f26ae14801e7afac522f7b",
+    "zh:38a56fcd1b3e40706af995611c977816543b53f1e55fe2720944aae2b6828fcb",
+    "zh:419938f5430fc78eff933470aefbf94a460a478f867cf7761a3dea177b4eb153",
+    "zh:4b46d92bfde1deab7de7ba1a6bbf4ba7c711e4fd925341ddf09d4cc28dae03d8",
+    "zh:537acd4a31c752f1bae305ba7190f60b71ad1a459f22d464f3f914336c9e919f",
+    "zh:5ff36b005aad07697dd0b30d4f0c35dbcdc30dc52b41722552060792fa87ce04",
+    "zh:635c5ee419daea098060f794d9d7d999275301181e49562c4e4c08f043076937",
+    "zh:859277c330d61f91abe9e799389467ca11b77131bf34bedbef52f8da68b2bb49",
+    "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",
+    "zh:927dfdb8d9aef37ead03fceaa29e87ba076a3dd24e19b6cefdbb0efe9987ff8c",
+    "zh:bbf2226f07f6b1e721877328e69ded4b64f9c196634d2e2429e3cfabbe41e532",
+    "zh:daeed873d6f38604232b46ee4a5830c85d195b967f8dbcafe2fcffa98daf9c5f",
+    "zh:f8f2fc4646c1ba44085612fa7f4dbb7cbcead43b4e661f2b98ddfb4f68afc758",
+  ]
+}
diff --git a/accounts/swarms/main.tf b/accounts/swarms/main.tf
new file mode 100644
index 0000000..8067eb2
--- /dev/null
+++ b/accounts/swarms/main.tf
@@ -0,0 +1,15 @@
+output dns {
+  value = "api.swarms.ai"
+}
+
+output profile {
+  value = "swarms"
+}
+
+output account {
+  value = "916723593639"
+}
+
+module "swarms_api" {
+  source = "../../environments/swarms-aws-agent-api/dev/us-east-1"
+}

From 05ed0bd8b7580f71aa857ccb230aaddd96286ec2 Mon Sep 17 00:00:00 2001
From: mike dupont <mike.dupont@introspector.local>
Date: Mon, 16 Dec 2024 14:12:05 -0500
Subject: [PATCH 27/39] start of swarms

---
 accounts/swarms/.terraform.lock.hcl           | 22 --------------
 accounts/swarms/main.tf                       | 15 +++++++++-
 .../application_load_balancer/cloudflare.tf   | 18 +++++++++++
 .../application_load_balancer/main.tf         | 15 ----------
 .../components/machine_image/main.tf          |  3 --
 .../components/machine_image/versions.tf      | 10 -------
 .../dev/us-east-1/components/vpc/main.tf      |  3 --
 .../dev/us-east-1/components/vpc/outputs.tf   |  7 +++++
 .../dev/us-east-1/components/vpc/versions.tf  | 10 -------
 .../dev/us-east-1/main.tf                     | 30 +++++++++++++++----
 10 files changed, 63 insertions(+), 70 deletions(-)
 create mode 100644 environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/cloudflare.tf

diff --git a/accounts/swarms/.terraform.lock.hcl b/accounts/swarms/.terraform.lock.hcl
index cb584db..f639596 100644
--- a/accounts/swarms/.terraform.lock.hcl
+++ b/accounts/swarms/.terraform.lock.hcl
@@ -18,25 +18,3 @@ provider "registry.opentofu.org/hashicorp/aws" {
     "zh:e76cd202b03749f3082b0cbe849fd2e731cf3f9a6aa994d2d629602c3aede36c",
   ]
 }
-
-provider "registry.opentofu.org/hashicorp/cloudflare" {
-  version = "4.48.0"
-  hashes = [
-    "h1:ePGvSurmlqOCkD761vkhRmz7bsK36/EnIvx2Xy8TdXo=",
-    "zh:04c0a49c2b23140b2f21cfd0d52f9798d70d3bdae3831613e156aabe519bbc6c",
-    "zh:185f21b4834ba63e8df1f84aa34639d8a7e126429a4007bb5f9ad82f2602a997",
-    "zh:234724f52cb4c0c3f7313d3b2697caef26d921d134f26ae14801e7afac522f7b",
-    "zh:38a56fcd1b3e40706af995611c977816543b53f1e55fe2720944aae2b6828fcb",
-    "zh:419938f5430fc78eff933470aefbf94a460a478f867cf7761a3dea177b4eb153",
-    "zh:4b46d92bfde1deab7de7ba1a6bbf4ba7c711e4fd925341ddf09d4cc28dae03d8",
-    "zh:537acd4a31c752f1bae305ba7190f60b71ad1a459f22d464f3f914336c9e919f",
-    "zh:5ff36b005aad07697dd0b30d4f0c35dbcdc30dc52b41722552060792fa87ce04",
-    "zh:635c5ee419daea098060f794d9d7d999275301181e49562c4e4c08f043076937",
-    "zh:859277c330d61f91abe9e799389467ca11b77131bf34bedbef52f8da68b2bb49",
-    "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",
-    "zh:927dfdb8d9aef37ead03fceaa29e87ba076a3dd24e19b6cefdbb0efe9987ff8c",
-    "zh:bbf2226f07f6b1e721877328e69ded4b64f9c196634d2e2429e3cfabbe41e532",
-    "zh:daeed873d6f38604232b46ee4a5830c85d195b967f8dbcafe2fcffa98daf9c5f",
-    "zh:f8f2fc4646c1ba44085612fa7f4dbb7cbcead43b4e661f2b98ddfb4f68afc758",
-  ]
-}
diff --git a/accounts/swarms/main.tf b/accounts/swarms/main.tf
index 8067eb2..ff3317e 100644
--- a/accounts/swarms/main.tf
+++ b/accounts/swarms/main.tf
@@ -1,5 +1,12 @@
+locals {
+ dns = "api.swarms.ai"
+
+}
+provider aws {
+  region = "us-east-2"
+}
 output dns {
-  value = "api.swarms.ai"
+  value = local.dns
 }
 
 output profile {
@@ -10,6 +17,12 @@ output account {
   value = "916723593639"
 }
 
+output region {
+  value = "us-east-2"
+}
+
 module "swarms_api" {
   source = "../../environments/swarms-aws-agent-api/dev/us-east-1"
+  domain = local.dns
 }
+
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/cloudflare.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/cloudflare.tf
new file mode 100644
index 0000000..be2ab3b
--- /dev/null
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/cloudflare.tf
@@ -0,0 +1,18 @@
+#variable "dns_name" {} 
+#variable "account_id" {}
+# data "cloudflare_zone" "zone" {
+#   count =0
+#   name   = var.dns_name
+#   account_id = var.account_id
+# }
+
+# resource "cloudflare_record" "aws-ns-record" {
+#   count = 0
+# #  count = "${length(aws_route53_zone.primary.name_servers)}"
+#   #domain = "${var.domain_name}"
+#   name   = var.domain_name
+# #  zone_id = data.cloudflare_zone[0].zone.id
+#   content = "${element(aws_route53_zone.primary.name_servers, count.index)}"
+#   type     = "NS"
+#   priority = 1
+# }
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf
index 6c06194..896e006 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf
@@ -55,21 +55,6 @@ resource "aws_route53_record" "api-cname" {
   ]
 }
 
-data "cloudflare_zone" "zone" {
-  #type   = "full"
-  name   = "introspector.meme"
-  account_id = "0ceffbadd0a04623896f5317a1e40d94"
-}
-
-resource "cloudflare_record" "aws-ns-record" {
-  count = "${length(aws_route53_zone.primary.name_servers)}"
-  #domain = "${var.domain_name}"
-  name   = var.domain_name
-  zone_id = data.cloudflare_zone.zone.id
-  content = "${element(aws_route53_zone.primary.name_servers, count.index)}"
-  type     = "NS"
-  priority = 1
-}
 
 module "acm" {
 #  count = 0
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/main.tf
index ec203e8..36c5cbd 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/main.tf
@@ -1,6 +1,3 @@
-provider "aws" {
-  region = "us-east-1"
-}
 
 locals {
   ami = "ami-0e2c8caa4b6378d8c"
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/versions.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/versions.tf
index fd4d116..e69de29 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/versions.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/versions.tf
@@ -1,10 +0,0 @@
-terraform {
-  required_version = ">= 1.0"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 4.66"
-    }
-  }
-}
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/vpc/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/vpc/main.tf
index 5d60b80..2448aae 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/vpc/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/vpc/main.tf
@@ -2,9 +2,6 @@
 
 data "aws_availability_zones" "available" {}
 
-provider "aws" {
-  region = local.region
-}
 
 locals {
   name   = "swarms"
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/vpc/outputs.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/vpc/outputs.tf
index 655b291..5cb68e1 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/vpc/outputs.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/vpc/outputs.tf
@@ -549,3 +549,10 @@ output "vpc_flow_log_cloudwatch_iam_role_arn" {
 #   description = "ID of the security group"
 #   value       = module.vpc_endpoints.security_group_id
 # }
+output ec2_public_subnet_id_2 {
+  value = 1
+}
+
+output ec2_public_subnet_id_1 {
+  value = 1
+}
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/vpc/versions.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/vpc/versions.tf
index e1ed610..e69de29 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/vpc/versions.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/vpc/versions.tf
@@ -1,10 +0,0 @@
-terraform {
-  required_version = ">= 1.0"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 5.46"
-    }
-  }
-}
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf
index 629d942..3814095 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf
@@ -1,18 +1,36 @@
+variable domain {}
 locals {
   #  instance_type = "t3.large"
   #  instance_type = "t3.medium"
-  ami = "ami-0e2c8caa4b6378d8c"
+  #ami = "ami-0e2c8caa4b6378d8c"
+  ami_name = "ubuntu/images/hvm-ssd-gp3/ubuntu-noble-24.04-amd64-server-*"
   name   = "swarms"
-  region = "us-east-1"
-  domain = "api.introspector.meme"
-  ec2_public_subnet_id_1 = "subnet-057c90cfe7b2e5646" # swarms-public-us-east-1a
-  ec2_public_subnet_id_2 = "subnet-05d8aef1f71b5fe22" # b
-  vpc_id = "vpc-04f28c9347af48b55"
+  region = "us-east-2"
+  domain = var.domain
   tags = {
     project="swarms"
   }
 }
 
+data "aws_ami" "ami" {
+  most_recent      = true
+  name_regex       = "^${local.ami_name}"
+}
+
+locals {
+  ami_id  = data.aws_ami.ami.id
+}
+
+module "vpc" {
+  source = "./components/vpc"
+}
+
+locals {
+  ec2_public_subnet_id_1 = module.vpc.ec2_public_subnet_id_1
+  ec2_public_subnet_id_2 = module.vpc.ec2_public_subnet_id_2
+  vpc_id = module.vpc.vpc_id
+}
+
 module "security" {
   source = "./components/security"
 }

From 248221ca533a1890173f7148556033b0513ea73f Mon Sep 17 00:00:00 2001
From: mike dupont <mike.dupont@introspector.local>
Date: Mon, 16 Dec 2024 19:17:12 -0500
Subject: [PATCH 28/39] now applying

---
 Makefile                                      |    2 +
 accounts/swarms/main.tf                       |   25 +-
 accounts/swarms/main.txt                      | 1769 +++++++++++++++++
 .../dev/us-east-1/alb/main.tf                 |    0
 .../dev/us-east-1/asg/main.tf                 |    0
 .../application_load_balancer/https/main.tf   |   32 +
 .../application_load_balancer/main.tf         |  106 +-
 .../application_load_balancer/notes.prg       |  479 +++++
 .../application_load_balancer/route53/main.tf |   36 +
 .../target_group/main.tf                      |   34 +
 .../components/autoscaling_group/main.tf      |   63 +-
 .../components/launch_template/main.tf        |   29 +-
 .../components/machine_image/main.tf          |    4 -
 .../dev/us-east-1/components/security/main.tf |   26 +-
 .../dev/us-east-1/components/vpc/main.tf      |    7 +-
 .../dev/us-east-1/components/vpc/outputs.tf   |    4 +-
 .../dev/us-east-1/main.tf                     |   85 +-
 17 files changed, 2477 insertions(+), 224 deletions(-)
 create mode 100644 Makefile
 create mode 100644 accounts/swarms/main.txt
 create mode 100644 environments/swarms-aws-agent-api/dev/us-east-1/alb/main.tf
 create mode 100644 environments/swarms-aws-agent-api/dev/us-east-1/asg/main.tf
 create mode 100644 environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/https/main.tf
 create mode 100644 environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/notes.prg
 create mode 100644 environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/route53/main.tf
 create mode 100644 environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/target_group/main.tf

diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..de928aa
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,2 @@
+test:
+	find -name \*.tf -exec grep -r provider {} \; -print
diff --git a/accounts/swarms/main.tf b/accounts/swarms/main.tf
index ff3317e..2468b5b 100644
--- a/accounts/swarms/main.tf
+++ b/accounts/swarms/main.tf
@@ -1,9 +1,14 @@
 locals {
- dns = "api.swarms.ai"
-
+  #ami_name = "ubuntu/images/hvm-ssd-gp3/ubuntu-noble-24.04-amd64-server-*"
+  ami_name  = "ubuntu-minimal/images/hvm-ssd-gp3/ubuntu-noble-24.04-amd64-minimal-*"
+  dns = "api.swarms.ai"
+  account = "916723593639"
+  region  = "us-east-2"
 }
+
 provider aws {
   region = "us-east-2"
+  profile = "swarms"
 }
 output dns {
   value = local.dns
@@ -21,8 +26,24 @@ output region {
   value = "us-east-2"
 }
 
+#SLOW
+ data "aws_ami" "ami" {
+   most_recent      = true
+   name_regex       = "^${local.ami_name}"
+ }
+
 module "swarms_api" {
   source = "../../environments/swarms-aws-agent-api/dev/us-east-1"
   domain = local.dns
+  ami_id = data.aws_ami.ami.id
+  #"ami-0ad5d6c7069ce56ac"
+  #ami_id = "ami-0ad5d6c7069ce56ac"
+
+  name = "swarms"
+  tags = {project="swarms"}
+  
 }
 
+output api {
+  value = module.swarms_api
+}
diff --git a/accounts/swarms/main.txt b/accounts/swarms/main.txt
new file mode 100644
index 0000000..65f2ed4
--- /dev/null
+++ b/accounts/swarms/main.txt
@@ -0,0 +1,1769 @@
+mdupont@mdupont-G470:~/2024/12/swarms-terraform/accounts/swarms$ tofu apply
+module.swarms_api.module.vpc.data.aws_availability_zones.available: Reading...
+module.swarms_api.module.alb.module.alb.data.aws_partition.current: Reading...
+module.swarms_api.module.asg_dynamic["t3.medium"].module.autoscaling.data.aws_partition.current: Reading...
+module.swarms_api.module.kp.aws_key_pair.mdupont-deployer: Refreshing state... [id=mdupont-deployer-key]
+module.swarms_api.data.aws_ami.ami: Reading...
+module.swarms_api.module.alb.module.acm.aws_route53_record.validation[0]: Refreshing state... [id=Z05433953QQ7Q4A095TXN__2d35674ee842f81e6c1d4b1ff81bf202.api.swarms.ai._CNAME]
+module.swarms_api.module.alb.aws_route53_zone.primary: Refreshing state... [id=Z05433953QQ7Q4A095TXN]
+module.swarms_api.module.vpc.module.vpc.aws_vpc.this[0]: Refreshing state... [id=vpc-0474ec5cd8a0dd94b]
+module.swarms_api.module.alb.module.alb.data.aws_partition.current: Read complete after 0s [id=aws]
+module.swarms_api.module.asg_dynamic["t3.medium"].module.autoscaling.data.aws_partition.current: Read complete after 0s [id=aws]
+module.swarms_api.module.alb.module.acm.aws_acm_certificate.this[0]: Refreshing state... [id=arn:aws:acm:us-east-2:767503528736:certificate/e4c7475f-9b0a-471f-b02c-134759b27668]
+module.swarms_api.module.alb.data.aws_availability_zones.available: Reading...
+module.swarms_api.module.asg_dynamic["t3.medium"].aws_iam_role.ssm: Refreshing state... [id=ssm-swarms-size-t3.medium]
+module.swarms_api.module.asg_dynamic["t3.medium"].module.autoscaling.data.aws_iam_policy_document.assume_role_policy[0]: Reading...
+module.swarms_api.module.asg_dynamic["t3.medium"].module.autoscaling.data.aws_iam_policy_document.assume_role_policy[0]: Read complete after 0s [id=1256122602]
+module.swarms_api.module.asg_dynamic["t3.medium"].module.autoscaling.aws_iam_role.this[0]: Refreshing state... [id=ssm-swarms-size-t3.medium-20241216190828467900000002]
+module.swarms_api.module.alb.data.aws_availability_zones.available: Read complete after 0s [id=us-east-2]
+module.swarms_api.module.vpc.data.aws_availability_zones.available: Read complete after 0s [id=us-east-2]
+module.swarms_api.module.asg_dynamic["t3.medium"].aws_iam_instance_profile.ssm: Refreshing state... [id=ssm-swarms-size-t3.medium]
+module.swarms_api.module.asg_dynamic["t3.medium"].module.autoscaling.aws_iam_instance_profile.this[0]: Refreshing state... [id=ssm-swarms-size-t3.medium-20241216190828732900000006]
+module.swarms_api.module.asg_dynamic["t3.medium"].module.autoscaling.aws_iam_role_policy_attachment.this["AmazonSSMManagedInstanceCore"]: Refreshing state... [id=ssm-swarms-size-t3.medium-20241216190828467900000002-20241216190828805000000007]
+module.swarms_api.module.vpc.module.vpc.aws_default_route_table.default[0]: Refreshing state... [id=rtb-0834ea0a1cb0b3e20]
+module.swarms_api.module.vpc.module.vpc.aws_default_security_group.this[0]: Refreshing state... [id=sg-09e45cb7d4cd6e40f]
+module.swarms_api.module.vpc.module.vpc.aws_internet_gateway.this[0]: Refreshing state... [id=igw-094056be43e3ff84b]
+module.swarms_api.module.vpc.module.vpc.aws_default_network_acl.this[0]: Refreshing state... [id=acl-0757b0776826bfbf8]
+module.swarms_api.module.vpc.module.vpc.aws_route_table.public[0]: Refreshing state... [id=rtb-01ab4dcce11853b1d]
+module.swarms_api.module.vpc.module.vpc.aws_subnet.public[1]: Refreshing state... [id=subnet-0bc4a9913a3ce2359]
+module.swarms_api.module.vpc.module.vpc.aws_subnet.public[2]: Refreshing state... [id=subnet-02678c830b74a5b5d]
+module.swarms_api.module.vpc.module.vpc.aws_subnet.public[0]: Refreshing state... [id=subnet-0c0af7a5f74ac54cc]
+module.swarms_api.module.vpc.module.vpc.aws_route_table.private[0]: Refreshing state... [id=rtb-078545b8b8efb0295]
+module.swarms_api.module.vpc.module.vpc.aws_route_table.private[2]: Refreshing state... [id=rtb-062a89232fc0355b2]
+module.swarms_api.module.vpc.module.vpc.aws_route_table.private[1]: Refreshing state... [id=rtb-0513c8c9e488570c3]
+module.swarms_api.module.vpc.module.vpc.aws_subnet.private[0]: Refreshing state... [id=subnet-03f08e37b2201be9c]
+module.swarms_api.module.vpc.module.vpc.aws_subnet.private[1]: Refreshing state... [id=subnet-0e6c2fef4377b5590]
+module.swarms_api.module.vpc.module.vpc.aws_subnet.private[2]: Refreshing state... [id=subnet-0bbfe21680e03572b]
+module.swarms_api.module.vpc.module.vpc.aws_route.public_internet_gateway[0]: Refreshing state... [id=r-rtb-01ab4dcce11853b1d1080289494]
+module.swarms_api.module.alb.aws_lb_target_group.this: Refreshing state... [id=arn:aws:elasticloadbalancing:us-east-2:767503528736:targetgroup/swarms2024121619084133320000000c/001ec925380d4bcd]
+module.swarms_api.module.vpc.module.vpc.aws_route_table_association.public[2]: Refreshing state... [id=rtbassoc-037ae6ac8e6a6692b]
+module.swarms_api.module.vpc.module.vpc.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-07c9642c84441a2c1]
+module.swarms_api.module.vpc.module.vpc.aws_route_table_association.public[1]: Refreshing state... [id=rtbassoc-08546098c2d85fd6f]
+module.swarms_api.module.vpc.module.vpc.aws_route_table_association.private[0]: Refreshing state... [id=rtbassoc-02e71f6004f433e3e]
+module.swarms_api.module.vpc.module.vpc.aws_route_table_association.private[2]: Refreshing state... [id=rtbassoc-082b7f543579d5f38]
+module.swarms_api.module.vpc.module.vpc.aws_route_table_association.private[1]: Refreshing state... [id=rtbassoc-05cfcd90f6d653fe1]
+module.swarms_api.data.aws_ami.ami: Still reading... [10s elapsed]
+module.swarms_api.data.aws_ami.ami: Read complete after 13s [id=ami-0ad5d6c7069ce56ac]
+
+OpenTofu used the selected providers to generate the following execution plan. Resource actions are indicated with
+the following symbols:
+  + create
+  - destroy
+
+OpenTofu will perform the following actions:
+
+  # module.swarms_api.module.lt_dynamic["t3.medium"].aws_launch_template.ec2_launch_template will be created
+  + resource "aws_launch_template" "ec2_launch_template" {
+      + arn             = (known after apply)
+      + default_version = (known after apply)
+      + id              = (known after apply)
+      + image_id        = 
+      + instance_type   = "t3.medium"
+      + key_name        = "mdupont-deployer-key"
+      + latest_version  = (known after apply)
+      + name            = (known after apply)
+      + name_prefix     = "swarms-size-t3.medium-launch-template-"
+      + tags            = {
+          + "instance_type" = "t3.medium"
+          + "name"          = "swarms-size-t3.medium"
+          + "project"       = "swarms"
+        }
+      + tags_all        = {
+          + "instance_type" = "t3.medium"
+          + "name"          = "swarms-size-t3.medium"
+          + "project"       = "swarms"
+        }
+      + user_data       = "IyEvYmluL2Jhc2gKZXhwb3J0IEhPTUU9L3Jvb3QKYXB0IHVwZGF0ZQphcHQtZ2V0IGluc3RhbGwgLXkgZWMyLWluc3RhbmNlLWNvbm5lY3QgZ2l0IHZpcnR1YWxlbnYKc25hcCBpbnN0YWxsIGFtYXpvbi1zc20tYWdlbnQgLS1jbGFzc2ljIHx8IGVjaG8gb29wczEKc25hcCBzdGFydCBhbWF6b24tc3NtLWFnZW50IHx8IGVjaG8gb29wczIKYXB0LWdldCBpbnN0YWxsIC15IC0tbm8taW5zdGFsbC1yZWNvbW1lbmRzIGNhLWNlcnRpZmljYXRlcz0yMDIzMDMxMSBjdXJsPTcuODguMS0xMCtkZWIxMnU3IHwgIGVjaG8gb29wcwpjdXJsIC1PICJodHRwczovL3MzLmFtYXpvbmF3cy5jb20vYW1hem9uY2xvdWR3YXRjaC1hZ2VudC91YnVudHUvJChkcGtnIC0tcHJpbnQtYXJjaGl0ZWN0dXJlKS9sYXRlc3QvYW1hem9uLWNsb3Vkd2F0Y2gtYWdlbnQuZGViIgpkcGtnIC1pIC1FIGFtYXpvbi1jbG91ZHdhdGNoLWFnZW50LmRlYgogCmlmIFsgISAtZCAiL29wdC9zd2FybXMvIiBdOyB0aGVuCiAgZ2l0IGNsb25lIGh0dHBzOi8vZ2l0aHViLmNvbS9qbWlrZWR1cG9udDIvc3dhcm1zICIvb3B0L3N3YXJtcy8iCmZpCmNkICIvb3B0L3N3YXJtcy8iIHx8IGV4aXQgMQpleHBvcnQgQlJBTkNIPWZlYXR1cmUvZWMyCmdpdCBzdGFzaApnaXQgY2hlY2tvdXQgLS1mb3JjZSAkQlJBTkNICmJhc2ggLXggL29wdC9zd2FybXMvYXBpL2luc3RhbGwuc2gK"
+
+      + block_device_mappings {
+          + device_name = "/dev/sda1"
+
+          + ebs {
+              + encrypted   = "true"
+              + iops        = (known after apply)
+              + throughput  = (known after apply)
+              + volume_size = 30
+              + volume_type = "gp3"
+            }
+        }
+
+      + iam_instance_profile {
+          + name = "swarms-20241213150629570500000003"
+        }
+
+      + network_interfaces {
+          + associate_public_ip_address = "true"
+          + delete_on_termination       = "true"
+          + security_groups             = (known after apply)
+        }
+    }
+
+  # module.swarms_api.module.alb.module.acm.aws_acm_certificate.this[0] will be destroyed
+  # (because aws_acm_certificate.this is not in configuration)
+  - resource "aws_acm_certificate" "this" {
+      - arn                       = "arn:aws:acm:us-east-2:767503528736:certificate/e4c7475f-9b0a-471f-b02c-134759b27668" -> null
+      - domain_name               = "api.swarms.ai" -> null
+      - domain_validation_options = [
+          - {
+              - domain_name           = "*.api.swarms.ai"
+              - resource_record_name  = "_2d35674ee842f81e6c1d4b1ff81bf202.api.swarms.ai."
+              - resource_record_type  = "CNAME"
+              - resource_record_value = "_14001873a994d4ba61251844ed588611.zfyfvmchrl.acm-validations.aws."
+            },
+          - {
+              - domain_name           = "api.swarms.ai"
+              - resource_record_name  = "_2d35674ee842f81e6c1d4b1ff81bf202.api.swarms.ai."
+              - resource_record_type  = "CNAME"
+              - resource_record_value = "_14001873a994d4ba61251844ed588611.zfyfvmchrl.acm-validations.aws."
+            },
+        ] -> null
+      - id                        = "arn:aws:acm:us-east-2:767503528736:certificate/e4c7475f-9b0a-471f-b02c-134759b27668" -> null
+      - key_algorithm             = "RSA_2048" -> null
+      - pending_renewal           = false -> null
+      - renewal_eligibility       = "INELIGIBLE" -> null
+      - renewal_summary           = [] -> null
+      - status                    = "PENDING_VALIDATION" -> null
+      - subject_alternative_names = [
+          - "*.api.swarms.ai",
+          - "api.swarms.ai",
+        ] -> null
+      - tags                      = {} -> null
+      - tags_all                  = {} -> null
+      - type                      = "AMAZON_ISSUED" -> null
+      - validation_emails         = [] -> null
+      - validation_method         = "DNS" -> null
+
+      - options {
+          - certificate_transparency_logging_preference = "ENABLED" -> null
+        }
+    }
+
+  # module.swarms_api.module.alb.module.acm.aws_route53_record.validation[0] will be destroyed
+  # (because aws_route53_record.validation is not in configuration)
+  - resource "aws_route53_record" "validation" {
+      - allow_overwrite                  = true -> null
+      - fqdn                             = "_2d35674ee842f81e6c1d4b1ff81bf202.api.swarms.ai" -> null
+      - id                               = "Z05433953QQ7Q4A095TXN__2d35674ee842f81e6c1d4b1ff81bf202.api.swarms.ai._CNAME" -> null
+      - multivalue_answer_routing_policy = false -> null
+      - name                             = "_2d35674ee842f81e6c1d4b1ff81bf202.api.swarms.ai" -> null
+      - records                          = [
+          - "_14001873a994d4ba61251844ed588611.zfyfvmchrl.acm-validations.aws.",
+        ] -> null
+      - ttl                              = 60 -> null
+      - type                             = "CNAME" -> null
+      - zone_id                          = "Z05433953QQ7Q4A095TXN" -> null
+    }
+
+  # module.swarms_api.module.alb.module.alb.aws_lb.this[0] will be created
+  + resource "aws_lb" "this" {
+      + arn                                                          = (known after apply)
+      + arn_suffix                                                   = (known after apply)
+      + client_keep_alive                                            = 7200
+      + desync_mitigation_mode                                       = "defensive"
+      + dns_name                                                     = (known after apply)
+      + drop_invalid_header_fields                                   = true
+      + enable_deletion_protection                                   = false
+      + enable_http2                                                 = true
+      + enable_tls_version_and_cipher_suite_headers                  = false
+      + enable_waf_fail_open                                         = false
+      + enable_xff_client_port                                       = false
+      + enforce_security_group_inbound_rules_on_private_link_traffic = (known after apply)
+      + id                                                           = (known after apply)
+      + idle_timeout                                                 = 60
+      + internal                                                     = (known after apply)
+      + ip_address_type                                              = (known after apply)
+      + load_balancer_type                                           = "application"
+      + name                                                         = "swarms-api"
+      + name_prefix                                                  = (known after apply)
+      + preserve_host_header                                         = false
+      + security_groups                                              = (known after apply)
+      + subnets                                                      = [
+          + "1",
+        ]
+      + tags                                                         = {
+          + "Example"               = "ex-swarms"
+          + "Name"                  = "ex-swarms"
+          + "Repository"            = "https://github.com/terraform-aws-modules/terraform-aws-alb"
+          + "terraform-aws-modules" = "alb"
+        }
+      + tags_all                                                     = {
+          + "Example"               = "ex-swarms"
+          + "Name"                  = "ex-swarms"
+          + "Repository"            = "https://github.com/terraform-aws-modules/terraform-aws-alb"
+          + "terraform-aws-modules" = "alb"
+        }
+      + vpc_id                                                       = (known after apply)
+      + xff_header_processing_mode                                   = "append"
+      + zone_id                                                      = (known after apply)
+
+      + timeouts {}
+    }
+
+  # module.swarms_api.module.asg_dynamic["t3.medium"].module.autoscaling.aws_autoscaling_group.this[0] will be created
+  + resource "aws_autoscaling_group" "this" {
+      + arn                              = (known after apply)
+      + availability_zones               = (known after apply)
+      + default_cooldown                 = (known after apply)
+      + desired_capacity                 = 1
+      + force_delete                     = false
+      + force_delete_warm_pool           = false
+      + health_check_grace_period        = 300
+      + health_check_type                = "EC2"
+      + id                               = (known after apply)
+      + ignore_failed_scaling_activities = false
+      + load_balancers                   = (known after apply)
+      + max_size                         = 5
+      + metrics_granularity              = "1Minute"
+      + min_size                         = 1
+      + name                             = (known after apply)
+      + name_prefix                      = "swarms-size-t3.medium-"
+      + predicted_capacity               = (known after apply)
+      + protect_from_scale_in            = false
+      + service_linked_role_arn          = (known after apply)
+      + target_group_arns                = (known after apply)
+      + termination_policies             = []
+      + vpc_zone_identifier              = [
+          + "subnet-057c90cfe7b2e5646",
+        ]
+      + wait_for_capacity_timeout        = "10m"
+      + warm_pool_size                   = (known after apply)
+
+      + launch_template {
+          + id      = (known after apply)
+          + name    = (known after apply)
+          + version = "$Latest"
+        }
+
+      + tag {
+          + key                 = "Name"
+          + propagate_at_launch = true
+          + value               = "swarms-size-t3.medium"
+        }
+
+      + timeouts {}
+    }
+
+  # module.swarms_api.module.asg_dynamic["t3.medium"].module.autoscaling.aws_autoscaling_traffic_source_attachment.this["ex-alb"] will be created
+  + resource "aws_autoscaling_traffic_source_attachment" "this" {
+      + autoscaling_group_name = (known after apply)
+      + id                     = (known after apply)
+
+      + traffic_source {
+          + identifier = "arn:aws:elasticloadbalancing:us-east-2:767503528736:targetgroup/swarms2024121619084133320000000c/001ec925380d4bcd"
+          + type       = "elbv2"
+        }
+    }
+
+  # module.swarms_api.module.security.module.asg_sg.aws_security_group.this_name_prefix[0] will be created
+  + resource "aws_security_group" "this_name_prefix" {
+      + arn                    = (known after apply)
+      + description            = "external group"
+      + egress                 = (known after apply)
+      + id                     = (known after apply)
+      + ingress                = (known after apply)
+      + name                   = (known after apply)
+      + name_prefix            = "swarms-external-"
+      + owner_id               = (known after apply)
+      + revoke_rules_on_delete = false
+      + tags                   = {
+          + "Name"    = "swarms-external"
+          + "project" = "swarms"
+        }
+      + tags_all               = {
+          + "Name"    = "swarms-external"
+          + "project" = "swarms"
+        }
+      + vpc_id                 = "vpc-04f28c9347af48b55"
+
+      + timeouts {
+          + create = "10m"
+          + delete = "15m"
+        }
+    }
+
+  # module.swarms_api.module.security.module.asg_sg.aws_security_group_rule.egress_rules[0] will be created
+  + resource "aws_security_group_rule" "egress_rules" {
+      + cidr_blocks              = [
+          + "0.0.0.0/0",
+        ]
+      + description              = "All protocols"
+      + from_port                = -1
+      + id                       = (known after apply)
+      + ipv6_cidr_blocks         = [
+          + "::/0",
+        ]
+      + prefix_list_ids          = []
+      + protocol                 = "-1"
+      + security_group_id        = (known after apply)
+      + security_group_rule_id   = (known after apply)
+      + self                     = false
+      + source_security_group_id = (known after apply)
+      + to_port                  = -1
+      + type                     = "egress"
+    }
+
+  # module.swarms_api.module.security.module.asg_sg.aws_security_group_rule.ingress_rules[0] will be created
+  + resource "aws_security_group_rule" "ingress_rules" {
+      + cidr_blocks              = [
+          + "0.0.0.0/0",
+        ]
+      + description              = "HTTPS"
+      + from_port                = 443
+      + id                       = (known after apply)
+      + ipv6_cidr_blocks         = []
+      + prefix_list_ids          = []
+      + protocol                 = "tcp"
+      + security_group_id        = (known after apply)
+      + security_group_rule_id   = (known after apply)
+      + self                     = false
+      + source_security_group_id = (known after apply)
+      + to_port                  = 443
+      + type                     = "ingress"
+    }
+
+  # module.swarms_api.module.security.module.asg_sg.aws_security_group_rule.ingress_rules[1] will be created
+  + resource "aws_security_group_rule" "ingress_rules" {
+      + cidr_blocks              = [
+          + "0.0.0.0/0",
+        ]
+      + description              = "HTTP"
+      + from_port                = 80
+      + id                       = (known after apply)
+      + ipv6_cidr_blocks         = []
+      + prefix_list_ids          = []
+      + protocol                 = "tcp"
+      + security_group_id        = (known after apply)
+      + security_group_rule_id   = (known after apply)
+      + self                     = false
+      + source_security_group_id = (known after apply)
+      + to_port                  = 80
+      + type                     = "ingress"
+    }
+
+  # module.swarms_api.module.security.module.asg_sg_internal.aws_security_group.this_name_prefix[0] will be created
+  + resource "aws_security_group" "this_name_prefix" {
+      + arn                    = (known after apply)
+      + description            = "An internal security group"
+      + egress                 = (known after apply)
+      + id                     = (known after apply)
+      + ingress                = (known after apply)
+      + name                   = (known after apply)
+      + name_prefix            = "swarms-internal-"
+      + owner_id               = (known after apply)
+      + revoke_rules_on_delete = false
+      + tags                   = {
+          + "Name"    = "swarms-internal"
+          + "project" = "swarms"
+        }
+      + tags_all               = {
+          + "Name"    = "swarms-internal"
+          + "project" = "swarms"
+        }
+      + vpc_id                 = "vpc-04f28c9347af48b55"
+
+      + timeouts {
+          + create = "10m"
+          + delete = "15m"
+        }
+    }
+
+  # module.swarms_api.module.security.module.asg_sg_internal.aws_security_group_rule.egress_rules[0] will be created
+  + resource "aws_security_group_rule" "egress_rules" {
+      + cidr_blocks              = [
+          + "0.0.0.0/0",
+        ]
+      + description              = "All protocols"
+      + from_port                = -1
+      + id                       = (known after apply)
+      + ipv6_cidr_blocks         = [
+          + "::/0",
+        ]
+      + prefix_list_ids          = []
+      + protocol                 = "-1"
+      + security_group_id        = (known after apply)
+      + security_group_rule_id   = (known after apply)
+      + self                     = false
+      + source_security_group_id = (known after apply)
+      + to_port                  = -1
+      + type                     = "egress"
+    }
+
+  # module.swarms_api.module.security.module.asg_sg_internal.aws_security_group_rule.ingress_with_source_security_group_id[0] will be created
+  + resource "aws_security_group_rule" "ingress_with_source_security_group_id" {
+      + description              = "Ingress Rule"
+      + from_port                = 80
+      + id                       = (known after apply)
+      + prefix_list_ids          = []
+      + protocol                 = "tcp"
+      + security_group_id        = (known after apply)
+      + security_group_rule_id   = (known after apply)
+      + self                     = false
+      + source_security_group_id = (known after apply)
+      + to_port                  = 80
+      + type                     = "ingress"
+    }
+
+
+
+
+mdupont@mdupont-G470:~/2024/12/swarms-terraform/accounts/swarms$ tofu apply -auto-approve
+module.swarms_api.module.alb.module.route53.data.aws_route53_zone.primary: Reading...
+module.swarms_api.module.alb.module.alb.data.aws_partition.current: Reading...
+module.swarms_api.module.vpc.data.aws_availability_zones.available: Reading...
+module.swarms_api.module.alb.data.aws_availability_zones.available: Reading...
+module.swarms_api.module.kp.aws_key_pair.mdupont-deployer: Refreshing state... [id=mdupont-deployer-key]
+module.swarms_api.module.vpc.module.vpc.aws_vpc.this[0]: Refreshing state... [id=vpc-0b4cedd083227068d]
+module.swarms_api.module.alb.module.alb.data.aws_partition.current: Read complete after 0s [id=aws]
+module.swarms_api.module.alb.data.aws_availability_zones.available: Read complete after 0s [id=us-east-2]
+module.swarms_api.module.vpc.data.aws_availability_zones.available: Read complete after 0s [id=us-east-2]
+module.swarms_api.module.alb.module.route53.data.aws_route53_zone.primary: Read complete after 0s [id=Z04162952OP7P14Z97UWY]
+module.swarms_api.module.vpc.module.vpc.aws_default_route_table.default[0]: Refreshing state... [id=rtb-053dc8c3d37f2f58f]
+module.swarms_api.module.vpc.module.vpc.aws_default_security_group.this[0]: Refreshing state... [id=sg-0a42c3ef338285431]
+module.swarms_api.module.vpc.module.vpc.aws_default_network_acl.this[0]: Refreshing state... [id=acl-07d9084294e0492bd]
+module.swarms_api.module.vpc.module.vpc.aws_route_table.private[1]: Refreshing state... [id=rtb-0bbc3caa1cdc40cd0]
+module.swarms_api.module.vpc.module.vpc.aws_route_table.private[0]: Refreshing state... [id=rtb-033eec802f743baca]
+module.swarms_api.module.vpc.module.vpc.aws_route_table.private[2]: Refreshing state... [id=rtb-081f2bb265d2703ee]
+module.swarms_api.module.vpc.module.vpc.aws_subnet.public[2]: Refreshing state... [id=subnet-027f4abd09a6543f0]
+module.swarms_api.module.vpc.module.vpc.aws_route_table.public[0]: Refreshing state... [id=rtb-0445a2ea1c510657b]
+module.swarms_api.module.vpc.module.vpc.aws_subnet.public[0]: Refreshing state... [id=subnet-04b3bdd4b0dc877f0]
+module.swarms_api.module.vpc.module.vpc.aws_subnet.public[1]: Refreshing state... [id=subnet-051fecdee9028af79]
+module.swarms_api.module.vpc.module.vpc.aws_subnet.private[1]: Refreshing state... [id=subnet-0de17633cfb166d29]
+module.swarms_api.module.vpc.module.vpc.aws_subnet.private[0]: Refreshing state... [id=subnet-0ea44af2f97e12b1a]
+module.swarms_api.module.vpc.module.vpc.aws_subnet.private[2]: Refreshing state... [id=subnet-0e926a2b5ae3f5acc]
+module.swarms_api.module.vpc.module.vpc.aws_internet_gateway.this[0]: Refreshing state... [id=igw-022da11de86f41ae0]
+module.swarms_api.module.security.module.asg_sg_internal.aws_security_group.this_name_prefix[0]: Refreshing state... [id=sg-0516329c97694b300]
+module.swarms_api.module.security.module.asg_sg.aws_security_group.this_name_prefix[0]: Refreshing state... [id=sg-09e0227357b33ab1e]
+module.swarms_api.module.alb.module.tg.aws_lb_target_group.this: Refreshing state... [id=arn:aws:elasticloadbalancing:us-east-2:916723593639:targetgroup/swarms2024121620041957850000000a/e915743119e96771]
+module.swarms_api.module.vpc.module.vpc.aws_route_table_association.public[1]: Refreshing state... [id=rtbassoc-000d8799150d904e6]
+module.swarms_api.module.vpc.module.vpc.aws_route_table_association.public[2]: Refreshing state... [id=rtbassoc-0b047c79fe554852d]
+module.swarms_api.module.vpc.module.vpc.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-033c4fa608f79a594]
+module.swarms_api.module.vpc.module.vpc.aws_route.public_internet_gateway[0]: Refreshing state... [id=r-rtb-0445a2ea1c510657b1080289494]
+module.swarms_api.module.vpc.module.vpc.aws_route_table_association.private[0]: Refreshing state... [id=rtbassoc-06f87a2b8106090d9]
+module.swarms_api.module.vpc.module.vpc.aws_route_table_association.private[2]: Refreshing state... [id=rtbassoc-0657562cf0177710a]
+module.swarms_api.module.vpc.module.vpc.aws_route_table_association.private[1]: Refreshing state... [id=rtbassoc-085a04c2858a3164e]
+module.swarms_api.module.security.module.asg_sg_internal.aws_security_group_rule.egress_rules[0]: Refreshing state... [id=sgrule-1938904650]
+module.swarms_api.module.security.module.asg_sg.aws_security_group_rule.ingress_rules[0]: Refreshing state... [id=sgrule-2188377888]
+module.swarms_api.module.security.module.asg_sg.aws_security_group_rule.ingress_rules[1]: Refreshing state... [id=sgrule-1557830365]
+module.swarms_api.module.security.module.asg_sg.aws_security_group_rule.egress_rules[0]: Refreshing state... [id=sgrule-2310235202]
+module.swarms_api.module.security.module.asg_sg_internal.aws_security_group_rule.ingress_with_source_security_group_id[0]: Refreshing state... [id=sgrule-513653582]
+module.swarms_api.module.lt_dynamic["t3.medium"].aws_launch_template.ec2_launch_template: Refreshing state... [id=lt-0ef5358bfbb143f2d]
+
+OpenTofu used the selected providers to generate the following execution plan. Resource actions are indicated with
+the following symbols:
+  + create
+
+OpenTofu will perform the following actions:
+
+  # module.swarms_api.module.alb.module.alb.aws_lb.this[0] will be created
+  + resource "aws_lb" "this" {
+      + arn                                                          = (known after apply)
+      + arn_suffix                                                   = (known after apply)
+      + client_keep_alive                                            = 7200
+      + desync_mitigation_mode                                       = "defensive"
+      + dns_name                                                     = (known after apply)
+      + drop_invalid_header_fields                                   = true
+      + enable_deletion_protection                                   = false
+      + enable_http2                                                 = true
+      + enable_tls_version_and_cipher_suite_headers                  = false
+      + enable_waf_fail_open                                         = false
+      + enable_xff_client_port                                       = false
+      + enforce_security_group_inbound_rules_on_private_link_traffic = (known after apply)
+      + id                                                           = (known after apply)
+      + idle_timeout                                                 = 60
+      + internal                                                     = (known after apply)
+      + ip_address_type                                              = (known after apply)
+      + load_balancer_type                                           = "application"
+      + name                                                         = "swarms-api"
+      + name_prefix                                                  = (known after apply)
+      + preserve_host_header                                         = false
+      + security_groups                                              = [
+          + "sg-09e0227357b33ab1e",
+        ]
+      + subnets                                                      = [
+          + "1",
+        ]
+      + tags                                                         = {
+          + "Example"               = "ex-swarms"
+          + "Name"                  = "ex-swarms"
+          + "Repository"            = "https://github.com/terraform-aws-modules/terraform-aws-alb"
+          + "terraform-aws-modules" = "alb"
+        }
+      + tags_all                                                     = {
+          + "Example"               = "ex-swarms"
+          + "Name"                  = "ex-swarms"
+          + "Repository"            = "https://github.com/terraform-aws-modules/terraform-aws-alb"
+          + "terraform-aws-modules" = "alb"
+        }
+      + vpc_id                                                       = (known after apply)
+      + xff_header_processing_mode                                   = "append"
+      + zone_id                                                      = (known after apply)
+
+      + timeouts {}
+    }
+
+  # module.swarms_api.module.alb.module.route53.aws_route53_record.api-cname will be created
+  + resource "aws_route53_record" "api-cname" {
+      + allow_overwrite = (known after apply)
+      + fqdn            = (known after apply)
+      + id              = (known after apply)
+      + name            = "api.swarms.ai"
+      + records         = (known after apply)
+      + ttl             = 5
+      + type            = "CNAME"
+      + zone_id         = "Z04162952OP7P14Z97UWY"
+    }
+
+Plan: 2 to add, 0 to change, 0 to destroy.
+module.swarms_api.module.alb.module.alb.aws_lb.this[0]: Creating...
+╷
+│ Error: creating ELBv2 application Load Balancer (swarms-api): operation error Elastic Load Balancing v2: CreateLoadBalancer, https response error StatusCode: 400, RequestID: 33d4b4ca-900e-4148-989a-932978bd7bfc, InvalidSubnet: The subnet ID '1' is not valid
+│ 
+│   with module.swarms_api.module.alb.module.alb.aws_lb.this[0],
+│   on .terraform/modules/swarms_api.alb.alb/main.tf line 12, in resource "aws_lb" "this":
+│   12: resource "aws_lb" "this" {
+│ 
+╵
+mdupont@mdupont-G470:~/2024/12/swarms-terraform/accounts/swarms$ tofu apply -auto-approve
+╷
+│ Error: Reference to undeclared module
+│ 
+│   on ../../environments/swarms-aws-agent-api/dev/us-east-1/main.tf line 107, in output "alb":
+│  107:   value = module.alb
+│ 
+│ No module call named "alb" is declared in module.swarms_api.
+╵
+mdupont@mdupont-G470:~/2024/12/swarms-terraform/accounts/swarms$ tofu apply -auto-approve
+╷
+│ Error: Reference to undeclared module
+│ 
+│   on ../../environments/swarms-aws-agent-api/dev/us-east-1/main.tf line 107, in output "alb":
+│  107:   value = module.alb
+│ 
+│ No module call named "alb" is declared in module.swarms_api.
+╵
+mdupont@mdupont-G470:~/2024/12/swarms-terraform/accounts/swarms$ 
+mdupont@mdupont-G470:~/2024/12/swarms-terraform/accounts/swarms$ tofu apply -auto-approve
+module.swarms_api.module.vpc.data.aws_availability_zones.available: Reading...
+module.swarms_api.module.kp.aws_key_pair.mdupont-deployer: Refreshing state... [id=mdupont-deployer-key]
+module.swarms_api.module.vpc.module.vpc.aws_vpc.this[0]: Refreshing state... [id=vpc-0b4cedd083227068d]
+module.swarms_api.module.alb.module.tg.aws_lb_target_group.this: Refreshing state... [id=arn:aws:elasticloadbalancing:us-east-2:916723593639:targetgroup/swarms2024121620041957850000000a/e915743119e96771]
+module.swarms_api.module.vpc.data.aws_availability_zones.available: Read complete after 0s [id=us-east-2]
+module.swarms_api.module.vpc.module.vpc.aws_default_security_group.this[0]: Refreshing state... [id=sg-0a42c3ef338285431]
+module.swarms_api.module.vpc.module.vpc.aws_default_route_table.default[0]: Refreshing state... [id=rtb-053dc8c3d37f2f58f]
+module.swarms_api.module.vpc.module.vpc.aws_route_table.public[0]: Refreshing state... [id=rtb-0445a2ea1c510657b]
+module.swarms_api.module.vpc.module.vpc.aws_default_network_acl.this[0]: Refreshing state... [id=acl-07d9084294e0492bd]
+module.swarms_api.module.vpc.module.vpc.aws_subnet.public[1]: Refreshing state... [id=subnet-051fecdee9028af79]
+module.swarms_api.module.vpc.module.vpc.aws_subnet.public[2]: Refreshing state... [id=subnet-027f4abd09a6543f0]
+module.swarms_api.module.vpc.module.vpc.aws_subnet.public[0]: Refreshing state... [id=subnet-04b3bdd4b0dc877f0]
+module.swarms_api.module.vpc.module.vpc.aws_route_table.private[0]: Refreshing state... [id=rtb-033eec802f743baca]
+module.swarms_api.module.vpc.module.vpc.aws_route_table.private[2]: Refreshing state... [id=rtb-081f2bb265d2703ee]
+module.swarms_api.module.vpc.module.vpc.aws_route_table.private[1]: Refreshing state... [id=rtb-0bbc3caa1cdc40cd0]
+module.swarms_api.module.vpc.module.vpc.aws_internet_gateway.this[0]: Refreshing state... [id=igw-022da11de86f41ae0]
+module.swarms_api.module.vpc.module.vpc.aws_subnet.private[0]: Refreshing state... [id=subnet-0ea44af2f97e12b1a]
+module.swarms_api.module.vpc.module.vpc.aws_subnet.private[1]: Refreshing state... [id=subnet-0de17633cfb166d29]
+module.swarms_api.module.vpc.module.vpc.aws_subnet.private[2]: Refreshing state... [id=subnet-0e926a2b5ae3f5acc]
+module.swarms_api.module.security.module.asg_sg_internal.aws_security_group.this_name_prefix[0]: Refreshing state... [id=sg-0516329c97694b300]
+module.swarms_api.module.security.module.asg_sg.aws_security_group.this_name_prefix[0]: Refreshing state... [id=sg-09e0227357b33ab1e]
+module.swarms_api.module.vpc.module.vpc.aws_route.public_internet_gateway[0]: Refreshing state... [id=r-rtb-0445a2ea1c510657b1080289494]
+module.swarms_api.module.vpc.module.vpc.aws_route_table_association.public[2]: Refreshing state... [id=rtbassoc-0b047c79fe554852d]
+module.swarms_api.module.vpc.module.vpc.aws_route_table_association.public[1]: Refreshing state... [id=rtbassoc-000d8799150d904e6]
+module.swarms_api.module.vpc.module.vpc.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-033c4fa608f79a594]
+module.swarms_api.module.vpc.module.vpc.aws_route_table_association.private[2]: Refreshing state... [id=rtbassoc-0657562cf0177710a]
+module.swarms_api.module.vpc.module.vpc.aws_route_table_association.private[0]: Refreshing state... [id=rtbassoc-06f87a2b8106090d9]
+module.swarms_api.module.vpc.module.vpc.aws_route_table_association.private[1]: Refreshing state... [id=rtbassoc-085a04c2858a3164e]
+module.swarms_api.module.security.module.asg_sg_internal.aws_security_group_rule.egress_rules[0]: Refreshing state... [id=sgrule-1938904650]
+module.swarms_api.module.security.module.asg_sg.aws_security_group_rule.ingress_rules[1]: Refreshing state... [id=sgrule-1557830365]
+module.swarms_api.module.security.module.asg_sg.aws_security_group_rule.ingress_rules[0]: Refreshing state... [id=sgrule-2188377888]
+module.swarms_api.module.security.module.asg_sg.aws_security_group_rule.egress_rules[0]: Refreshing state... [id=sgrule-2310235202]
+module.swarms_api.module.security.module.asg_sg_internal.aws_security_group_rule.ingress_with_source_security_group_id[0]: Refreshing state... [id=sgrule-513653582]
+module.swarms_api.module.lt_dynamic["t3.medium"].aws_launch_template.ec2_launch_template: Refreshing state... [id=lt-0ef5358bfbb143f2d]
+
+OpenTofu used the selected providers to generate the following execution plan. Resource actions are indicated with
+the following symbols:
+  - destroy
+
+OpenTofu will perform the following actions:
+
+  # module.swarms_api.module.alb.module.tg.aws_lb_target_group.this will be destroyed
+  # (because aws_lb_target_group.this is not in configuration)
+  - resource "aws_lb_target_group" "this" {
+      - arn                                = "arn:aws:elasticloadbalancing:us-east-2:916723593639:targetgroup/swarms2024121620041957850000000a/e915743119e96771" -> null
+      - arn_suffix                         = "targetgroup/swarms2024121620041957850000000a/e915743119e96771" -> null
+      - deregistration_delay               = "10" -> null
+      - id                                 = "arn:aws:elasticloadbalancing:us-east-2:916723593639:targetgroup/swarms2024121620041957850000000a/e915743119e96771" -> null
+      - ip_address_type                    = "ipv4" -> null
+      - lambda_multi_value_headers_enabled = false -> null
+      - load_balancer_arns                 = [] -> null
+      - load_balancing_algorithm_type      = "round_robin" -> null
+      - load_balancing_anomaly_mitigation  = "off" -> null
+      - load_balancing_cross_zone_enabled  = "use_load_balancer_configuration" -> null
+      - name                               = "swarms2024121620041957850000000a" -> null
+      - name_prefix                        = "swarms" -> null
+      - port                               = 80 -> null
+      - protocol                           = "HTTP" -> null
+      - protocol_version                   = "HTTP1" -> null
+      - proxy_protocol_v2                  = false -> null
+      - slow_start                         = 0 -> null
+      - tags                               = {} -> null
+      - tags_all                           = {} -> null
+      - target_type                        = "instance" -> null
+      - vpc_id                             = "vpc-0b4cedd083227068d" -> null
+
+      - health_check {
+          - enabled             = true -> null
+          - healthy_threshold   = 10 -> null
+          - interval            = 130 -> null
+          - matcher             = "200" -> null
+          - path                = "/v1/docs" -> null
+          - port                = "traffic-port" -> null
+          - protocol            = "HTTP" -> null
+          - timeout             = 120 -> null
+          - unhealthy_threshold = 10 -> null
+        }
+
+      - stickiness {
+          - cookie_duration = 86400 -> null
+          - enabled         = false -> null
+          - type            = "lb_cookie" -> null
+        }
+
+      - target_failover {}
+
+      - target_group_health {
+          - dns_failover {
+              - minimum_healthy_targets_count      = "1" -> null
+              - minimum_healthy_targets_percentage = "off" -> null
+            }
+          - unhealthy_state_routing {
+              - minimum_healthy_targets_count      = 1 -> null
+              - minimum_healthy_targets_percentage = "off" -> null
+            }
+        }
+
+      - target_health_state {}
+    }
+
+Plan: 0 to add, 0 to change, 1 to destroy.
+module.swarms_api.module.alb.module.tg.aws_lb_target_group.this: Destroying... [id=arn:aws:elasticloadbalancing:us-east-2:916723593639:targetgroup/swarms2024121620041957850000000a/e915743119e96771]
+module.swarms_api.module.alb.module.tg.aws_lb_target_group.this: Destruction complete after 1s
+
+Apply complete! Resources: 0 added, 0 changed, 1 destroyed.
+
+Outputs:
+
+account = "916723593639"
+dns = "api.swarms.ai"
+profile = "swarms"
+region = "us-east-2"
+mdupont@mdupont-G470:~/2024/12/swarms-terraform/accounts/swarms$ tofu output
+account = "916723593639"
+dns = "api.swarms.ai"
+profile = "swarms"
+region = "us-east-2"
+mdupont@mdupont-G470:~/2024/12/swarms-terraform/accounts/swarms$ tofu output
+account = "916723593639"
+dns = "api.swarms.ai"
+profile = "swarms"
+region = "us-east-2"
+mdupont@mdupont-G470:~/2024/12/swarms-terraform/accounts/swarms$ tofu apply
+module.swarms_api.module.vpc.data.aws_availability_zones.available: Reading...
+module.swarms_api.module.kp.aws_key_pair.mdupont-deployer: Refreshing state... [id=mdupont-deployer-key]
+module.swarms_api.module.vpc.module.vpc.aws_vpc.this[0]: Refreshing state... [id=vpc-0b4cedd083227068d]
+module.swarms_api.module.vpc.data.aws_availability_zones.available: Read complete after 0s [id=us-east-2]
+module.swarms_api.module.vpc.module.vpc.aws_default_route_table.default[0]: Refreshing state... [id=rtb-053dc8c3d37f2f58f]
+module.swarms_api.module.vpc.module.vpc.aws_default_security_group.this[0]: Refreshing state... [id=sg-0a42c3ef338285431]
+module.swarms_api.module.vpc.module.vpc.aws_route_table.public[0]: Refreshing state... [id=rtb-0445a2ea1c510657b]
+module.swarms_api.module.vpc.module.vpc.aws_default_network_acl.this[0]: Refreshing state... [id=acl-07d9084294e0492bd]
+module.swarms_api.module.vpc.module.vpc.aws_subnet.private[2]: Refreshing state... [id=subnet-0e926a2b5ae3f5acc]
+module.swarms_api.module.vpc.module.vpc.aws_subnet.public[2]: Refreshing state... [id=subnet-027f4abd09a6543f0]
+module.swarms_api.module.vpc.module.vpc.aws_subnet.private[0]: Refreshing state... [id=subnet-0ea44af2f97e12b1a]
+module.swarms_api.module.vpc.module.vpc.aws_subnet.public[0]: Refreshing state... [id=subnet-04b3bdd4b0dc877f0]
+module.swarms_api.module.vpc.module.vpc.aws_subnet.public[1]: Refreshing state... [id=subnet-051fecdee9028af79]
+module.swarms_api.module.vpc.module.vpc.aws_subnet.private[1]: Refreshing state... [id=subnet-0de17633cfb166d29]
+module.swarms_api.module.vpc.module.vpc.aws_internet_gateway.this[0]: Refreshing state... [id=igw-022da11de86f41ae0]
+module.swarms_api.module.vpc.module.vpc.aws_route_table.private[0]: Refreshing state... [id=rtb-033eec802f743baca]
+module.swarms_api.module.vpc.module.vpc.aws_route_table.private[1]: Refreshing state... [id=rtb-0bbc3caa1cdc40cd0]
+module.swarms_api.module.vpc.module.vpc.aws_route_table.private[2]: Refreshing state... [id=rtb-081f2bb265d2703ee]
+module.swarms_api.module.security.module.asg_sg_internal.aws_security_group.this_name_prefix[0]: Refreshing state... [id=sg-0516329c97694b300]
+module.swarms_api.module.security.module.asg_sg.aws_security_group.this_name_prefix[0]: Refreshing state... [id=sg-09e0227357b33ab1e]
+module.swarms_api.module.vpc.module.vpc.aws_route_table_association.public[1]: Refreshing state... [id=rtbassoc-000d8799150d904e6]
+module.swarms_api.module.vpc.module.vpc.aws_route_table_association.public[2]: Refreshing state... [id=rtbassoc-0b047c79fe554852d]
+module.swarms_api.module.vpc.module.vpc.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-033c4fa608f79a594]
+module.swarms_api.module.vpc.module.vpc.aws_route.public_internet_gateway[0]: Refreshing state... [id=r-rtb-0445a2ea1c510657b1080289494]
+module.swarms_api.module.vpc.module.vpc.aws_route_table_association.private[0]: Refreshing state... [id=rtbassoc-06f87a2b8106090d9]
+module.swarms_api.module.vpc.module.vpc.aws_route_table_association.private[2]: Refreshing state... [id=rtbassoc-0657562cf0177710a]
+module.swarms_api.module.vpc.module.vpc.aws_route_table_association.private[1]: Refreshing state... [id=rtbassoc-085a04c2858a3164e]
+module.swarms_api.module.security.module.asg_sg_internal.aws_security_group_rule.egress_rules[0]: Refreshing state... [id=sgrule-1938904650]
+module.swarms_api.module.lt_dynamic["t3.medium"].aws_launch_template.ec2_launch_template: Refreshing state... [id=lt-0ef5358bfbb143f2d]
+module.swarms_api.module.security.module.asg_sg.aws_security_group_rule.ingress_rules[0]: Refreshing state... [id=sgrule-2188377888]
+module.swarms_api.module.security.module.asg_sg.aws_security_group_rule.ingress_rules[1]: Refreshing state... [id=sgrule-1557830365]
+module.swarms_api.module.security.module.asg_sg.aws_security_group_rule.egress_rules[0]: Refreshing state... [id=sgrule-2310235202]
+module.swarms_api.module.security.module.asg_sg_internal.aws_security_group_rule.ingress_with_source_security_group_id[0]: Refreshing state... [id=sgrule-513653582]
+
+Changes to Outputs:
+  + api     = {
+      + security_group_id = "sg-09e0227357b33ab1e"
+    }
+
+You can apply this plan to save these new output values to the OpenTofu state, without changing any real
+infrastructure.
+
+Do you want to perform these actions?
+  OpenTofu will perform the actions described above.
+  Only 'yes' will be accepted to approve.
+
+  Enter a value: yes
+
+
+Apply complete! Resources: 0 added, 0 changed, 0 destroyed.
+
+Outputs:
+
+account = "916723593639"
+api = {
+  "security_group_id" = "sg-09e0227357b33ab1e"
+}
+dns = "api.swarms.ai"
+profile = "swarms"
+region = "us-east-2"
+mdupont@mdupont-G470:~/2024/12/swarms-terraform/accounts/swarms$ tofu apply
+module.swarms_api.module.vpc.data.aws_availability_zones.available: Reading...
+module.swarms_api.module.kp.aws_key_pair.mdupont-deployer: Refreshing state... [id=mdupont-deployer-key]
+module.swarms_api.module.vpc.module.vpc.aws_vpc.this[0]: Refreshing state... [id=vpc-0b4cedd083227068d]
+module.swarms_api.module.vpc.data.aws_availability_zones.available: Read complete after 0s [id=us-east-2]
+module.swarms_api.module.vpc.module.vpc.aws_default_route_table.default[0]: Refreshing state... [id=rtb-053dc8c3d37f2f58f]
+module.swarms_api.module.vpc.module.vpc.aws_default_network_acl.this[0]: Refreshing state... [id=acl-07d9084294e0492bd]
+module.swarms_api.module.vpc.module.vpc.aws_default_security_group.this[0]: Refreshing state... [id=sg-0a42c3ef338285431]
+module.swarms_api.module.vpc.module.vpc.aws_subnet.public[2]: Refreshing state... [id=subnet-027f4abd09a6543f0]
+module.swarms_api.module.vpc.module.vpc.aws_subnet.public[0]: Refreshing state... [id=subnet-04b3bdd4b0dc877f0]
+module.swarms_api.module.vpc.module.vpc.aws_internet_gateway.this[0]: Refreshing state... [id=igw-022da11de86f41ae0]
+module.swarms_api.module.vpc.module.vpc.aws_subnet.public[1]: Refreshing state... [id=subnet-051fecdee9028af79]
+module.swarms_api.module.vpc.module.vpc.aws_route_table.public[0]: Refreshing state... [id=rtb-0445a2ea1c510657b]
+module.swarms_api.module.vpc.module.vpc.aws_route_table.private[1]: Refreshing state... [id=rtb-0bbc3caa1cdc40cd0]
+module.swarms_api.module.vpc.module.vpc.aws_route_table.private[0]: Refreshing state... [id=rtb-033eec802f743baca]
+module.swarms_api.module.vpc.module.vpc.aws_route_table.private[2]: Refreshing state... [id=rtb-081f2bb265d2703ee]
+module.swarms_api.module.vpc.module.vpc.aws_subnet.private[0]: Refreshing state... [id=subnet-0ea44af2f97e12b1a]
+module.swarms_api.module.vpc.module.vpc.aws_subnet.private[2]: Refreshing state... [id=subnet-0e926a2b5ae3f5acc]
+module.swarms_api.module.vpc.module.vpc.aws_subnet.private[1]: Refreshing state... [id=subnet-0de17633cfb166d29]
+module.swarms_api.module.security.module.asg_sg.aws_security_group.this_name_prefix[0]: Refreshing state... [id=sg-09e0227357b33ab1e]
+module.swarms_api.module.security.module.asg_sg_internal.aws_security_group.this_name_prefix[0]: Refreshing state... [id=sg-0516329c97694b300]
+module.swarms_api.module.vpc.module.vpc.aws_route.public_internet_gateway[0]: Refreshing state... [id=r-rtb-0445a2ea1c510657b1080289494]
+module.swarms_api.module.vpc.module.vpc.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-033c4fa608f79a594]
+module.swarms_api.module.vpc.module.vpc.aws_route_table_association.public[2]: Refreshing state... [id=rtbassoc-0b047c79fe554852d]
+module.swarms_api.module.vpc.module.vpc.aws_route_table_association.public[1]: Refreshing state... [id=rtbassoc-000d8799150d904e6]
+module.swarms_api.module.vpc.module.vpc.aws_route_table_association.private[1]: Refreshing state... [id=rtbassoc-085a04c2858a3164e]
+module.swarms_api.module.vpc.module.vpc.aws_route_table_association.private[0]: Refreshing state... [id=rtbassoc-06f87a2b8106090d9]
+module.swarms_api.module.vpc.module.vpc.aws_route_table_association.private[2]: Refreshing state... [id=rtbassoc-0657562cf0177710a]
+module.swarms_api.module.security.module.asg_sg_internal.aws_security_group_rule.egress_rules[0]: Refreshing state... [id=sgrule-1938904650]
+module.swarms_api.module.security.module.asg_sg.aws_security_group_rule.ingress_rules[1]: Refreshing state... [id=sgrule-1557830365]
+module.swarms_api.module.security.module.asg_sg.aws_security_group_rule.ingress_rules[0]: Refreshing state... [id=sgrule-2188377888]
+module.swarms_api.module.security.module.asg_sg.aws_security_group_rule.egress_rules[0]: Refreshing state... [id=sgrule-2310235202]
+module.swarms_api.module.security.module.asg_sg_internal.aws_security_group_rule.ingress_with_source_security_group_id[0]: Refreshing state... [id=sgrule-513653582]
+module.swarms_api.module.lt_dynamic["t3.medium"].aws_launch_template.ec2_launch_template: Refreshing state... [id=lt-0ef5358bfbb143f2d]
+
+No changes. Your infrastructure matches the configuration.
+
+OpenTofu has compared your real infrastructure against your configuration and found no differences, so no changes are
+needed.
+
+Apply complete! Resources: 0 added, 0 changed, 0 destroyed.
+
+Outputs:
+
+account = "916723593639"
+api = {
+  "security_group_id" = "sg-09e0227357b33ab1e"
+}
+dns = "api.swarms.ai"
+profile = "swarms"
+region = "us-east-2"
+mdupont@mdupont-G470:~/2024/12/swarms-terraform/accounts/swarms$ tofu apply
+module.swarms_api.module.vpc.data.aws_availability_zones.available: Reading...
+module.swarms_api.module.kp.aws_key_pair.mdupont-deployer: Refreshing state... [id=mdupont-deployer-key]
+module.swarms_api.module.vpc.module.vpc.aws_vpc.this[0]: Refreshing state... [id=vpc-0b4cedd083227068d]
+module.swarms_api.module.vpc.data.aws_availability_zones.available: Read complete after 0s [id=us-east-2]
+module.swarms_api.module.vpc.module.vpc.aws_default_route_table.default[0]: Refreshing state... [id=rtb-053dc8c3d37f2f58f]
+module.swarms_api.module.vpc.module.vpc.aws_default_security_group.this[0]: Refreshing state... [id=sg-0a42c3ef338285431]
+module.swarms_api.module.vpc.module.vpc.aws_default_network_acl.this[0]: Refreshing state... [id=acl-07d9084294e0492bd]
+module.swarms_api.module.vpc.module.vpc.aws_subnet.private[2]: Refreshing state... [id=subnet-0e926a2b5ae3f5acc]
+module.swarms_api.module.vpc.module.vpc.aws_subnet.private[1]: Refreshing state... [id=subnet-0de17633cfb166d29]
+module.swarms_api.module.vpc.module.vpc.aws_subnet.private[0]: Refreshing state... [id=subnet-0ea44af2f97e12b1a]
+module.swarms_api.module.vpc.module.vpc.aws_subnet.public[0]: Refreshing state... [id=subnet-04b3bdd4b0dc877f0]
+module.swarms_api.module.vpc.module.vpc.aws_subnet.public[1]: Refreshing state... [id=subnet-051fecdee9028af79]
+module.swarms_api.module.vpc.module.vpc.aws_subnet.public[2]: Refreshing state... [id=subnet-027f4abd09a6543f0]
+module.swarms_api.module.vpc.module.vpc.aws_route_table.private[2]: Refreshing state... [id=rtb-081f2bb265d2703ee]
+module.swarms_api.module.vpc.module.vpc.aws_route_table.private[0]: Refreshing state... [id=rtb-033eec802f743baca]
+module.swarms_api.module.vpc.module.vpc.aws_route_table.private[1]: Refreshing state... [id=rtb-0bbc3caa1cdc40cd0]
+module.swarms_api.module.vpc.module.vpc.aws_internet_gateway.this[0]: Refreshing state... [id=igw-022da11de86f41ae0]
+module.swarms_api.module.vpc.module.vpc.aws_route_table.public[0]: Refreshing state... [id=rtb-0445a2ea1c510657b]
+module.swarms_api.module.security.module.asg_sg_internal.aws_security_group.this_name_prefix[0]: Refreshing state... [id=sg-0516329c97694b300]
+module.swarms_api.module.security.module.asg_sg.aws_security_group.this_name_prefix[0]: Refreshing state... [id=sg-09e0227357b33ab1e]
+module.swarms_api.module.vpc.module.vpc.aws_route_table_association.private[0]: Refreshing state... [id=rtbassoc-06f87a2b8106090d9]
+module.swarms_api.module.vpc.module.vpc.aws_route_table_association.private[2]: Refreshing state... [id=rtbassoc-0657562cf0177710a]
+module.swarms_api.module.vpc.module.vpc.aws_route_table_association.private[1]: Refreshing state... [id=rtbassoc-085a04c2858a3164e]
+module.swarms_api.module.vpc.module.vpc.aws_route.public_internet_gateway[0]: Refreshing state... [id=r-rtb-0445a2ea1c510657b1080289494]
+module.swarms_api.module.vpc.module.vpc.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-033c4fa608f79a594]
+module.swarms_api.module.vpc.module.vpc.aws_route_table_association.public[1]: Refreshing state... [id=rtbassoc-000d8799150d904e6]
+module.swarms_api.module.vpc.module.vpc.aws_route_table_association.public[2]: Refreshing state... [id=rtbassoc-0b047c79fe554852d]
+module.swarms_api.module.security.module.asg_sg_internal.aws_security_group_rule.egress_rules[0]: Refreshing state... [id=sgrule-1938904650]
+module.swarms_api.module.security.module.asg_sg.aws_security_group_rule.egress_rules[0]: Refreshing state... [id=sgrule-2310235202]
+module.swarms_api.module.security.module.asg_sg_internal.aws_security_group_rule.ingress_with_source_security_group_id[0]: Refreshing state... [id=sgrule-513653582]
+module.swarms_api.module.security.module.asg_sg.aws_security_group_rule.ingress_rules[0]: Refreshing state... [id=sgrule-2188377888]
+module.swarms_api.module.lt_dynamic["t3.medium"].aws_launch_template.ec2_launch_template: Refreshing state... [id=lt-0ef5358bfbb143f2d]
+module.swarms_api.module.security.module.asg_sg.aws_security_group_rule.ingress_rules[1]: Refreshing state... [id=sgrule-1557830365]
+
+Changes to Outputs:
+  ~ api     = {
+      + vpc               = {
+          + cgw_arns                              = []
+          + cgw_ids                               = []
+          + default_network_acl_id                = "acl-07d9084294e0492bd"
+          + default_route_table_id                = "rtb-053dc8c3d37f2f58f"
+          + default_security_group_id             = "sg-0a42c3ef338285431"
+          + default_vpc_arn                       = null
+          + default_vpc_cidr_block                = null
+          + default_vpc_default_network_acl_id    = null
+          + default_vpc_default_route_table_id    = null
+          + default_vpc_default_security_group_id = null
+          + default_vpc_enable_dns_hostnames      = null
+          + default_vpc_enable_dns_support        = null
+          + default_vpc_id                        = null
+          + default_vpc_instance_tenancy          = null
+          + default_vpc_main_route_table_id       = null
+          + dhcp_options_id                       = null
+          + ec2_public_subnet_id_1                = 1
+          + ec2_public_subnet_id_2                = 1
+          + egress_only_internet_gateway_id       = null
+          + igw_arn                               = "arn:aws:ec2:us-east-2:916723593639:internet-gateway/igw-022da11de86f41ae0"
+          + igw_id                                = "igw-022da11de86f41ae0"
+          + nat_ids                               = []
+          + nat_public_ips                        = []
+          + natgw_ids                             = []
+          + private_ipv6_egress_route_ids         = []
+          + private_nat_gateway_route_ids         = []
+          + private_network_acl_arn               = null
+          + private_network_acl_id                = null
+          + private_route_table_association_ids   = [
+              + "rtbassoc-06f87a2b8106090d9",
+              + "rtbassoc-085a04c2858a3164e",
+              + "rtbassoc-0657562cf0177710a",
+            ]
+          + private_route_table_ids               = [
+              + "rtb-033eec802f743baca",
+              + "rtb-0bbc3caa1cdc40cd0",
+              + "rtb-081f2bb265d2703ee",
+            ]
+          + private_subnet_arns                   = [
+              + "arn:aws:ec2:us-east-2:916723593639:subnet/subnet-0ea44af2f97e12b1a",
+              + "arn:aws:ec2:us-east-2:916723593639:subnet/subnet-0de17633cfb166d29",
+              + "arn:aws:ec2:us-east-2:916723593639:subnet/subnet-0e926a2b5ae3f5acc",
+            ]
+          + private_subnets                       = [
+              + "subnet-0ea44af2f97e12b1a",
+              + "subnet-0de17633cfb166d29",
+              + "subnet-0e926a2b5ae3f5acc",
+            ]
+          + private_subnets_cidr_blocks           = [
+              + "10.0.0.0/24",
+              + "10.0.1.0/24",
+              + "10.0.2.0/24",
+            ]
+          + private_subnets_ipv6_cidr_blocks      = []
+          + public_internet_gateway_ipv6_route_id = null
+          + public_internet_gateway_route_id      = "r-rtb-0445a2ea1c510657b1080289494"
+          + public_network_acl_arn                = null
+          + public_network_acl_id                 = null
+          + public_route_table_association_ids    = [
+              + "rtbassoc-033c4fa608f79a594",
+              + "rtbassoc-000d8799150d904e6",
+              + "rtbassoc-0b047c79fe554852d",
+            ]
+          + public_route_table_ids                = [
+              + "rtb-0445a2ea1c510657b",
+            ]
+          + public_subnet_arns                    = [
+              + "arn:aws:ec2:us-east-2:916723593639:subnet/subnet-04b3bdd4b0dc877f0",
+              + "arn:aws:ec2:us-east-2:916723593639:subnet/subnet-051fecdee9028af79",
+              + "arn:aws:ec2:us-east-2:916723593639:subnet/subnet-027f4abd09a6543f0",
+            ]
+          + public_subnets                        = [
+              + "subnet-04b3bdd4b0dc877f0",
+              + "subnet-051fecdee9028af79",
+              + "subnet-027f4abd09a6543f0",
+            ]
+          + public_subnets_cidr_blocks            = [
+              + "10.0.4.0/24",
+              + "10.0.5.0/24",
+              + "10.0.6.0/24",
+            ]
+          + public_subnets_ipv6_cidr_blocks       = []
+          + this_customer_gateway                 = {}
+          + vgw_arn                               = null
+          + vgw_id                                = null
+          + vpc                                   = {
+              + azs                                         = [
+                  + "us-east-2a",
+                  + "us-east-2b",
+                  + "us-east-2c",
+                ]
+              + cgw_arns                                    = []
+              + cgw_ids                                     = []
+              + database_internet_gateway_route_id          = null
+              + database_ipv6_egress_route_id               = null
+              + database_nat_gateway_route_ids              = []
+              + database_network_acl_arn                    = null
+              + database_network_acl_id                     = null
+              + database_route_table_association_ids        = []
+              + database_route_table_ids                    = [
+                  + "rtb-033eec802f743baca",
+                  + "rtb-0bbc3caa1cdc40cd0",
+                  + "rtb-081f2bb265d2703ee",
+                ]
+              + database_subnet_arns                        = []
+              + database_subnet_group                       = null
+              + database_subnet_group_name                  = null
+              + database_subnet_objects                     = []
+              + database_subnets                            = []
+              + database_subnets_cidr_blocks                = []
+              + database_subnets_ipv6_cidr_blocks           = []
+              + default_network_acl_id                      = "acl-07d9084294e0492bd"
+              + default_route_table_id                      = "rtb-053dc8c3d37f2f58f"
+              + default_security_group_id                   = "sg-0a42c3ef338285431"
+              + default_vpc_arn                             = null
+              + default_vpc_cidr_block                      = null
+              + default_vpc_default_network_acl_id          = null
+              + default_vpc_default_route_table_id          = null
+              + default_vpc_default_security_group_id       = null
+              + default_vpc_enable_dns_hostnames            = null
+              + default_vpc_enable_dns_support              = null
+              + default_vpc_id                              = null
+              + default_vpc_instance_tenancy                = null
+              + default_vpc_main_route_table_id             = null
+              + dhcp_options_id                             = null
+              + egress_only_internet_gateway_id             = null
+              + elasticache_network_acl_arn                 = null
+              + elasticache_network_acl_id                  = null
+              + elasticache_route_table_association_ids     = []
+              + elasticache_route_table_ids                 = [
+                  + "rtb-033eec802f743baca",
+                  + "rtb-0bbc3caa1cdc40cd0",
+                  + "rtb-081f2bb265d2703ee",
+                ]
+              + elasticache_subnet_arns                     = []
+              + elasticache_subnet_group                    = null
+              + elasticache_subnet_group_name               = null
+              + elasticache_subnet_objects                  = []
+              + elasticache_subnets                         = []
+              + elasticache_subnets_cidr_blocks             = []
+              + elasticache_subnets_ipv6_cidr_blocks        = []
+              + igw_arn                                     = "arn:aws:ec2:us-east-2:916723593639:internet-gateway/igw-022da11de86f41ae0"
+              + igw_id                                      = "igw-022da11de86f41ae0"
+              + intra_network_acl_arn                       = null
+              + intra_network_acl_id                        = null
+              + intra_route_table_association_ids           = []
+              + intra_route_table_ids                       = []
+              + intra_subnet_arns                           = []
+              + intra_subnet_objects                        = []
+              + intra_subnets                               = []
+              + intra_subnets_cidr_blocks                   = []
+              + intra_subnets_ipv6_cidr_blocks              = []
+              + name                                        = "swarms"
+              + nat_ids                                     = []
+              + nat_public_ips                              = []
+              + natgw_ids                                   = []
+              + natgw_interface_ids                         = []
+              + outpost_network_acl_arn                     = null
+              + outpost_network_acl_id                      = null
+              + outpost_subnet_arns                         = []
+              + outpost_subnet_objects                      = []
+              + outpost_subnets                             = []
+              + outpost_subnets_cidr_blocks                 = []
+              + outpost_subnets_ipv6_cidr_blocks            = []
+              + private_ipv6_egress_route_ids               = []
+              + private_nat_gateway_route_ids               = []
+              + private_network_acl_arn                     = null
+              + private_network_acl_id                      = null
+              + private_route_table_association_ids         = [
+                  + "rtbassoc-06f87a2b8106090d9",
+                  + "rtbassoc-085a04c2858a3164e",
+                  + "rtbassoc-0657562cf0177710a",
+                ]
+              + private_route_table_ids                     = [
+                  + "rtb-033eec802f743baca",
+                  + "rtb-0bbc3caa1cdc40cd0",
+                  + "rtb-081f2bb265d2703ee",
+                ]
+              + private_subnet_arns                         = [
+                  + "arn:aws:ec2:us-east-2:916723593639:subnet/subnet-0ea44af2f97e12b1a",
+                  + "arn:aws:ec2:us-east-2:916723593639:subnet/subnet-0de17633cfb166d29",
+                  + "arn:aws:ec2:us-east-2:916723593639:subnet/subnet-0e926a2b5ae3f5acc",
+                ]
+              + private_subnet_objects                      = [
+                  + {
+                      + arn                                            = "arn:aws:ec2:us-east-2:916723593639:subnet/subnet-0ea44af2f97e12b1a"
+                      + assign_ipv6_address_on_creation                = false
+                      + availability_zone                              = "us-east-2a"
+                      + availability_zone_id                           = "use2-az1"
+                      + cidr_block                                     = "10.0.0.0/24"
+                      + customer_owned_ipv4_pool                       = ""
+                      + enable_dns64                                   = false
+                      + enable_lni_at_device_index                     = 0
+                      + enable_resource_name_dns_a_record_on_launch    = false
+                      + enable_resource_name_dns_aaaa_record_on_launch = false
+                      + id                                             = "subnet-0ea44af2f97e12b1a"
+                      + ipv6_cidr_block                                = ""
+                      + ipv6_cidr_block_association_id                 = ""
+                      + ipv6_native                                    = false
+                      + map_customer_owned_ip_on_launch                = false
+                      + map_public_ip_on_launch                        = false
+                      + outpost_arn                                    = ""
+                      + owner_id                                       = "916723593639"
+                      + private_dns_hostname_type_on_launch            = "ip-name"
+                      + tags                                           = {
+                          + Name    = "Private Subnet One"
+                          + project = "swarms"
+                        }
+                      + tags_all                                       = {
+                          + Name    = "Private Subnet One"
+                          + project = "swarms"
+                        }
+                      + timeouts                                       = null
+                      + vpc_id                                         = "vpc-0b4cedd083227068d"
+                    },
+                  + {
+                      + arn                                            = "arn:aws:ec2:us-east-2:916723593639:subnet/subnet-0de17633cfb166d29"
+                      + assign_ipv6_address_on_creation                = false
+                      + availability_zone                              = "us-east-2b"
+                      + availability_zone_id                           = "use2-az2"
+                      + cidr_block                                     = "10.0.1.0/24"
+                      + customer_owned_ipv4_pool                       = ""
+                      + enable_dns64                                   = false
+                      + enable_lni_at_device_index                     = 0
+                      + enable_resource_name_dns_a_record_on_launch    = false
+                      + enable_resource_name_dns_aaaa_record_on_launch = false
+                      + id                                             = "subnet-0de17633cfb166d29"
+                      + ipv6_cidr_block                                = ""
+                      + ipv6_cidr_block_association_id                 = ""
+                      + ipv6_native                                    = false
+                      + map_customer_owned_ip_on_launch                = false
+                      + map_public_ip_on_launch                        = false
+                      + outpost_arn                                    = ""
+                      + owner_id                                       = "916723593639"
+                      + private_dns_hostname_type_on_launch            = "ip-name"
+                      + tags                                           = {
+                          + Name    = "Private Subnet Two"
+                          + project = "swarms"
+                        }
+                      + tags_all                                       = {
+                          + Name    = "Private Subnet Two"
+                          + project = "swarms"
+                        }
+                      + timeouts                                       = null
+                      + vpc_id                                         = "vpc-0b4cedd083227068d"
+                    },
+                  + {
+                      + arn                                            = "arn:aws:ec2:us-east-2:916723593639:subnet/subnet-0e926a2b5ae3f5acc"
+                      + assign_ipv6_address_on_creation                = false
+                      + availability_zone                              = "us-east-2c"
+                      + availability_zone_id                           = "use2-az3"
+                      + cidr_block                                     = "10.0.2.0/24"
+                      + customer_owned_ipv4_pool                       = ""
+                      + enable_dns64                                   = false
+                      + enable_lni_at_device_index                     = 0
+                      + enable_resource_name_dns_a_record_on_launch    = false
+                      + enable_resource_name_dns_aaaa_record_on_launch = false
+                      + id                                             = "subnet-0e926a2b5ae3f5acc"
+                      + ipv6_cidr_block                                = ""
+                      + ipv6_cidr_block_association_id                 = ""
+                      + ipv6_native                                    = false
+                      + map_customer_owned_ip_on_launch                = false
+                      + map_public_ip_on_launch                        = false
+                      + outpost_arn                                    = ""
+                      + owner_id                                       = "916723593639"
+                      + private_dns_hostname_type_on_launch            = "ip-name"
+                      + tags                                           = {
+                          + Name    = "swarms-private-us-east-2c"
+                          + project = "swarms"
+                        }
+                      + tags_all                                       = {
+                          + Name    = "swarms-private-us-east-2c"
+                          + project = "swarms"
+                        }
+                      + timeouts                                       = null
+                      + vpc_id                                         = "vpc-0b4cedd083227068d"
+                    },
+                ]
+              + private_subnets                             = [
+                  + "subnet-0ea44af2f97e12b1a",
+                  + "subnet-0de17633cfb166d29",
+                  + "subnet-0e926a2b5ae3f5acc",
+                ]
+              + private_subnets_cidr_blocks                 = [
+                  + "10.0.0.0/24",
+                  + "10.0.1.0/24",
+                  + "10.0.2.0/24",
+                ]
+              + private_subnets_ipv6_cidr_blocks            = []
+              + public_internet_gateway_ipv6_route_id       = null
+              + public_internet_gateway_route_id            = "r-rtb-0445a2ea1c510657b1080289494"
+              + public_network_acl_arn                      = null
+              + public_network_acl_id                       = null
+              + public_route_table_association_ids          = [
+                  + "rtbassoc-033c4fa608f79a594",
+                  + "rtbassoc-000d8799150d904e6",
+                  + "rtbassoc-0b047c79fe554852d",
+                ]
+              + public_route_table_ids                      = [
+                  + "rtb-0445a2ea1c510657b",
+                ]
+              + public_subnet_arns                          = [
+                  + "arn:aws:ec2:us-east-2:916723593639:subnet/subnet-04b3bdd4b0dc877f0",
+                  + "arn:aws:ec2:us-east-2:916723593639:subnet/subnet-051fecdee9028af79",
+                  + "arn:aws:ec2:us-east-2:916723593639:subnet/subnet-027f4abd09a6543f0",
+                ]
+              + public_subnet_objects                       = [
+                  + {
+                      + arn                                            = "arn:aws:ec2:us-east-2:916723593639:subnet/subnet-04b3bdd4b0dc877f0"
+                      + assign_ipv6_address_on_creation                = false
+                      + availability_zone                              = "us-east-2a"
+                      + availability_zone_id                           = "use2-az1"
+                      + cidr_block                                     = "10.0.4.0/24"
+                      + customer_owned_ipv4_pool                       = ""
+                      + enable_dns64                                   = false
+                      + enable_lni_at_device_index                     = 0
+                      + enable_resource_name_dns_a_record_on_launch    = false
+                      + enable_resource_name_dns_aaaa_record_on_launch = false
+                      + id                                             = "subnet-04b3bdd4b0dc877f0"
+                      + ipv6_cidr_block                                = ""
+                      + ipv6_cidr_block_association_id                 = ""
+                      + ipv6_native                                    = false
+                      + map_customer_owned_ip_on_launch                = false
+                      + map_public_ip_on_launch                        = false
+                      + outpost_arn                                    = ""
+                      + owner_id                                       = "916723593639"
+                      + private_dns_hostname_type_on_launch            = "ip-name"
+                      + tags                                           = {
+                          + Name    = "swarms-public-us-east-2a"
+                          + project = "swarms"
+                        }
+                      + tags_all                                       = {
+                          + Name    = "swarms-public-us-east-2a"
+                          + project = "swarms"
+                        }
+                      + timeouts                                       = null
+                      + vpc_id                                         = "vpc-0b4cedd083227068d"
+                    },
+                  + {
+                      + arn                                            = "arn:aws:ec2:us-east-2:916723593639:subnet/subnet-051fecdee9028af79"
+                      + assign_ipv6_address_on_creation                = false
+                      + availability_zone                              = "us-east-2b"
+                      + availability_zone_id                           = "use2-az2"
+                      + cidr_block                                     = "10.0.5.0/24"
+                      + customer_owned_ipv4_pool                       = ""
+                      + enable_dns64                                   = false
+                      + enable_lni_at_device_index                     = 0
+                      + enable_resource_name_dns_a_record_on_launch    = false
+                      + enable_resource_name_dns_aaaa_record_on_launch = false
+                      + id                                             = "subnet-051fecdee9028af79"
+                      + ipv6_cidr_block                                = ""
+                      + ipv6_cidr_block_association_id                 = ""
+                      + ipv6_native                                    = false
+                      + map_customer_owned_ip_on_launch                = false
+                      + map_public_ip_on_launch                        = false
+                      + outpost_arn                                    = ""
+                      + owner_id                                       = "916723593639"
+                      + private_dns_hostname_type_on_launch            = "ip-name"
+                      + tags                                           = {
+                          + Name    = "swarms-public-us-east-2b"
+                          + project = "swarms"
+                        }
+                      + tags_all                                       = {
+                          + Name    = "swarms-public-us-east-2b"
+                          + project = "swarms"
+                        }
+                      + timeouts                                       = null
+                      + vpc_id                                         = "vpc-0b4cedd083227068d"
+                    },
+                  + {
+                      + arn                                            = "arn:aws:ec2:us-east-2:916723593639:subnet/subnet-027f4abd09a6543f0"
+                      + assign_ipv6_address_on_creation                = false
+                      + availability_zone                              = "us-east-2c"
+                      + availability_zone_id                           = "use2-az3"
+                      + cidr_block                                     = "10.0.6.0/24"
+                      + customer_owned_ipv4_pool                       = ""
+                      + enable_dns64                                   = false
+                      + enable_lni_at_device_index                     = 0
+                      + enable_resource_name_dns_a_record_on_launch    = false
+                      + enable_resource_name_dns_aaaa_record_on_launch = false
+                      + id                                             = "subnet-027f4abd09a6543f0"
+                      + ipv6_cidr_block                                = ""
+                      + ipv6_cidr_block_association_id                 = ""
+                      + ipv6_native                                    = false
+                      + map_customer_owned_ip_on_launch                = false
+                      + map_public_ip_on_launch                        = false
+                      + outpost_arn                                    = ""
+                      + owner_id                                       = "916723593639"
+                      + private_dns_hostname_type_on_launch            = "ip-name"
+                      + tags                                           = {
+                          + Name    = "swarms-public-us-east-2c"
+                          + project = "swarms"
+                        }
+                      + tags_all                                       = {
+                          + Name    = "swarms-public-us-east-2c"
+                          + project = "swarms"
+                        }
+                      + timeouts                                       = null
+                      + vpc_id                                         = "vpc-0b4cedd083227068d"
+                    },
+                ]
+              + public_subnets                              = [
+                  + "subnet-04b3bdd4b0dc877f0",
+                  + "subnet-051fecdee9028af79",
+                  + "subnet-027f4abd09a6543f0",
+                ]
+              + public_subnets_cidr_blocks                  = [
+                  + "10.0.4.0/24",
+                  + "10.0.5.0/24",
+                  + "10.0.6.0/24",
+                ]
+              + public_subnets_ipv6_cidr_blocks             = []
+              + redshift_network_acl_arn                    = null
+              + redshift_network_acl_id                     = null
+              + redshift_public_route_table_association_ids = []
+              + redshift_route_table_association_ids        = []
+              + redshift_route_table_ids                    = [
+                  + "rtb-033eec802f743baca",
+                  + "rtb-0bbc3caa1cdc40cd0",
+                  + "rtb-081f2bb265d2703ee",
+                ]
+              + redshift_subnet_arns                        = []
+              + redshift_subnet_group                       = null
+              + redshift_subnet_objects                     = []
+              + redshift_subnets                            = []
+              + redshift_subnets_cidr_blocks                = []
+              + redshift_subnets_ipv6_cidr_blocks           = []
+              + this_customer_gateway                       = {}
+              + vgw_arn                                     = null
+              + vgw_id                                      = null
+              + vpc_arn                                     = "arn:aws:ec2:us-east-2:916723593639:vpc/vpc-0b4cedd083227068d"
+              + vpc_cidr_block                              = "10.0.0.0/16"
+              + vpc_enable_dns_hostnames                    = true
+              + vpc_enable_dns_support                      = true
+              + vpc_flow_log_cloudwatch_iam_role_arn        = ""
+              + vpc_flow_log_deliver_cross_account_role     = null
+              + vpc_flow_log_destination_arn                = ""
+              + vpc_flow_log_destination_type               = "cloud-watch-logs"
+              + vpc_flow_log_id                             = null
+              + vpc_id                                      = "vpc-0b4cedd083227068d"
+              + vpc_instance_tenancy                        = "default"
+              + vpc_ipv6_association_id                     = ""
+              + vpc_ipv6_cidr_block                         = ""
+              + vpc_main_route_table_id                     = "rtb-053dc8c3d37f2f58f"
+              + vpc_owner_id                                = "916723593639"
+              + vpc_secondary_cidr_blocks                   = []
+            }
+          + vpc_arn                               = "arn:aws:ec2:us-east-2:916723593639:vpc/vpc-0b4cedd083227068d"
+          + vpc_cidr_block                        = "10.0.0.0/16"
+          + vpc_enable_dns_hostnames              = true
+          + vpc_enable_dns_support                = true
+          + vpc_flow_log_cloudwatch_iam_role_arn  = ""
+          + vpc_flow_log_destination_arn          = ""
+          + vpc_flow_log_destination_type         = "cloud-watch-logs"
+          + vpc_flow_log_id                       = null
+          + vpc_id                                = "vpc-0b4cedd083227068d"
+          + vpc_instance_tenancy                  = "default"
+          + vpc_ipv6_association_id               = ""
+          + vpc_ipv6_cidr_block                   = ""
+          + vpc_main_route_table_id               = "rtb-053dc8c3d37f2f58f"
+          + vpc_owner_id                          = "916723593639"
+          + vpc_secondary_cidr_blocks             = []
+        }
+        # (1 unchanged attribute hidden)
+    }
+
+You can apply this plan to save these new output values to the OpenTofu state, without changing any real
+infrastructure.
+
+Do you want to perform these actions?
+  OpenTofu will perform the actions described above.
+  Only 'yes' will be accepted to approve.
+
+  Enter a value: yes
+
+
+Apply complete! Resources: 0 added, 0 changed, 0 destroyed.
+
+Outputs:
+
+account = "916723593639"
+api = {
+  "security_group_id" = "sg-09e0227357b33ab1e"
+  "vpc" = {
+    "cgw_arns" = []
+    "cgw_ids" = []
+    "default_network_acl_id" = "acl-07d9084294e0492bd"
+    "default_route_table_id" = "rtb-053dc8c3d37f2f58f"
+    "default_security_group_id" = "sg-0a42c3ef338285431"
+    "default_vpc_arn" = null
+    "default_vpc_cidr_block" = null
+    "default_vpc_default_network_acl_id" = null
+    "default_vpc_default_route_table_id" = null
+    "default_vpc_default_security_group_id" = null
+    "default_vpc_enable_dns_hostnames" = null
+    "default_vpc_enable_dns_support" = null
+    "default_vpc_id" = null
+    "default_vpc_instance_tenancy" = null
+    "default_vpc_main_route_table_id" = null
+    "dhcp_options_id" = null
+    "ec2_public_subnet_id_1" = 1
+    "ec2_public_subnet_id_2" = 1
+    "egress_only_internet_gateway_id" = null
+    "igw_arn" = "arn:aws:ec2:us-east-2:916723593639:internet-gateway/igw-022da11de86f41ae0"
+    "igw_id" = "igw-022da11de86f41ae0"
+    "nat_ids" = []
+    "nat_public_ips" = tolist([])
+    "natgw_ids" = []
+    "private_ipv6_egress_route_ids" = []
+    "private_nat_gateway_route_ids" = []
+    "private_network_acl_arn" = null
+    "private_network_acl_id" = null
+    "private_route_table_association_ids" = [
+      "rtbassoc-06f87a2b8106090d9",
+      "rtbassoc-085a04c2858a3164e",
+      "rtbassoc-0657562cf0177710a",
+    ]
+    "private_route_table_ids" = [
+      "rtb-033eec802f743baca",
+      "rtb-0bbc3caa1cdc40cd0",
+      "rtb-081f2bb265d2703ee",
+    ]
+    "private_subnet_arns" = [
+      "arn:aws:ec2:us-east-2:916723593639:subnet/subnet-0ea44af2f97e12b1a",
+      "arn:aws:ec2:us-east-2:916723593639:subnet/subnet-0de17633cfb166d29",
+      "arn:aws:ec2:us-east-2:916723593639:subnet/subnet-0e926a2b5ae3f5acc",
+    ]
+    "private_subnets" = [
+      "subnet-0ea44af2f97e12b1a",
+      "subnet-0de17633cfb166d29",
+      "subnet-0e926a2b5ae3f5acc",
+    ]
+    "private_subnets_cidr_blocks" = tolist([
+      "10.0.0.0/24",
+      "10.0.1.0/24",
+      "10.0.2.0/24",
+    ])
+    "private_subnets_ipv6_cidr_blocks" = tolist([])
+    "public_internet_gateway_ipv6_route_id" = null
+    "public_internet_gateway_route_id" = "r-rtb-0445a2ea1c510657b1080289494"
+    "public_network_acl_arn" = null
+    "public_network_acl_id" = null
+    "public_route_table_association_ids" = [
+      "rtbassoc-033c4fa608f79a594",
+      "rtbassoc-000d8799150d904e6",
+      "rtbassoc-0b047c79fe554852d",
+    ]
+    "public_route_table_ids" = [
+      "rtb-0445a2ea1c510657b",
+    ]
+    "public_subnet_arns" = [
+      "arn:aws:ec2:us-east-2:916723593639:subnet/subnet-04b3bdd4b0dc877f0",
+      "arn:aws:ec2:us-east-2:916723593639:subnet/subnet-051fecdee9028af79",
+      "arn:aws:ec2:us-east-2:916723593639:subnet/subnet-027f4abd09a6543f0",
+    ]
+    "public_subnets" = [
+      "subnet-04b3bdd4b0dc877f0",
+      "subnet-051fecdee9028af79",
+      "subnet-027f4abd09a6543f0",
+    ]
+    "public_subnets_cidr_blocks" = tolist([
+      "10.0.4.0/24",
+      "10.0.5.0/24",
+      "10.0.6.0/24",
+    ])
+    "public_subnets_ipv6_cidr_blocks" = tolist([])
+    "this_customer_gateway" = {}
+    "vgw_arn" = null
+    "vgw_id" = null
+    "vpc" = {
+      "azs" = tolist([
+        "us-east-2a",
+        "us-east-2b",
+        "us-east-2c",
+      ])
+      "cgw_arns" = []
+      "cgw_ids" = []
+      "database_internet_gateway_route_id" = null
+      "database_ipv6_egress_route_id" = null
+      "database_nat_gateway_route_ids" = []
+      "database_network_acl_arn" = null
+      "database_network_acl_id" = null
+      "database_route_table_association_ids" = []
+      "database_route_table_ids" = tolist([
+        "rtb-033eec802f743baca",
+        "rtb-0bbc3caa1cdc40cd0",
+        "rtb-081f2bb265d2703ee",
+      ])
+      "database_subnet_arns" = []
+      "database_subnet_group" = null
+      "database_subnet_group_name" = null
+      "database_subnet_objects" = []
+      "database_subnets" = []
+      "database_subnets_cidr_blocks" = tolist([])
+      "database_subnets_ipv6_cidr_blocks" = tolist([])
+      "default_network_acl_id" = "acl-07d9084294e0492bd"
+      "default_route_table_id" = "rtb-053dc8c3d37f2f58f"
+      "default_security_group_id" = "sg-0a42c3ef338285431"
+      "default_vpc_arn" = null
+      "default_vpc_cidr_block" = null
+      "default_vpc_default_network_acl_id" = null
+      "default_vpc_default_route_table_id" = null
+      "default_vpc_default_security_group_id" = null
+      "default_vpc_enable_dns_hostnames" = null
+      "default_vpc_enable_dns_support" = null
+      "default_vpc_id" = null
+      "default_vpc_instance_tenancy" = null
+      "default_vpc_main_route_table_id" = null
+      "dhcp_options_id" = null
+      "egress_only_internet_gateway_id" = null
+      "elasticache_network_acl_arn" = null
+      "elasticache_network_acl_id" = null
+      "elasticache_route_table_association_ids" = []
+      "elasticache_route_table_ids" = [
+        "rtb-033eec802f743baca",
+        "rtb-0bbc3caa1cdc40cd0",
+        "rtb-081f2bb265d2703ee",
+      ]
+      "elasticache_subnet_arns" = []
+      "elasticache_subnet_group" = null
+      "elasticache_subnet_group_name" = null
+      "elasticache_subnet_objects" = []
+      "elasticache_subnets" = []
+      "elasticache_subnets_cidr_blocks" = tolist([])
+      "elasticache_subnets_ipv6_cidr_blocks" = tolist([])
+      "igw_arn" = "arn:aws:ec2:us-east-2:916723593639:internet-gateway/igw-022da11de86f41ae0"
+      "igw_id" = "igw-022da11de86f41ae0"
+      "intra_network_acl_arn" = null
+      "intra_network_acl_id" = null
+      "intra_route_table_association_ids" = []
+      "intra_route_table_ids" = []
+      "intra_subnet_arns" = []
+      "intra_subnet_objects" = []
+      "intra_subnets" = []
+      "intra_subnets_cidr_blocks" = tolist([])
+      "intra_subnets_ipv6_cidr_blocks" = tolist([])
+      "name" = "swarms"
+      "nat_ids" = []
+      "nat_public_ips" = tolist([])
+      "natgw_ids" = []
+      "natgw_interface_ids" = []
+      "outpost_network_acl_arn" = null
+      "outpost_network_acl_id" = null
+      "outpost_subnet_arns" = []
+      "outpost_subnet_objects" = []
+      "outpost_subnets" = []
+      "outpost_subnets_cidr_blocks" = tolist([])
+      "outpost_subnets_ipv6_cidr_blocks" = tolist([])
+      "private_ipv6_egress_route_ids" = []
+      "private_nat_gateway_route_ids" = []
+      "private_network_acl_arn" = null
+      "private_network_acl_id" = null
+      "private_route_table_association_ids" = [
+        "rtbassoc-06f87a2b8106090d9",
+        "rtbassoc-085a04c2858a3164e",
+        "rtbassoc-0657562cf0177710a",
+      ]
+      "private_route_table_ids" = [
+        "rtb-033eec802f743baca",
+        "rtb-0bbc3caa1cdc40cd0",
+        "rtb-081f2bb265d2703ee",
+      ]
+      "private_subnet_arns" = [
+        "arn:aws:ec2:us-east-2:916723593639:subnet/subnet-0ea44af2f97e12b1a",
+        "arn:aws:ec2:us-east-2:916723593639:subnet/subnet-0de17633cfb166d29",
+        "arn:aws:ec2:us-east-2:916723593639:subnet/subnet-0e926a2b5ae3f5acc",
+      ]
+      "private_subnet_objects" = [
+        {
+          "arn" = "arn:aws:ec2:us-east-2:916723593639:subnet/subnet-0ea44af2f97e12b1a"
+          "assign_ipv6_address_on_creation" = false
+          "availability_zone" = "us-east-2a"
+          "availability_zone_id" = "use2-az1"
+          "cidr_block" = "10.0.0.0/24"
+          "customer_owned_ipv4_pool" = ""
+          "enable_dns64" = false
+          "enable_lni_at_device_index" = 0
+          "enable_resource_name_dns_a_record_on_launch" = false
+          "enable_resource_name_dns_aaaa_record_on_launch" = false
+          "id" = "subnet-0ea44af2f97e12b1a"
+          "ipv6_cidr_block" = ""
+          "ipv6_cidr_block_association_id" = ""
+          "ipv6_native" = false
+          "map_customer_owned_ip_on_launch" = false
+          "map_public_ip_on_launch" = false
+          "outpost_arn" = ""
+          "owner_id" = "916723593639"
+          "private_dns_hostname_type_on_launch" = "ip-name"
+          "tags" = tomap({
+            "Name" = "Private Subnet One"
+            "project" = "swarms"
+          })
+          "tags_all" = tomap({
+            "Name" = "Private Subnet One"
+            "project" = "swarms"
+          })
+          "timeouts" = null /* object */
+          "vpc_id" = "vpc-0b4cedd083227068d"
+        },
+        {
+          "arn" = "arn:aws:ec2:us-east-2:916723593639:subnet/subnet-0de17633cfb166d29"
+          "assign_ipv6_address_on_creation" = false
+          "availability_zone" = "us-east-2b"
+          "availability_zone_id" = "use2-az2"
+          "cidr_block" = "10.0.1.0/24"
+          "customer_owned_ipv4_pool" = ""
+          "enable_dns64" = false
+          "enable_lni_at_device_index" = 0
+          "enable_resource_name_dns_a_record_on_launch" = false
+          "enable_resource_name_dns_aaaa_record_on_launch" = false
+          "id" = "subnet-0de17633cfb166d29"
+          "ipv6_cidr_block" = ""
+          "ipv6_cidr_block_association_id" = ""
+          "ipv6_native" = false
+          "map_customer_owned_ip_on_launch" = false
+          "map_public_ip_on_launch" = false
+          "outpost_arn" = ""
+          "owner_id" = "916723593639"
+          "private_dns_hostname_type_on_launch" = "ip-name"
+          "tags" = tomap({
+            "Name" = "Private Subnet Two"
+            "project" = "swarms"
+          })
+          "tags_all" = tomap({
+            "Name" = "Private Subnet Two"
+            "project" = "swarms"
+          })
+          "timeouts" = null /* object */
+          "vpc_id" = "vpc-0b4cedd083227068d"
+        },
+        {
+          "arn" = "arn:aws:ec2:us-east-2:916723593639:subnet/subnet-0e926a2b5ae3f5acc"
+          "assign_ipv6_address_on_creation" = false
+          "availability_zone" = "us-east-2c"
+          "availability_zone_id" = "use2-az3"
+          "cidr_block" = "10.0.2.0/24"
+          "customer_owned_ipv4_pool" = ""
+          "enable_dns64" = false
+          "enable_lni_at_device_index" = 0
+          "enable_resource_name_dns_a_record_on_launch" = false
+          "enable_resource_name_dns_aaaa_record_on_launch" = false
+          "id" = "subnet-0e926a2b5ae3f5acc"
+          "ipv6_cidr_block" = ""
+          "ipv6_cidr_block_association_id" = ""
+          "ipv6_native" = false
+          "map_customer_owned_ip_on_launch" = false
+          "map_public_ip_on_launch" = false
+          "outpost_arn" = ""
+          "owner_id" = "916723593639"
+          "private_dns_hostname_type_on_launch" = "ip-name"
+          "tags" = tomap({
+            "Name" = "swarms-private-us-east-2c"
+            "project" = "swarms"
+          })
+          "tags_all" = tomap({
+            "Name" = "swarms-private-us-east-2c"
+            "project" = "swarms"
+          })
+          "timeouts" = null /* object */
+          "vpc_id" = "vpc-0b4cedd083227068d"
+        },
+      ]
+      "private_subnets" = [
+        "subnet-0ea44af2f97e12b1a",
+        "subnet-0de17633cfb166d29",
+        "subnet-0e926a2b5ae3f5acc",
+      ]
+      "private_subnets_cidr_blocks" = tolist([
+        "10.0.0.0/24",
+        "10.0.1.0/24",
+        "10.0.2.0/24",
+      ])
+      "private_subnets_ipv6_cidr_blocks" = tolist([])
+      "public_internet_gateway_ipv6_route_id" = null
+      "public_internet_gateway_route_id" = "r-rtb-0445a2ea1c510657b1080289494"
+      "public_network_acl_arn" = null
+      "public_network_acl_id" = null
+      "public_route_table_association_ids" = [
+        "rtbassoc-033c4fa608f79a594",
+        "rtbassoc-000d8799150d904e6",
+        "rtbassoc-0b047c79fe554852d",
+      ]
+      "public_route_table_ids" = [
+        "rtb-0445a2ea1c510657b",
+      ]
+      "public_subnet_arns" = [
+        "arn:aws:ec2:us-east-2:916723593639:subnet/subnet-04b3bdd4b0dc877f0",
+        "arn:aws:ec2:us-east-2:916723593639:subnet/subnet-051fecdee9028af79",
+        "arn:aws:ec2:us-east-2:916723593639:subnet/subnet-027f4abd09a6543f0",
+      ]
+      "public_subnet_objects" = [
+        {
+          "arn" = "arn:aws:ec2:us-east-2:916723593639:subnet/subnet-04b3bdd4b0dc877f0"
+          "assign_ipv6_address_on_creation" = false
+          "availability_zone" = "us-east-2a"
+          "availability_zone_id" = "use2-az1"
+          "cidr_block" = "10.0.4.0/24"
+          "customer_owned_ipv4_pool" = ""
+          "enable_dns64" = false
+          "enable_lni_at_device_index" = 0
+          "enable_resource_name_dns_a_record_on_launch" = false
+          "enable_resource_name_dns_aaaa_record_on_launch" = false
+          "id" = "subnet-04b3bdd4b0dc877f0"
+          "ipv6_cidr_block" = ""
+          "ipv6_cidr_block_association_id" = ""
+          "ipv6_native" = false
+          "map_customer_owned_ip_on_launch" = false
+          "map_public_ip_on_launch" = false
+          "outpost_arn" = ""
+          "owner_id" = "916723593639"
+          "private_dns_hostname_type_on_launch" = "ip-name"
+          "tags" = tomap({
+            "Name" = "swarms-public-us-east-2a"
+            "project" = "swarms"
+          })
+          "tags_all" = tomap({
+            "Name" = "swarms-public-us-east-2a"
+            "project" = "swarms"
+          })
+          "timeouts" = null /* object */
+          "vpc_id" = "vpc-0b4cedd083227068d"
+        },
+        {
+          "arn" = "arn:aws:ec2:us-east-2:916723593639:subnet/subnet-051fecdee9028af79"
+          "assign_ipv6_address_on_creation" = false
+          "availability_zone" = "us-east-2b"
+          "availability_zone_id" = "use2-az2"
+          "cidr_block" = "10.0.5.0/24"
+          "customer_owned_ipv4_pool" = ""
+          "enable_dns64" = false
+          "enable_lni_at_device_index" = 0
+          "enable_resource_name_dns_a_record_on_launch" = false
+          "enable_resource_name_dns_aaaa_record_on_launch" = false
+          "id" = "subnet-051fecdee9028af79"
+          "ipv6_cidr_block" = ""
+          "ipv6_cidr_block_association_id" = ""
+          "ipv6_native" = false
+          "map_customer_owned_ip_on_launch" = false
+          "map_public_ip_on_launch" = false
+          "outpost_arn" = ""
+          "owner_id" = "916723593639"
+          "private_dns_hostname_type_on_launch" = "ip-name"
+          "tags" = tomap({
+            "Name" = "swarms-public-us-east-2b"
+            "project" = "swarms"
+          })
+          "tags_all" = tomap({
+            "Name" = "swarms-public-us-east-2b"
+            "project" = "swarms"
+          })
+          "timeouts" = null /* object */
+          "vpc_id" = "vpc-0b4cedd083227068d"
+        },
+        {
+          "arn" = "arn:aws:ec2:us-east-2:916723593639:subnet/subnet-027f4abd09a6543f0"
+          "assign_ipv6_address_on_creation" = false
+          "availability_zone" = "us-east-2c"
+          "availability_zone_id" = "use2-az3"
+          "cidr_block" = "10.0.6.0/24"
+          "customer_owned_ipv4_pool" = ""
+          "enable_dns64" = false
+          "enable_lni_at_device_index" = 0
+          "enable_resource_name_dns_a_record_on_launch" = false
+          "enable_resource_name_dns_aaaa_record_on_launch" = false
+          "id" = "subnet-027f4abd09a6543f0"
+          "ipv6_cidr_block" = ""
+          "ipv6_cidr_block_association_id" = ""
+          "ipv6_native" = false
+          "map_customer_owned_ip_on_launch" = false
+          "map_public_ip_on_launch" = false
+          "outpost_arn" = ""
+          "owner_id" = "916723593639"
+          "private_dns_hostname_type_on_launch" = "ip-name"
+          "tags" = tomap({
+            "Name" = "swarms-public-us-east-2c"
+            "project" = "swarms"
+          })
+          "tags_all" = tomap({
+            "Name" = "swarms-public-us-east-2c"
+            "project" = "swarms"
+          })
+          "timeouts" = null /* object */
+          "vpc_id" = "vpc-0b4cedd083227068d"
+        },
+      ]
+      "public_subnets" = [
+        "subnet-04b3bdd4b0dc877f0",
+        "subnet-051fecdee9028af79",
+        "subnet-027f4abd09a6543f0",
+      ]
+      "public_subnets_cidr_blocks" = tolist([
+        "10.0.4.0/24",
+        "10.0.5.0/24",
+        "10.0.6.0/24",
+      ])
+      "public_subnets_ipv6_cidr_blocks" = tolist([])
+      "redshift_network_acl_arn" = null
+      "redshift_network_acl_id" = null
+      "redshift_public_route_table_association_ids" = []
+      "redshift_route_table_association_ids" = []
+      "redshift_route_table_ids" = tolist([
+        "rtb-033eec802f743baca",
+        "rtb-0bbc3caa1cdc40cd0",
+        "rtb-081f2bb265d2703ee",
+      ])
+      "redshift_subnet_arns" = []
+      "redshift_subnet_group" = null
+      "redshift_subnet_objects" = []
+      "redshift_subnets" = []
+      "redshift_subnets_cidr_blocks" = tolist([])
+      "redshift_subnets_ipv6_cidr_blocks" = tolist([])
+      "this_customer_gateway" = {}
+      "vgw_arn" = null
+      "vgw_id" = null
+      "vpc_arn" = "arn:aws:ec2:us-east-2:916723593639:vpc/vpc-0b4cedd083227068d"
+      "vpc_cidr_block" = "10.0.0.0/16"
+      "vpc_enable_dns_hostnames" = true
+      "vpc_enable_dns_support" = true
+      "vpc_flow_log_cloudwatch_iam_role_arn" = ""
+      "vpc_flow_log_deliver_cross_account_role" = null
+      "vpc_flow_log_destination_arn" = ""
+      "vpc_flow_log_destination_type" = "cloud-watch-logs"
+      "vpc_flow_log_id" = null
+      "vpc_id" = "vpc-0b4cedd083227068d"
+      "vpc_instance_tenancy" = "default"
+      "vpc_ipv6_association_id" = ""
+      "vpc_ipv6_cidr_block" = ""
+      "vpc_main_route_table_id" = "rtb-053dc8c3d37f2f58f"
+      "vpc_owner_id" = "916723593639"
+      "vpc_secondary_cidr_blocks" = tolist([])
+    }
+    "vpc_arn" = "arn:aws:ec2:us-east-2:916723593639:vpc/vpc-0b4cedd083227068d"
+    "vpc_cidr_block" = "10.0.0.0/16"
+    "vpc_enable_dns_hostnames" = true
+    "vpc_enable_dns_support" = true
+    "vpc_flow_log_cloudwatch_iam_role_arn" = ""
+    "vpc_flow_log_destination_arn" = ""
+    "vpc_flow_log_destination_type" = "cloud-watch-logs"
+    "vpc_flow_log_id" = null
+    "vpc_id" = "vpc-0b4cedd083227068d"
+    "vpc_instance_tenancy" = "default"
+    "vpc_ipv6_association_id" = ""
+    "vpc_ipv6_cidr_block" = ""
+    "vpc_main_route_table_id" = "rtb-053dc8c3d37f2f58f"
+    "vpc_owner_id" = "916723593639"
+    "vpc_secondary_cidr_blocks" = tolist([])
+  }
+}
+dns = "api.swarms.ai"
+profile = "swarms"
+region = "us-east-2"
+mdupont@mdupont-G470:~/2024/12/swarms-terraform/accounts/swarms$ 
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/alb/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/alb/main.tf
new file mode 100644
index 0000000..e69de29
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/asg/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/asg/main.tf
new file mode 100644
index 0000000..e69de29
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/https/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/https/main.tf
new file mode 100644
index 0000000..171f170
--- /dev/null
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/https/main.tf
@@ -0,0 +1,32 @@
+module "acm" {
+#  count = 0
+  source  = "terraform-aws-modules/acm/aws"
+  version = "~> 4.0"
+  domain_name = var.domain_name
+  zone_id     = aws_route53_zone.primary.zone_id
+  subject_alternative_names = [
+    "*.${var.domain_name}"
+  ]
+}
+
+## now we just lift the listener code
+resource "aws_lb_listener" "this" {
+  port                        = 443
+  protocol                    = "HTTPS"
+  ssl_policy                  = "ELBSecurityPolicy-TLS13-1-2-Res-2021-06"
+  certificate_arn             = module.acm.acm_certificate_arn
+  load_balancer_arn = module.alb.arn
+  #additional_certificate_arns = [module.wildcard_cert.acm_certificate_arn]
+  #     #forward = {
+  #       #target_group_key = "ex-swarms-instance"
+  # 	target_group_arn = "ex-swarms-instance"
+  # 	#target_group = []
+
+  default_action {
+    target_group_arn =aws_lb_target_group.this.arn
+    #module.alb.target_groups["ex-lambda-with-trigger"].arn
+    #length(try(default_action.value.target_groups, [])) > 0 ? null : try(default_action.value.arn, aws_lb_target_group.this[default_action.value.target_group_key].arn, null)
+    type             = "forward"
+  }
+}
+
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf
index 896e006..b5c33cf 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf
@@ -1,11 +1,7 @@
-#   variable "provider_alias" {
-#     type = any
-#   }
+variable  vpc_id  {}
 variable  security_group_id    {} #   = local.name
 variable  name    {} #   = local.name
 variable  domain_name    {} #   = local.name
-variable  vpc_id  {}  #= module.vpc.vpc_id
-#variable  subnets {} #= module.vpc.public_subnets
 variable  public_subnets {} #= module.vpc.public_subnets
 
 data "aws_availability_zones" "available" {}
@@ -36,105 +32,27 @@ module "alb" {
   tags = local.tags
 }
 
-resource "aws_route53_zone" "primary" {
-   name = var.domain_name
-}
 
-resource "aws_route53_record" "api-cname" {
-  zone_id = aws_route53_zone.primary.zone_id
-  name    = "us-east-1.${var.domain_name}"
-  type    = "CNAME"
-  ttl     = 5
 
-#  weighted_routing_policy {
-#    weight = 10
-#  }
-  #set_identifier = "dev"
-  records        = [
-    module.alb.dns_name
-  ]
-}
 
 
-module "acm" {
-#  count = 0
-  source  = "terraform-aws-modules/acm/aws"
-  version = "~> 4.0"
-  domain_name = var.domain_name
-  zone_id     = aws_route53_zone.primary.zone_id
-  subject_alternative_names = [
-    "*.${var.domain_name}"
-  ]
+output dns {
+  value = module.alb.dns_name
 }
 
-## now we just lift the listener code
-resource "aws_lb_listener" "this" {
-  port                        = 443
-  protocol                    = "HTTPS"
-  ssl_policy                  = "ELBSecurityPolicy-TLS13-1-2-Res-2021-06"
-  certificate_arn             = module.acm.acm_certificate_arn
-  load_balancer_arn = module.alb.arn
-  #additional_certificate_arns = [module.wildcard_cert.acm_certificate_arn]
-  #     #forward = {
-  #       #target_group_key = "ex-swarms-instance"
-  # 	target_group_arn = "ex-swarms-instance"
-  # 	#target_group = []
-
-  default_action {
-    target_group_arn =aws_lb_target_group.this.arn
-    #module.alb.target_groups["ex-lambda-with-trigger"].arn
-    #length(try(default_action.value.target_groups, [])) > 0 ? null : try(default_action.value.arn, aws_lb_target_group.this[default_action.value.target_group_key].arn, null)
-    type             = "forward"
-  }
+module "route53" {
+  source = "./route53/"
+  alb_dns_name = module.alb.dns_name
+  alb_dns_zone = module.alb.zone_id
+  domain_name = var.domain_name
 }
 
-
-resource "aws_lb_target_group" "this" {
-  name_prefix                       = "swarms"
-  protocol                          = "HTTP"
-  port                              = 80
-  target_type                       = "instance"
-  vpc_id = var.vpc_id
-  deregistration_delay              = 10
-  #load_balancing_algorithm_type     = "weighted_random"
-  #load_balancing_anomaly_mitigation = "on"
-  #load_balancing_cross_zone_enabled = false
-  protocol_version = "HTTP1"
-  #
-  health_check {
-    path = "/v1/docs" # the docs api
-    enabled             = true
-    healthy_threshold   = 10
-    interval            = 130
-    port                = "traffic-port"
-    protocol            = "HTTP"
-    timeout             = 120
-    unhealthy_threshold = 10
-  }
-  
-#  stickiness {
-#    cookie_duration = 86400
-#    enabled         = true
-#    type            = "lb_cookie"
-#  }
-  
+module "tg" {
+  source = "./target_group/"
+  vpc_id  = var.vpc_id # module.vpc.vpc_id
 }
 
-output zone_id {
-  value = aws_route53_zone.primary.zone_id
-}
 
-output zone {
-  value = aws_route53_zone.primary
-}
 output alb_target_group_arn {
-  value = aws_lb_target_group.this.arn
-}
-
-output dns {
-  value = module.alb.dns_name
-}
-
-output cname {
-  value = aws_route53_record.api-cname.fqdn
+  value = module.tg.alb_target_group_arn
 }
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/notes.prg b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/notes.prg
new file mode 100644
index 0000000..df1c054
--- /dev/null
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/notes.prg
@@ -0,0 +1,479 @@
+#  access_logs = {
+#    bucket = module.log_bucket.s3_bucket_id
+#    prefix = "access-logs"
+#  }
+
+#  connection_logs = {
+#    bucket  = module.log_bucket.s3_bucket_id
+#    enabled = true
+#    prefix  = "connection-logs"
+#  }
+
+    # ex-http-https-redirect = {
+    #   port     = 80
+    #   protocol = "HTTP"
+    #   redirect = {
+    #     port        = "443"
+    #     protocol    = "HTTPS"
+    #     status_code = "HTTP_301"
+    #   }
+    # }
+      #     rules = {
+  #       ex-fixed-response = {
+  #         priority = 3
+  #         actions = [{
+  #           type         = "fixed-response"
+  #           content_type = "text/plain"
+  #           status_code  = 200
+  #           message_body = "This is a fixed response"
+  #         }]
+  #         conditions = [{
+  #           http_header = {
+  #             http_header_name = "x-Gimme-Fixed-Response"
+  #             values           = ["yes", "please", "right now"]
+  #           }
+  #         }]
+  #       }
+  #       ex-weighted-forward = {
+  #         priority = 4
+  #         actions = [{
+  #           type = "weighted-forward"
+  #           target_groups = [
+  #             {
+  #               target_group_key = "ex-lambda-with-trigger"
+  #               weight           = 2
+  #             },
+  #             {
+  #               target_group_key = "ex-instance"
+  #               weight           = 1
+  #             }
+  #           ]
+  #           stickiness = {
+  #             enabled  = true
+  #             duration = 3600
+  #           }
+  #         }]
+  #         conditions = [{
+  #           query_string = {
+  #             key   = "weighted"
+  #             value = "true"
+  #           }
+  #         }]
+  #       }
+  #       ex-redirect = {
+  #         priority = 5000
+  #         actions = [{
+  #           type        = "redirect"
+  #           status_code = "HTTP_302"
+  #           host        = "www.youtube.com"
+  #           path        = "/watch"
+  #           query       = "v=dQw4w9WgXcQ"
+  #           protocol    = "HTTPS"
+  #         }]
+  #         conditions = [{
+  #           query_string = [{
+  #             key   = "video"
+  #             value = "random"
+  #             },
+  #             {
+  #               key   = "image"
+  #               value = "next"
+  #           }]
+  #         }]
+  #       }
+  #     }
+  #   }
+  #   ex-http-weighted-target = {
+  #     port     = 81
+  #     protocol = "HTTP"
+  #     weighted_forward = {
+  #       target_groups = [
+  #         {
+  #           target_group_key = "ex-lambda-with-trigger"
+  #           weight           = 60
+  #         },
+  #         {
+  #           target_group_key = "ex-instance"
+  #           weight           = 40
+  #         }
+  #       ]
+  #     }
+  #   }
+  #   ex-fixed-response = {
+  #     port     = 82
+  #     protocol = "HTTP"
+  #     fixed_response = {
+  #       content_type = "text/plain"
+  #       message_body = "Fixed message"
+  #       status_code  = "200"
+  #     }
+  #   }
+  #     rules = {
+  #       ex-cognito = {
+  #         actions = [
+  #           {
+  #             type                       = "authenticate-cognito"
+  #             on_unauthenticated_request = "authenticate"
+  #             session_cookie_name        = "session-${local.name}"
+  #             session_timeout            = 3600
+  #             user_pool_arn              = aws_cognito_user_pool.this.arn
+  #             user_pool_client_id        = aws_cognito_user_pool_client.this.id
+  #             user_pool_domain           = aws_cognito_user_pool_domain.this.domain
+  #           },
+  #           {
+  #             type             = "forward"
+  #             target_group_key = "ex-instance"
+  #           }
+  #         ]
+  #         conditions = [{
+  #           path_pattern = {
+  #             values = ["/some/auth/required/route"]
+  #           }
+  #         }]
+  #       }
+  #       ex-fixed-response = {
+  #         priority = 3
+  #         actions = [{
+  #           type         = "fixed-response"
+  #           content_type = "text/plain"
+  #           status_code  = 200
+  #           message_body = "This is a fixed response"
+  #         }]
+  #         conditions = [{
+  #           http_header = {
+  #             http_header_name = "x-Gimme-Fixed-Response"
+  #             values           = ["yes", "please", "right now"]
+  #           }
+  #         }]
+  #       }
+  #       ex-weighted-forward = {
+  #         priority = 4
+  #         actions = [{
+  #           type = "weighted-forward"
+  #           target_groups = [
+  #             {
+  #               target_group_key = "ex-instance"
+  #               weight           = 2
+  #             },
+  #             {
+  #               target_group_key = "ex-lambda-with-trigger"
+  #               weight           = 1
+  #             }
+  #           ]
+  #           stickiness = {
+  #             enabled  = true
+  #             duration = 3600
+  #           }
+  #         }]
+  #         conditions = [{
+  #           query_string = {
+  #             key   = "weighted"
+  #             value = "true"
+  #           },
+  #           path_pattern = {
+  #             values = ["/some/path"]
+  #           }
+  #         }]
+  #       }
+  #       ex-redirect = {
+  #         priority = 5000
+  #         actions = [{
+  #           type        = "redirect"
+  #           status_code = "HTTP_302"
+  #           host        = "www.youtube.com"
+  #           path        = "/watch"
+  #           query       = "v=dQw4w9WgXcQ"
+  #           protocol    = "HTTPS"
+  #         }]
+  #         conditions = [{
+  #           query_string = {
+  #             key   = "video"
+  #             value = "random"
+  #           }
+  #         }]
+  #       }
+  #     }
+  #   ex-cognito = {
+  #     port            = 444
+  #     protocol        = "HTTPS"
+  #     certificate_arn = module.acm.acm_certificate_arn
+  #     authenticate_cognito = {
+  #       authentication_request_extra_params = {
+  #         display = "page"
+  #         prompt  = "login"
+  #       }
+  #       on_unauthenticated_request = "authenticate"
+  #       session_cookie_name        = "session-${local.name}"
+  #       session_timeout            = 3600
+  #       user_pool_arn              = aws_cognito_user_pool.this.arn
+  #       user_pool_client_id        = aws_cognito_user_pool_client.this.id
+  #       user_pool_domain           = aws_cognito_user_pool_domain.this.domain
+  #     }
+  #     forward = {
+  #       target_group_key = "ex-instance"
+  #     }
+  #     rules = {
+  #       ex-oidc = {
+  #         priority = 2
+  #         actions = [
+  #           {
+  #             type = "authenticate-oidc"
+  #             authentication_request_extra_params = {
+  #               display = "page"
+  #               prompt  = "login"
+  #             }
+  #             authorization_endpoint = "https://${var.domain_name}/auth"
+  #             client_id              = "client_id"
+  #             client_secret          = "client_secret"
+  #             issuer                 = "https://${var.domain_name}"
+  #             token_endpoint         = "https://${var.domain_name}/token"
+  #             user_info_endpoint     = "https://${var.domain_name}/user_info"
+  #           },
+  #           {
+  #             type             = "forward"
+  #             target_group_key = "ex-lambda-with-trigger"
+  #           }
+  #         ]
+  #         conditions = [{
+  #           host_header = {
+  #             values = ["foobar.com"]
+  #           }
+  #         }]
+  #       }
+  #     }
+  #   }
+  #   ex-oidc = {
+  #     port            = 445
+  #     protocol        = "HTTPS"
+  #     certificate_arn = module.acm.acm_certificate_arn
+  #     action_type     = "authenticate-oidc"
+  #     authenticate_oidc = {
+  #       authentication_request_extra_params = {
+  #         display = "page"
+  #         prompt  = "login"
+  #       }
+  #       authorization_endpoint = "https://${var.domain_name}/auth"
+  #       client_id              = "client_id"
+  #       client_secret          = "client_secret"
+  #       issuer                 = "https://${var.domain_name}"
+  #       token_endpoint         = "https://${var.domain_name}/token"
+  #       user_info_endpoint     = "https://${var.domain_name}/user_info"
+  #     }
+  #     forward = {
+  #       target_group_key = "ex-instance"
+  #     }
+  #   }
+  # }
+  #     target_group_health = {
+  #       dns_failover = {
+  #         minimum_healthy_targets_count = 2
+  #       }
+  #       unhealthy_state_routing = {
+  #         minimum_healthy_targets_percentage = 50
+  #       }
+  #     }
+  #     health_check = {
+  #       enabled             = true
+  #       interval            = 30
+  #       path                = "/healthz"
+  #       port                = "traffic-port"
+  #       healthy_threshold   = 3
+  #       unhealthy_threshold = 3
+  #       timeout             = 6
+  #       protocol            = "HTTP"
+  #       matcher             = "200-399"
+  #     }	 
+  #   ex-lambda-with-trigger = {
+  #     name_prefix                        = "l1-"
+  #     target_type                        = "lambda"
+  #     lambda_multi_value_headers_enabled = true
+  #     target_id                          = module.lambda_with_allowed_triggers.lambda_function_arn
+  #   }
+  #   ex-lambda-without-trigger = {
+  #     name_prefix              = "l2-"
+  #     target_type              = "lambda"
+  #     target_id                = module.lambda_without_allowed_triggers.lambda_function_arn
+  #     attach_lambda_permission = true
+  #   }
+  # }
+  # additional_target_group_attachments = {
+  #   ex-instance-other = {
+  #     target_group_key = "ex-instance"
+  #     target_type      = "instance"
+  #     target_id        = aws_instance.other.id
+  #     port             = "80"
+  #   }
+  # }
+  # # Route53 Record(s)
+  # route53_records = {
+  #   A = {
+  #     name    = local.name
+  #     type    = "A"
+  #     zone_id = data.aws_route53_zone.this.id
+  #   }
+  #   AAAA = {
+  #     name    = local.name
+  #     type    = "AAAA"
+  #     zone_id = data.aws_route53_zone.this.id
+  #   }
+  # }
+
+
+#module "alb_disabled" {
+#  source = "../../"#
+#
+#  create = false
+#}
+
+# ################################################################################
+# # Using packaged function from Lambda module
+# ################################################################################
+
+# locals {
+#   package_url = "https://raw.githubusercontent.com/terraform-aws-modules/terraform-aws-lambda/master/examples/fixtures/python3.8-zip/existing_package.zip"
+#   downloaded  = "downloaded_package_${md5(local.package_url)}.zip"
+# }
+
+# resource "null_resource" "download_package" {
+#   triggers = {
+#     downloaded = local.downloaded
+#   }
+
+#   provisioner "local-exec" {
+#     command = "curl -L -o ${local.downloaded} ${local.package_url}"
+#   }
+# }
+
+# module "lambda_with_allowed_triggers" {
+#   source  = "terraform-aws-modules/lambda/aws"
+#   version = "~> 6.0"
+
+#   function_name = "${local.name}-with-allowed-triggers"
+#   description   = "My awesome lambda function (with allowed triggers)"
+#   handler       = "index.lambda_handler"
+#   runtime       = "python3.8"
+
+#   publish                = true
+#   create_package         = false
+#   local_existing_package = local.downloaded
+
+#   allowed_triggers = {
+#     AllowExecutionFromELB = {
+#       service    = "elasticloadbalancing"
+#       source_arn = module.alb.target_groups["ex-lambda-with-trigger"].arn
+#     }
+#   }
+
+#   depends_on = [null_resource.download_package]
+# }
+
+# module "lambda_without_allowed_triggers" {
+#   source  = "terraform-aws-modules/lambda/aws"
+#   version = "~> 6.0"
+
+#   function_name = "${local.name}-without-allowed-triggers"
+#   description   = "My awesome lambda function (without allowed triggers)"
+#   handler       = "index.lambda_handler"
+#   runtime       = "python3.8"
+
+#   publish                = true
+#   create_package         = false
+#   local_existing_package = local.downloaded
+
+#   # Allowed triggers will be managed by ALB module
+#   allowed_triggers = {}
+
+#   depends_on = [null_resource.download_package]
+# }
+
+# ################################################################################
+# # Supporting resources
+# ################################################################################
+
+# module "vpc" {
+#   source  = "terraform-aws-modules/vpc/aws"
+#   version = "~> 5.0"
+
+#   name = local.name
+#   cidr = local.vpc_cidr
+
+#   azs             = local.azs
+#   private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)]
+#   public_subnets  = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)]
+
+#   tags = local.tags
+# }
+
+# module "wildcard_cert" {
+#   source  = "terraform-aws-modules/acm/aws"
+#   version = "~> 4.0"
+
+#   domain_name = "*.${var.domain_name}"
+#   zone_id     = data.aws_route53_zone.this.id
+# }
+
+# data "aws_ssm_parameter" "al2" {
+#   name = "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2"
+# }
+
+# resource "aws_instance" "this" {
+#   ami           = data.aws_ssm_parameter.al2.value
+#   instance_type = "t3.nano"
+#   subnet_id     = element(module.vpc.private_subnets, 0)
+# }
+
+# resource "aws_instance" "other" {
+#   ami           = data.aws_ssm_parameter.al2.value
+#   instance_type = "t3.nano"
+#   subnet_id     = element(module.vpc.private_subnets, 0)
+# }
+
+# ##################################################################
+# # AWS Cognito User Pool
+# ##################################################################
+
+# resource "aws_cognito_user_pool" "this" {
+#   name = "user-pool-${local.name}"
+# }
+
+# resource "aws_cognito_user_pool_client" "this" {
+#   name                                 = "user-pool-client-${local.name}"
+#   user_pool_id                         = aws_cognito_user_pool.this.id
+#   generate_secret                      = true
+#   allowed_oauth_flows                  = ["code", "implicit"]
+#   callback_urls                        = ["https://${var.domain_name}/callback"]
+#   allowed_oauth_scopes                 = ["email", "openid"]
+#   allowed_oauth_flows_user_pool_client = true
+# }
+
+# resource "random_string" "this" {
+#   length  = 5
+#   upper   = false
+#   special = false
+# }
+
+# resource "aws_cognito_user_pool_domain" "this" {
+#   domain       = "${local.name}-${random_string.this.result}"
+#   user_pool_id = aws_cognito_user_pool.this.id
+# }
+
+#module#  "log_bucket" {
+#   source  = "terraform-aws-modules/s3-bucket/aws"
+#   version = "~> 3.0"
+
+#   bucket_prefix = "${local.name}-logs-"
+#   acl           = "log-delivery-write"
+
+#   # For example only
+#   force_destroy = true
+
+#   control_object_ownership = true
+#   object_ownership         = "ObjectWriter"
+
+#   attach_elb_log_delivery_policy = true # Required for ALB logs
+#   attach_lb_log_delivery_policy  = true # Required for ALB/NLB logs
+
+#   attach_deny_insecure_transport_policy = true
+#   attach_require_latest_tls_policy      = true
+#   tags = local.tags
+#}
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/route53/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/route53/main.tf
new file mode 100644
index 0000000..b29c4e2
--- /dev/null
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/route53/main.tf
@@ -0,0 +1,36 @@
+variable  domain_name    {} #   = local.name
+variable alb_dns_name {}
+variable alb_dns_zone {}
+data "aws_route53_zone" "primary" {
+   name = var.domain_name
+}
+
+resource "aws_route53_record" "api-cname" {
+  zone_id = data.aws_route53_zone.primary.zone_id
+  name    = var.domain_name
+  #  type    = "CNAME"
+  type    = "A"
+#  ttl     = 5
+
+#  weighted_routing_policy {
+#    weight = 10
+#  }
+  #set_identifier = "dev"
+  alias      {
+    name = var.alb_dns_name
+    zone_id = var.alb_dns_zone
+    evaluate_target_health = true
+    
+    #
+  }
+}
+
+output cname {
+  value = aws_route53_record.api-cname.fqdn
+}
+output zone {
+  value = data.aws_route53_zone.primary
+}
+output zone_id {
+  value = data.aws_route53_zone.primary.zone_id
+}
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/target_group/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/target_group/main.tf
new file mode 100644
index 0000000..017efed
--- /dev/null
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/target_group/main.tf
@@ -0,0 +1,34 @@
+variable  vpc_id  {} 
+resource "aws_lb_target_group" "this" {
+  name_prefix                       = "swarms"
+  protocol                          = "HTTP"
+  port                              = 80
+  target_type                       = "instance"
+  vpc_id = var.vpc_id
+  deregistration_delay              = 10
+  #load_balancing_algorithm_type     = "weighted_random"
+  #load_balancing_anomaly_mitigation = "on"
+  #load_balancing_cross_zone_enabled = false
+  protocol_version = "HTTP1"
+  #
+  health_check {
+    path = "/v1/docs" # the docs api
+    enabled             = true
+    healthy_threshold   = 10
+    interval            = 130
+    port                = "traffic-port"
+    protocol            = "HTTP"
+    timeout             = 120
+    unhealthy_threshold = 10
+  }
+  
+#  stickiness {
+#    cookie_duration = 86400
+#    enabled         = true
+#    type            = "lb_cookie"
+#  }
+  
+}
+output alb_target_group_arn {
+  value = aws_lb_target_group.this.arn
+}
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf
index bb78a6e..e5e31ef 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf
@@ -1,62 +1,18 @@
+variable aws_iam_instance_profile_ssm_arn {}
 variable target_group_arn{}
-#variable security_group_id {}
 variable name {}
-variable instance_type {
- # default = "t3.micro"
-}
-
-variable launch_template_id {
-
-}
-variable  image_id {
-  default = "ami-0e2c8caa4b6378d8c"
-}
-variable  vpc_id {
-  default = "vpc-04f28c9347af48b55"
-}
-#provider "aws" {
-#  region = "us-east-1"
-#}
+variable instance_type {}
+variable launch_template_id {}
+variable image_id {}
+variable vpc_id {}
+variable tags {}
+variable ec2_subnet_id {}
 
 locals {
-  ami = "ami-0e2c8caa4b6378d8c"
- # name   = "swarms"
-  region = "us-east-1"
-  ec2_subnet_id = "subnet-057c90cfe7b2e5646"
-
-  #iam_instance_profile_name = "swarms-20241213150629570500000003"
-  iam_instance_profile_arn = aws_iam_instance_profile.ssm.arn
-  tags = {
-    project="swarms"
-  }
-
+  iam_instance_profile_arn = var.aws_iam_instance_profile_ssm_arn
   instance_type = var.instance_type
 }
 
-resource "aws_iam_instance_profile" "ssm" {
-  name = "ssm-${var.name}"
-  role = aws_iam_role.ssm.name
-  tags = local.tags
-}
-resource "aws_iam_role" "ssm" {
-  name = "ssm-${var.name}"
-  tags = local.tags
-
-  assume_role_policy = jsonencode({
-    Version = "2012-10-17",
-    Statement = [
-      {
-        Action = "sts:AssumeRole",
-        Principal = {
-          Service = "ec2.amazonaws.com"
-        },
-        Effect = "Allow",
-        Sid    = ""
-      }
-    ]
-  })
-}
-
 module "autoscaling" {
   source  = "terraform-aws-modules/autoscaling/aws"
   version = "8.0.0"
@@ -73,7 +29,7 @@ module "autoscaling" {
   launch_template_id   = var.launch_template_id
   launch_template_version   = "$Latest"
 
-  vpc_zone_identifier = [local.ec2_subnet_id]
+  vpc_zone_identifier = [var.ec2_subnet_id]
 
   instance_market_options = {
     market_type = "spot"
@@ -88,7 +44,6 @@ module "autoscaling" {
   ]
   instance_type = var.instance_type
   image_id = var.image_id
-
   
   create_iam_instance_profile = true
   iam_role_name               = "ssm-${var.name}"
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/launch_template/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/launch_template/main.tf
index b823712..09801f7 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/launch_template/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/launch_template/main.tf
@@ -1,36 +1,26 @@
+variable iam_instance_profile_name {}
 variable security_group_id {}
-variable name {
-  default = "swarms"
-}
-variable  vpc_id {
-  default = "vpc-04f28c9347af48b55"
-}
-
+variable name {}
+variable  vpc_id {}
+variable  ami_id {}
+variable  tags {}
 variable key_name {
   default = "mdupont-deployer-key"
 }
+
 # dont use this 
 variable instance_type {}
 
 locals {
-  ami = "ami-0e2c8caa4b6378d8c"
-#  name   = "swarms"
-  region = "us-east-1"
-  ec2_subnet_id = "subnet-057c90cfe7b2e5646"
-  vpc_id = "vpc-04f28c9347af48b55"
-  iam_instance_profile_name = "swarms-20241213150629570500000003"
   tags = {
     project="swarms"
     instance_type = var.instance_type
     name = var.name
   }
 }
-
-
-
 resource "aws_launch_template" "ec2_launch_template" {
   name_prefix           = "${var.name}-launch-template-"
-  image_id              = local.ami
+  image_id              = var.ami_id
   key_name = var.key_name
   instance_type        = var.instance_type
   network_interfaces {
@@ -40,7 +30,8 @@ resource "aws_launch_template" "ec2_launch_template" {
   }
  
   iam_instance_profile {
-    name = local.iam_instance_profile_name #aws_iam_instance_profile.ec2_instance_profile.name
+    #   iam_instance_profile_arn = aws_iam_instance_profile.ssm.arn
+    name = var.iam_instance_profile_name #aws_iam_instance_profile.ec2_instance_profile.name
   }
   lifecycle {
     create_before_destroy = true
@@ -75,7 +66,7 @@ resource "aws_launch_template" "ec2_launch_template" {
   bash -x /opt/swarms/api/install.sh
   EOF
     )
-  tags = local.tags  
+  tags = var.tags  
 }
 
 
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/main.tf
index 36c5cbd..2b7fbaa 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/main.tf
@@ -1,10 +1,6 @@
 
 locals {
-  ami = "ami-0e2c8caa4b6378d8c"
   name   = "swarms"
-  region = "us-east-1"
-  ec2_subnet_id = "subnet-057c90cfe7b2e5646"
-  vpc_id = "vpc-04f28c9347af48b55"
   tags = {
     project="swarms"
   }
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/security/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/security/main.tf
index 796614a..5572aba 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/security/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/security/main.tf
@@ -1,24 +1,12 @@
-variable  vpc_id {
-  default = "vpc-04f28c9347af48b55"
-}
-
-locals {
-  ami = "ami-0e2c8caa4b6378d8c"
-  name   = "swarms"
-  region = "us-east-1"
-  ec2_subnet_id = "subnet-057c90cfe7b2e5646"
-
-  tags = {
-    project="swarms"
-  }
-
-}
+variable  vpc_id { }
+variable  tags { }
+variable  name { }
 
 module "asg_sg" {
   source  = "terraform-aws-modules/security-group/aws"
   version = "~> 5.0"
 
-  name        = "${local.name}-external"
+  name        = "${var.name}-external"
   description = "external group"
   vpc_id      = var.vpc_id
 
@@ -31,14 +19,14 @@ module "asg_sg" {
 
   egress_rules = ["all-all"]
 
-  tags = local.tags
+  tags = var.tags
 }
 
 module "asg_sg_internal" {
   source  = "terraform-aws-modules/security-group/aws"
   version = "~> 5.0"
 
-  name        = "${local.name}-internal"
+  name        = "${var.name}-internal"
   description = "An internal security group"
   vpc_id      = var.vpc_id
   # see ~/2024/12/13/terraform-aws-security-group/examples/complete/main.tf
@@ -51,7 +39,7 @@ module "asg_sg_internal" {
   ]
   egress_rules = ["all-all"]
 
-  tags = local.tags
+  tags = var.tags
 }
 
 output "security_group_id" {
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/vpc/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/vpc/main.tf
index 2448aae..303c8fc 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/vpc/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/vpc/main.tf
@@ -2,10 +2,9 @@
 
 data "aws_availability_zones" "available" {}
 
-
 locals {
   name   = "swarms"
-  region = "us-east-1"
+
   vpc_cidr = "10.0.0.0/16"
   azs      = slice(data.aws_availability_zones.available.names, 0, 3)
 
@@ -21,7 +20,6 @@ locals {
 #   #source          = "https://github.com/terraform-aws-modules/terraform-aws-vpc.git"
 #   name = "swarms"
 #   cidr = "10.0.0.0/16"
-#   azs             = ["us-east-1a", "us-east-1b", "us-east-1c"]
 #   private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
 #   public_subnets  = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
 
@@ -231,3 +229,6 @@ module "vpc" {
 
 #   tags = local.tags
 # }
+output "vpc" {
+value = module.vpc
+}
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/vpc/outputs.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/vpc/outputs.tf
index 5cb68e1..32381e3 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/vpc/outputs.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/vpc/outputs.tf
@@ -550,9 +550,9 @@ output "vpc_flow_log_cloudwatch_iam_role_arn" {
 #   value       = module.vpc_endpoints.security_group_id
 # }
 output ec2_public_subnet_id_2 {
-  value = 1
+  value = module.vpc.public_subnets[1]
 }
 
 output ec2_public_subnet_id_1 {
-  value = 1
+  value = module.vpc.public_subnets[0]
 }
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf
index 3814095..c811e52 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf
@@ -1,8 +1,6 @@
-variable domain {}
 locals {
   #  instance_type = "t3.large"
   #  instance_type = "t3.medium"
-  #ami = "ami-0e2c8caa4b6378d8c"
   ami_name = "ubuntu/images/hvm-ssd-gp3/ubuntu-noble-24.04-amd64-server-*"
   name   = "swarms"
   region = "us-east-2"
@@ -11,16 +9,19 @@ locals {
     project="swarms"
   }
 }
+variable domain {}
+variable ami_id {}
+variable tags {}
+variable name {}
 
-data "aws_ami" "ami" {
-  most_recent      = true
-  name_regex       = "^${local.ami_name}"
-}
 
 locals {
-  ami_id  = data.aws_ami.ami.id
+#  ami_id  = data.aws_ami.ami.id
+  ami_id  = var.ami_id
+  
 }
 
+# SLOW
 module "vpc" {
   source = "./components/vpc"
 }
@@ -33,6 +34,9 @@ locals {
 
 module "security" {
   source = "./components/security"
+  vpc_id = local.vpc_id
+  tags = local.tags
+  name = local.name
 }
 
 module "kp" {
@@ -66,14 +70,52 @@ variable "instance_types" {
   ]
 }
 
+resource "aws_iam_role" "ssm" {
+  name = "ssm-${local.name}"
+  tags = var.tags
+
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17",
+    Statement = [
+      {
+        Action = "sts:AssumeRole",
+        Principal = {
+          Service = "ec2.amazonaws.com"
+        },
+        Effect = "Allow",
+        Sid    = ""
+      }
+    ]
+  })
+}
+
+resource "aws_iam_instance_profile" "ssm" {
+  name = "ssm-${var.name}"
+  role = aws_iam_role.ssm.name
+  tags = var.tags
+}
+
 module "lt_dynamic" {
+  vpc_id = local.vpc_id
   for_each = toset(var.instance_types)
   instance_type       = each.key
   name       = "swarms-size-${each.key}"
   security_group_id = module.security.internal_security_group_id
+  ami_id = var.ami_id
+  tags= local.tags
   source = "./components/launch_template"
+  iam_instance_profile_name = aws_iam_instance_profile.ssm.name
+}
+
+output security_group_id {
+  value = module.security.security_group_id
+}
+
+output vpc {
+  value = module.vpc
 }
 
+
 module "alb" { 
   source = "./components/application_load_balancer"
   domain_name = local.domain
@@ -84,9 +126,18 @@ module "alb" {
   vpc_id = local.vpc_id
   name = local.name
 }
+output alb {
+  value = module.alb
+}
+
 
 module "asg_dynamic" {
+  tags = local.tags
+  vpc_id = local.vpc_id
+  image_id = local.ami_id
+  ec2_subnet_id = module.vpc.ec2_public_subnet_id_1
   for_each = toset(var.instance_types)
+  aws_iam_instance_profile_ssm_arn = aws_iam_instance_profile.ssm.arn
   source              = "./components/autoscaling_group"
 #  security_group_id   = module.security.internal_security_group_id
   instance_type       = each.key
@@ -94,23 +145,3 @@ module "asg_dynamic" {
   launch_template_id   = module.lt_dynamic[each.key].launch_template_id
   target_group_arn = module.alb.alb_target_group_arn
 }
-
-# module "alb" {
-# #  count = 0
-#   source = "./components/application_load_balancer"
-#   vpc_id = local.vpc_id
-# }
-# │
-
-
-#output launch_template_id {
-#  value = module.lt.launch_template_id
-#}
-
-output security_group_id {
-  value = module.security.security_group_id
-}
-
-output alb {
-  value = module.alb
-}

From 1063aed4b6e1d9d479b224d2a598cb20689b8bc4 Mon Sep 17 00:00:00 2001
From: mike dupont <mike.dupont@introspector.local>
Date: Mon, 16 Dec 2024 19:39:53 -0500
Subject: [PATCH 29/39] now applying

---
 .../application_load_balancer/https/main.tf          | 12 ++++++++----
 .../components/application_load_balancer/main.tf     | 12 +++++++++++-
 .../application_load_balancer/route53/main.tf        |  2 +-
 3 files changed, 20 insertions(+), 6 deletions(-)

diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/https/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/https/main.tf
index 171f170..1d97095 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/https/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/https/main.tf
@@ -1,9 +1,14 @@
+variable alb_arn{}
+variable domain_name{}
+variable zone_id{}
+variable aws_lb_target_group_arn{}
+
 module "acm" {
 #  count = 0
   source  = "terraform-aws-modules/acm/aws"
   version = "~> 4.0"
   domain_name = var.domain_name
-  zone_id     = aws_route53_zone.primary.zone_id
+  zone_id     = var.zone_id
   subject_alternative_names = [
     "*.${var.domain_name}"
   ]
@@ -15,7 +20,7 @@ resource "aws_lb_listener" "this" {
   protocol                    = "HTTPS"
   ssl_policy                  = "ELBSecurityPolicy-TLS13-1-2-Res-2021-06"
   certificate_arn             = module.acm.acm_certificate_arn
-  load_balancer_arn = module.alb.arn
+  load_balancer_arn = var.alb_arn
   #additional_certificate_arns = [module.wildcard_cert.acm_certificate_arn]
   #     #forward = {
   #       #target_group_key = "ex-swarms-instance"
@@ -23,10 +28,9 @@ resource "aws_lb_listener" "this" {
   # 	#target_group = []
 
   default_action {
-    target_group_arn =aws_lb_target_group.this.arn
+    target_group_arn =var.aws_lb_target_group_arn
     #module.alb.target_groups["ex-lambda-with-trigger"].arn
     #length(try(default_action.value.target_groups, [])) > 0 ? null : try(default_action.value.arn, aws_lb_target_group.this[default_action.value.target_group_key].arn, null)
     type             = "forward"
   }
 }
-
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf
index b5c33cf..5762415 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/main.tf
@@ -1,7 +1,7 @@
 variable  vpc_id  {}
 variable  security_group_id    {} #   = local.name
 variable  name    {} #   = local.name
-variable  domain_name    {} #   = local.name
+variable  domain_name  {}
 variable  public_subnets {} #= module.vpc.public_subnets
 
 data "aws_availability_zones" "available" {}
@@ -52,6 +52,16 @@ module "tg" {
   vpc_id  = var.vpc_id # module.vpc.vpc_id
 }
 
+module "https" {
+  source = "./https/"
+  #  vpc_id  = var.vpc_id # module.vpc.vpc_id
+  zone_id     = module.route53.primary_zone_id
+  domain_name = var.domain_name
+  alb_arn = module.alb.arn
+  aws_lb_target_group_arn = module.tg.alb_target_group_arn
+  #aws_lb_target_group.this.arn
+}
+
 
 output alb_target_group_arn {
   value = module.tg.alb_target_group_arn
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/route53/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/route53/main.tf
index b29c4e2..697bffa 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/route53/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/route53/main.tf
@@ -31,6 +31,6 @@ output cname {
 output zone {
   value = data.aws_route53_zone.primary
 }
-output zone_id {
+output primary_zone_id {
   value = data.aws_route53_zone.primary.zone_id
 }

From 06f9a86606ea184d716e64fdd9b7854f1dbc49d7 Mon Sep 17 00:00:00 2001
From: mike dupont <mike.dupont@introspector.local>
Date: Tue, 17 Dec 2024 06:45:45 -0500
Subject: [PATCH 30/39] adding readme

---
 accounts/swarms/Readme.md | 60 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 60 insertions(+)
 create mode 100644 accounts/swarms/Readme.md

diff --git a/accounts/swarms/Readme.md b/accounts/swarms/Readme.md
new file mode 100644
index 0000000..db2cd84
--- /dev/null
+++ b/accounts/swarms/Readme.md
@@ -0,0 +1,60 @@
+
+# credentials
+
+set up ~/.aws/credentials
+```
+[swarms]
+aws_access_key_id =${your key}
+aws_secret_access_key=${your SECRET}
+```
+
+# install opentofu or terraform
+# install aws cli
+# install aws ssm plugin
+
+# create openai secret token
+
+TODO:
+`aws ssm set-parameter     --name "swarms_openai_key"`
+
+# tofu init
+# tofu plan
+# tofu apply
+point the dns api.swarms.ai at the dns servers in godaddy
+
+`tofu state show module.swarms_api.module.alb.module.route53.data.aws_route53_zone.primary`
+
+```terraform
+# module.swarms_api.module.alb.module.route53.data.aws_route53_zone.primary:
+data "aws_route53_zone" "primary" {
+    arn                       = "arn:aws:route53:::hostedzone/Z04162952OP7P14Z97UWY"
+    caller_reference          = "937599df-113d-4b02-8c75-4a20f8e6293e"
+    id                        = "Z04162952OP7P14Z97UWY"
+    name                      = "api.swarms.ai"
+    name_servers              = [
+        "ns-864.awsdns-44.net",
+        "ns-1595.awsdns-07.co.uk",
+        "ns-1331.awsdns-38.org",
+        "ns-463.awsdns-57.com",
+    ]
+    primary_name_server       = "ns-864.awsdns-44.net"
+    private_zone              = false
+    resource_record_set_count = 3
+    tags                      = {}
+    zone_id                   = "Z04162952OP7P14Z97UWY"
+}
+```
+so we need 4 records
+
+1. NS api -> "ns-864.awsdns-44.net"
+2. NS api -> "ns-1595.awsdns-07.co.uk"
+3. NS api -> "ns-1331.awsdns-38.org"
+4. NS api -> "ns-463.awsdns-57.com"
+
+see youtube or 
+https://youtu.be/3BI6_gq-lSU
+https://dev.to/diegop0s/managing-your-godaddy-domain-with-route53-5f2p
+
+# tofu apply
+
+`tofu apply`

From 464cc1c227a794949495b0cdba76b63a772e08c0 Mon Sep 17 00:00:00 2001
From: mike dupont <mike.dupont@introspector.local>
Date: Wed, 18 Dec 2024 09:32:43 -0500
Subject: [PATCH 31/39] insecure listener and updated instructions

---
 accounts/swarms/Readme.md                     | 117 ++++++++++++++++--
 .../application_load_balancer/https/main.tf   |  12 ++
 .../us-east-1/components/dns_entry/Readme.md  |   1 -
 3 files changed, 121 insertions(+), 9 deletions(-)
 delete mode 100644 environments/swarms-aws-agent-api/dev/us-east-1/components/dns_entry/Readme.md

diff --git a/accounts/swarms/Readme.md b/accounts/swarms/Readme.md
index db2cd84..fc96012 100644
--- a/accounts/swarms/Readme.md
+++ b/accounts/swarms/Readme.md
@@ -46,14 +46,115 @@ data "aws_route53_zone" "primary" {
 ```
 so we need 4 records
 
-1. NS api -> "ns-864.awsdns-44.net"
-2. NS api -> "ns-1595.awsdns-07.co.uk"
-3. NS api -> "ns-1331.awsdns-38.org"
-4. NS api -> "ns-463.awsdns-57.com"
-
-see youtube or 
-https://youtu.be/3BI6_gq-lSU
-https://dev.to/diegop0s/managing-your-godaddy-domain-with-route53-5f2p
+1. NS api.swarms.ai -> "ns-864.awsdns-44.net"
+2. NS api.swarms.ai -> "ns-1595.awsdns-07.co.uk"
+3. NS api.swarms.ai -> "ns-1331.awsdns-38.org"
+4. NS api.swarms.ai -> "ns-463.awsdns-57.com"
+
+see forum  https://repost.aws/questions/QULXL3STgjQtefiJ_q0BixXA/configure-godaddy-subdomain-to-route53
+
+it says ns records need fqdn!
+
+```
+dig NS api.swarms.ai @97.74.103.14
+
+; <<>> DiG 9.18.28-0ubuntu0.22.04.1-Ubuntu <<>> NS api.swarms.ai @97.74.103.14
+;; global options: +cmd
+;; Got answer:
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42722
+;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1
+;; WARNING: recursion requested but not available
+
+;; OPT PSEUDOSECTION:
+; EDNS: version: 0, flags:; udp: 1232
+;; QUESTION SECTION:
+;api.swarms.ai.			IN	NS
+
+;; AUTHORITY SECTION:
+api.swarms.ai.		3600	IN	NS	ns-1912.awsdns-47.co.uk.
+api.swarms.ai.		3600	IN	NS	ns-184.awsdns-23.com.
+api.swarms.ai.		3600	IN	NS	ns-598.awsdns-10.net.
+api.swarms.ai.		3600	IN	NS	ns-1175.awsdns-18.org.
+
+;; Query time: 5 msec
+;; SERVER: 97.74.103.14#53(97.74.103.14) (UDP)
+;; WHEN: Wed Dec 18 09:20:45 EST 2024
+;; MSG SIZE  rcvd: 182
+```
+
+```
+mdupont@mdupont-G470:~/swarms-terraform/accounts/swarms$ dig NS api.swarms.ai +trace
+
+; <<>> DiG 9.18.28-0ubuntu0.22.04.1-Ubuntu <<>> NS api.swarms.ai +trace
+;; global options: +cmd
+.			198100	IN	NS	b.root-servers.net.
+.			198100	IN	NS	j.root-servers.net.
+.			198100	IN	NS	a.root-servers.net.
+.			198100	IN	NS	d.root-servers.net.
+.			198100	IN	NS	c.root-servers.net.
+.			198100	IN	NS	g.root-servers.net.
+.			198100	IN	NS	l.root-servers.net.
+.			198100	IN	NS	i.root-servers.net.
+.			198100	IN	NS	h.root-servers.net.
+.			198100	IN	NS	f.root-servers.net.
+.			198100	IN	NS	e.root-servers.net.
+.			198100	IN	NS	m.root-servers.net.
+.			198100	IN	NS	k.root-servers.net.
+;; Received 811 bytes from 127.0.0.53#53(127.0.0.53) in 10 ms
+
+ai.			172800	IN	NS	v0n0.nic.ai.
+ai.			172800	IN	NS	v0n1.nic.ai.
+ai.			172800	IN	NS	v0n2.nic.ai.
+ai.			172800	IN	NS	v0n3.nic.ai.
+ai.			172800	IN	NS	v2n0.nic.ai.
+ai.			172800	IN	NS	v2n1.nic.ai.
+ai.			86400	IN	DS	44137 8 2 7886BD35ED745DCA983D951A643495B929B3A7676A88C682EF88EB6F EDBDB253
+ai.			86400	IN	DS	3799 8 2 8A8030D4661AE6FCF417349682AC058648371002E70E717E4CF2F11F 83543385
+ai.			86400	IN	RRSIG	DS 8 1 86400 20241231050000 20241218040000 61050 . chqcZJHy4mAsB6DryQAHcvFBsUDVkhHQStDq65NbEXoeo+sfNsRWVpGV qyibbDL8nLY0QDOifh5EXu1Mnf6ZXqs8NPaPBEwCpA9oVmRA0t3vG2th jrDhKY77f4iL4ovMQLBSYbF5x61HnFZXcgyI22YDbbChsC6rCwmNJnwj sldGSNknyRy4ytEwbsWYquRmXIzSHJ2O9lMw1l/vUHpw9/xo6k26TyhZ 3bydt6Sg/e56zwevU0oW1sRpR9aKwn4x/0X0txKmUo+2wWtJr/GXLJ28 uWIuEF71Tvg2QKM0XqZ2CLeURCkU3v4sV92vKQ3rY0GkMiKKlWYFaC8Q Ev4+0A==
+;; Received 807 bytes from 199.7.91.13#53(d.root-servers.net) in 11 ms
+
+;; communications error to 2001:500:a4::1#53: timed out
+;; communications error to 2001:500:a4::1#53: timed out
+;; communications error to 2001:500:a4::1#53: timed out
+;; communications error to 2001:500:a1::1#53: timed out
+;; communications error to 2001:500:a2::1#53: timed out
+;; communications error to 2001:500:a5::1#53: timed out
+swarms.ai.		3600	IN	NS	ns27.domaincontrol.com.
+swarms.ai.		3600	IN	NS	ns28.domaincontrol.com.
+58cj07tk4r4uuu6m10c83sia655jfil6.ai. 86400 IN NSEC3 1 1 0 73 58MDDLU23QVIIIQ5GPLB3A6K7OB4F5JH NS SOA TXT RRSIG DNSKEY NSEC3PARAM ZONEMD
+jib3vggauf3u1alb3kfuqrcjo6a0v2hq.ai. 86400 IN NSEC3 1 1 0 73 JIGGLMUFEJ6D5CFLQAC5CFQICTP7IJTE NS DS RRSIG
+58cj07tk4r4uuu6m10c83sia655jfil6.ai. 86400 IN RRSIG NSEC3 8 2 86400 20250108141827 20241218131827 6279 ai. r8VEiuIyhowQ2sXxszJEgCBMnMEkyboj418iO/jJfUKxWM408IJTSiuO aALz97JNhHMyzPxScRCO+Vcr3EOuoBknhiO5oO9w7UDnuzxNRyPuevV6 WdloLDUc3GRKSPxWom4/Dh+yaMTBXr2xiDDpIvmAElU5q1oGceB+5wWf 4i4=
+jib3vggauf3u1alb3kfuqrcjo6a0v2hq.ai. 86400 IN RRSIG NSEC3 8 2 86400 20250107151955 20241217141955 6279 ai. vyYgTKyNXo+kYzRoc0zYeR544efw1GPI4br3GtS4lRaUwzc3sEFKtoyo /nNGBWKgnYxlWyhrAgTvCQTLO1Qt6uJWyHVcog+6hcVcbeFsL6whp/u8 LKHOtSFg2C/FzqP3JktiSPO5CcQh6WiBik2KXhkD00lMjXfStciqk9nP osk=
+;; Received 583 bytes from 199.115.156.1#53(v2n0.nic.ai) in 22 ms
+
+api.swarms.ai.		3600	IN	NS	ns-1912.awsdns-47.co.uk.
+api.swarms.ai.		3600	IN	NS	ns-184.awsdns-23.com.
+api.swarms.ai.		3600	IN	NS	ns-598.awsdns-10.net.
+api.swarms.ai.		3600	IN	NS	ns-1175.awsdns-18.org.
+;; Received 182 bytes from 173.201.71.14#53(ns28.domaincontrol.com) in 5 ms
+
+;; Received 31 bytes from 205.251.199.120#53(ns-1912.awsdns-47.co.uk) in 4 ms
+```
+
+https://toolbox.googleapps.com/apps/dig/#ANY/ returns 
+for swarms.ai this:
+```
+id 44700
+opcode QUERY
+rcode NOERROR
+flags QR RD RA
+;QUESTION
+swarms.ai. IN ANY
+;ANSWER
+swarms.ai. 3600 IN A 15.197.225.128
+swarms.ai. 3600 IN A 3.33.251.168
+swarms.ai. 3600 IN NS ns28.domaincontrol.com.
+swarms.ai. 3600 IN NS ns27.domaincontrol.com.
+swarms.ai. 3600 IN SOA ns27.domaincontrol.com. dns.jomax.net. 2024121702 28800 7200 604800 600
+swarms.ai. 3600 IN TXT "google-site-verification=VlUvNHJo0LQzJzm7SIwMzYLB7-Rexx4yxcSJKh0VtjE"
+;AUTHORITY
+;ADDITIONAL
+```
 
 # tofu apply
 
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/https/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/https/main.tf
index 1d97095..3be5b7c 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/https/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/application_load_balancer/https/main.tf
@@ -9,6 +9,7 @@ module "acm" {
   version = "~> 4.0"
   domain_name = var.domain_name
   zone_id     = var.zone_id
+  wait_for_validation = false
   subject_alternative_names = [
     "*.${var.domain_name}"
   ]
@@ -16,6 +17,7 @@ module "acm" {
 
 ## now we just lift the listener code
 resource "aws_lb_listener" "this" {
+  count = 0
   port                        = 443
   protocol                    = "HTTPS"
   ssl_policy                  = "ELBSecurityPolicy-TLS13-1-2-Res-2021-06"
@@ -34,3 +36,13 @@ resource "aws_lb_listener" "this" {
     type             = "forward"
   }
 }
+
+resource "aws_lb_listener" "insecure" {
+  port                        = 80
+  protocol                    = "HTTP"
+  load_balancer_arn = var.alb_arn
+  default_action {
+    target_group_arn =var.aws_lb_target_group_arn
+    type             = "forward"
+  }
+}
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/dns_entry/Readme.md b/environments/swarms-aws-agent-api/dev/us-east-1/components/dns_entry/Readme.md
deleted file mode 100644
index f725191..0000000
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/dns_entry/Readme.md
+++ /dev/null
@@ -1 +0,0 @@
-dns_entry

From 334207b9adda8ecaec001a79970d5be224bd62b4 Mon Sep 17 00:00:00 2001
From: mike dupont <mike.dupont@introspector.local>
Date: Wed, 18 Dec 2024 10:28:11 -0500
Subject: [PATCH 32/39] building ami

---
 .../components/machine_image/Readme.md        |  9 +++++++
 .../machine_image/ubuntu-fastapi.pkr.hcl      | 26 +++++++++++--------
 2 files changed, 24 insertions(+), 11 deletions(-)

diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/Readme.md b/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/Readme.md
index 69b85c3..61cd739 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/Readme.md
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/Readme.md
@@ -7,3 +7,12 @@ aws ec2 describe-images --owners 099720109477 > images.json
 * 
   
 tofu state rm "module.ec2.aws_spot_instance_request.this[0]"
+
+# packer build
+
+```
+packer init -upgrade ./ubuntu-fastapi.pkr.hcl 
+packer fmt ./ubuntu-fastapi.pkr.hcl 
+export AWS_DEFAULT_PROFILE=swarms 
+packer build ./ubuntu-fastapi.pkr.hcl 
+```
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/ubuntu-fastapi.pkr.hcl b/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/ubuntu-fastapi.pkr.hcl
index c1d05aa..b0c95a5 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/ubuntu-fastapi.pkr.hcl
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/ubuntu-fastapi.pkr.hcl
@@ -1,29 +1,33 @@
 packer {
   required_plugins {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 3.0.0"
+    amazon = {
+      version = ">= 1.2.8"
+      source  = "github.com/hashicorp/amazon"
     }
   }
 }
 
 source "amazon-ebs" "ubuntu" {
-  ami_name      = "ubuntu-fastapi-{{timestamp}}"
-  instance_type = "t2.micro" 
-  region        = "us-east-1" 
-  source_ami    = "ami-0c55b159cbfafe1f0" # Ubuntu 20.04 LTS
+  ami_name      = "ubuntu-swarms-{{timestamp}}"
+  instance_type = "t2.medium"
+  region        = "us-east-2"
+  source_ami    = "ami-0325b9a2dfb474b2d" # Ubuntu 20.04 LTS
   ssh_username  = "ubuntu"
   
+}
+
+build {
   provisioner "shell" {
     inline = [
       "sudo apt-get update",
       "sudo apt-get install -y python3 python3-pip git",
-      "pip3 install fastapi uvicorn", 
-      "git clone https://github.com/yourusername/your-fastapi-module.git /app"
+      "export HOME=/root",
+      "sudo apt-get install -y ec2-instance-connect git virtualenv",
+      "sudo git clone https://github.com/jmikedupont2/swarms '/opt/swarms/'",
+      "cd /opt/swarms/; sudo git checkout --force feature/ec2",
+      "sudo bash -x /opt/swarms/api/install.sh"
     ]
   }
-}
 
-build {
   sources = ["source.amazon-ebs.ubuntu"]
 }

From 79ec0b3a8f4f66a898f5dded9ba3048a3e44db7f Mon Sep 17 00:00:00 2001
From: mike dupont <mike.dupont@introspector.local>
Date: Wed, 18 Dec 2024 10:36:21 -0500
Subject: [PATCH 33/39] now larger drive

---
 .../components/machine_image/ubuntu-fastapi.pkr.hcl        | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/ubuntu-fastapi.pkr.hcl b/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/ubuntu-fastapi.pkr.hcl
index b0c95a5..d7933e7 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/ubuntu-fastapi.pkr.hcl
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/ubuntu-fastapi.pkr.hcl
@@ -13,7 +13,12 @@ source "amazon-ebs" "ubuntu" {
   region        = "us-east-2"
   source_ami    = "ami-0325b9a2dfb474b2d" # Ubuntu 20.04 LTS
   ssh_username  = "ubuntu"
-  
+  launch_block_device_mappings {
+    device_name = "/dev/sda1"
+    volume_size = 30
+    volume_type = "gp3"
+    delete_on_termination = true
+  }  
 }
 
 build {

From ada7442aa07b8ef7ee3c8fedd486b5e0470e5893 Mon Sep 17 00:00:00 2001
From: mike dupont <mike.dupont@introspector.local>
Date: Wed, 18 Dec 2024 10:57:53 -0500
Subject: [PATCH 34/39] new ami asg

---
 .../dev/us-east-1/main.tf                     | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf
index c811e52..3c18c88 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf
@@ -16,9 +16,8 @@ variable name {}
 
 
 locals {
-#  ami_id  = data.aws_ami.ami.id
   ami_id  = var.ami_id
-  
+  new_ami_id = "ami-08093b6770af41b14" # environments/swarms-aws-agent-api/dev/us-east-1/components/machine_image/Readme.md
 }
 
 # SLOW
@@ -145,3 +144,19 @@ module "asg_dynamic" {
   launch_template_id   = module.lt_dynamic[each.key].launch_template_id
   target_group_arn = module.alb.alb_target_group_arn
 }
+
+module "asg_dynamic_new_ami" {
+  # built with packer
+  tags = local.tags
+  vpc_id = local.vpc_id
+  image_id = local.new_ami_id
+  ec2_subnet_id = module.vpc.ec2_public_subnet_id_1
+  for_each = toset(var.instance_types)
+  aws_iam_instance_profile_ssm_arn = aws_iam_instance_profile.ssm.arn
+  source              = "./components/autoscaling_group"
+#  security_group_id   = module.security.internal_security_group_id
+  instance_type       = each.key
+  name       = "swarms-ami-${each.key}"
+  launch_template_id   = module.lt_dynamic[each.key].launch_template_id
+  target_group_arn = module.alb.alb_target_group_arn
+}

From 2e59cc291eaf5ac23deffbb1450954050d55ec72 Mon Sep 17 00:00:00 2001
From: mike dupont <mike.dupont@introspector.local>
Date: Wed, 18 Dec 2024 12:51:43 -0500
Subject: [PATCH 35/39] loading

---
 .../dev/us-east-1/components/Readme.md        |  21 ++--
 .../dev/us-east-1/components/roles/main.tf    | 108 ++++++++++++++++++
 .../dev/us-east-1/main.tf                     |  62 ++++------
 3 files changed, 143 insertions(+), 48 deletions(-)
 create mode 100644 environments/swarms-aws-agent-api/dev/us-east-1/components/roles/main.tf

diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/Readme.md b/environments/swarms-aws-agent-api/dev/us-east-1/components/Readme.md
index 92f42ec..2faa66c 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/Readme.md
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/Readme.md
@@ -2,24 +2,27 @@
 ## Phase 1
 
 0. create standard vpc with a private network to host ec2, 
-this uses a natgw that costs money https://aws.amazon.com/vpc/pricing/
 so we will put the intances in public for now and use security groups to limit access.
-
 1. create minimal ec2 instance in machine_image
-
-terraform  for ubuntu python uvicorn fastapi nginx systemd server with custom git modules
-
+terraform  for ubuntu python uvicorn fastapi nginx systemd server with custom code pulled in via git
 2. create minimal ec2 ami from instance in machine_image
 3. create autoscaling_group of size 1 for image
 4. create application load balancer
 5. create dns_entry
+6. packer ami for ubuntu python uvicorn fastapi nginx systemd server with custom git modules
 
 
 # todo 
 
+0. run_only to only run the server without installing everything
 1.  alb sticky sessions :send users back to server via sticky sessions or some id.
 2. create cognito user pool for login
-7. create work_queue
-8. create lambda_workers on queue
-9. create resource_launchers to create new resources.
-10. packer ami for ubuntu python uvicorn fastapi nginx systemd server with custom git modules
+4. create work_queue
+5. create lambda_workers on queue
+6. create resource_launchers to create new resources.
+7. use fine grained roles
+https://github.com/cloudposse/terraform-aws-ssm-iam-role.git
+8. create user home directories for different agent
+9. look at  natgw alternatives
+that costs money https://aws.amazon.com/vpc/pricing/
+
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/roles/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/roles/main.tf
new file mode 100644
index 0000000..e57aca8
--- /dev/null
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/roles/main.tf
@@ -0,0 +1,108 @@
+variable tags {}
+# data "aws_iam_policy_document" "assume_role" {
+#   statement {
+#     effect  = "Allow"
+#     actions = ["sts:AssumeRole"]
+
+#     principals {
+#       type        = "Service"
+#       identifiers = ["ec2.amazonaws.com"]
+#     }
+#   }
+
+#   statement {
+#     effect  = "Allow"
+#     actions = ["sts:AssumeRole"]
+
+#     principals {
+#       type        = "AWS"
+#       identifiers = ["${var.assume_role_arns}"]
+#     }
+#   }
+# }
+
+data "aws_iam_policy_document" "default" {
+  statement {
+    actions   = ["ssm:DescribeParameters"]
+    resources = ["*"]
+    effect    = "Allow"
+  }
+
+#  statement {
+#    actions   = ["${var.ssm_actions}"]
+#    resources = ["${formatlist("arn:aws:ssm:%s:%s:parameter/%s", var.region, var.account_id, var.ssm_parameters)}"]
+#    effect    = "Allow"
+#  }
+
+  # statement {
+  #   actions   = ["kms:Decrypt"]
+  #   resources = ["${data.aws_kms_key.default.arn}"]
+  #   effect    = "Allow"
+  # }
+}
+
+resource "aws_iam_policy" "default" {
+  name        = "swarms-ssm"
+  description = "Allow SSM actions"
+  policy      = data.aws_iam_policy_document.default.json
+}
+
+
+resource "aws_iam_role_policy_attachment" "default" {
+#  count = local.policy_only
+  role       = join("", aws_iam_role.ssm.*.name)
+  policy_arn = join("", aws_iam_policy.default.*.arn)
+}
+
+resource "aws_iam_role_policy_attachment" "SSM-role-policy-attach" {
+  role       = join("", aws_iam_role.ssm.*.name)
+  policy_arn = data.aws_iam_policy.AmazonSSMManagedInstanceCore.arn
+}
+
+
+####
+# resource "aws_iam_role" "default" {
+# #  count = local.policy_only
+
+#   name                 = "swarms-ssm"
+#   assume_role_policy   = join("", data.aws_iam_policy_document.assume_role.*.json)
+#   description          = "IAM Role with permissions to perform actions on SSM resources"
+#   max_session_duration = var.max_session_duration
+# }
+data "aws_iam_policy" "AmazonSSMManagedInstanceCore" {
+  arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
+}
+
+resource "aws_iam_role" "ssm" {
+  name = "ssm-swarms-role"
+  tags = var.tags
+
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17",
+    Statement = [
+      {
+        Action = "sts:AssumeRole",
+        Principal = {
+          Service = "ec2.amazonaws.com"
+        },
+        Effect = "Allow",
+        Sid    = ""
+      }
+    ]
+  })
+}
+
+resource "aws_iam_instance_profile" "ssm" {
+  name = "ssm-swarms-profile"
+  role = aws_iam_role.ssm.name
+  tags = var.tags
+}
+
+
+output ssm_profile_name {
+  value = aws_iam_instance_profile.ssm.name
+}
+
+output ssm_profile_arn {
+  value = aws_iam_instance_profile.ssm.arn
+}
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf
index 3c18c88..20fcd0c 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf
@@ -69,29 +69,10 @@ variable "instance_types" {
   ]
 }
 
-resource "aws_iam_role" "ssm" {
-  name = "ssm-${local.name}"
-  tags = var.tags
-
-  assume_role_policy = jsonencode({
-    Version = "2012-10-17",
-    Statement = [
-      {
-        Action = "sts:AssumeRole",
-        Principal = {
-          Service = "ec2.amazonaws.com"
-        },
-        Effect = "Allow",
-        Sid    = ""
-      }
-    ]
-  })
-}
 
-resource "aws_iam_instance_profile" "ssm" {
-  name = "ssm-${var.name}"
-  role = aws_iam_role.ssm.name
-  tags = var.tags
+module "roles" {
+  source = "./components/roles"
+  tags = local.tags 
 }
 
 module "lt_dynamic" {
@@ -103,7 +84,8 @@ module "lt_dynamic" {
   ami_id = var.ami_id
   tags= local.tags
   source = "./components/launch_template"
-  iam_instance_profile_name = aws_iam_instance_profile.ssm.name
+  iam_instance_profile_name = module.roles.ssm_profile_name
+  #aws_iam_instance_profile.ssm.name
 }
 
 output security_group_id {
@@ -136,7 +118,8 @@ module "asg_dynamic" {
   image_id = local.ami_id
   ec2_subnet_id = module.vpc.ec2_public_subnet_id_1
   for_each = toset(var.instance_types)
-  aws_iam_instance_profile_ssm_arn = aws_iam_instance_profile.ssm.arn
+  aws_iam_instance_profile_ssm_arn = module.roles.ssm_profile_arn
+  #iam_instance_profile_name = module.roles.ssm_profile_name
   source              = "./components/autoscaling_group"
 #  security_group_id   = module.security.internal_security_group_id
   instance_type       = each.key
@@ -145,18 +128,19 @@ module "asg_dynamic" {
   target_group_arn = module.alb.alb_target_group_arn
 }
 
-module "asg_dynamic_new_ami" {
-  # built with packer
-  tags = local.tags
-  vpc_id = local.vpc_id
-  image_id = local.new_ami_id
-  ec2_subnet_id = module.vpc.ec2_public_subnet_id_1
-  for_each = toset(var.instance_types)
-  aws_iam_instance_profile_ssm_arn = aws_iam_instance_profile.ssm.arn
-  source              = "./components/autoscaling_group"
-#  security_group_id   = module.security.internal_security_group_id
-  instance_type       = each.key
-  name       = "swarms-ami-${each.key}"
-  launch_template_id   = module.lt_dynamic[each.key].launch_template_id
-  target_group_arn = module.alb.alb_target_group_arn
-}
+# module "asg_dynamic_new_ami" {
+#   # built with packer
+#   #count =0
+#   tags = local.tags
+#   vpc_id = local.vpc_id
+#   image_id = local.new_ami_id
+#   ec2_subnet_id = module.vpc.ec2_public_subnet_id_1
+#   for_each = toset(var.instance_types)
+#   aws_iam_instance_profile_ssm_arn = module.roles.ssm_profile_arn  
+#   source              = "./components/autoscaling_group"
+# #  security_group_id   = module.security.internal_security_group_id
+#   instance_type       = each.key
+#   name       = "swarms-ami-${each.key}"
+#   launch_template_id   = module.lt_dynamic[each.key].launch_template_id
+#   target_group_arn = module.alb.alb_target_group_arn
+# }

From c38d39431778e6e66db09324cbfb94534f372dab Mon Sep 17 00:00:00 2001
From: mike dupont <mike.dupont@introspector.local>
Date: Wed, 18 Dec 2024 13:17:37 -0500
Subject: [PATCH 36/39] new installer

---
 .../dev/us-east-1/components/Readme.md        |  2 +-
 .../components/launch_template/main.tf        |  3 +-
 .../dev/us-east-1/main.tf                     | 47 ++++++++++++-------
 3 files changed, 34 insertions(+), 18 deletions(-)

diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/Readme.md b/environments/swarms-aws-agent-api/dev/us-east-1/components/Readme.md
index 2faa66c..6d38230 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/Readme.md
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/Readme.md
@@ -25,4 +25,4 @@ https://github.com/cloudposse/terraform-aws-ssm-iam-role.git
 8. create user home directories for different agent
 9. look at  natgw alternatives
 that costs money https://aws.amazon.com/vpc/pricing/
-
+10. check in copy of swagger
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/launch_template/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/launch_template/main.tf
index 09801f7..d73c20f 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/launch_template/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/launch_template/main.tf
@@ -1,3 +1,4 @@
+variable install_script {}
 variable iam_instance_profile_name {}
 variable security_group_id {}
 variable name {}
@@ -63,7 +64,7 @@ resource "aws_launch_template" "ec2_launch_template" {
   export BRANCH=feature/ec2
   git stash
   git checkout --force $BRANCH
-  bash -x /opt/swarms/api/install.sh
+  bash -x ${var.install_script}
   EOF
     )
   tags = var.tags  
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf
index 20fcd0c..b2ce76f 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf
@@ -86,6 +86,21 @@ module "lt_dynamic" {
   source = "./components/launch_template"
   iam_instance_profile_name = module.roles.ssm_profile_name
   #aws_iam_instance_profile.ssm.name
+  install_script = "/opt/swarms/api/install.sh"
+}
+
+module "lt_dynamic_ami" {
+  vpc_id = local.vpc_id
+  for_each = toset(var.instance_types)
+  instance_type       = each.key
+  name       = "swarms-size-${each.key}"
+  security_group_id = module.security.internal_security_group_id
+  ami_id = var.ami_id
+  tags= local.tags
+  source = "./components/launch_template"
+  iam_instance_profile_name = module.roles.ssm_profile_name
+  #aws_iam_instance_profile.ssm.name
+  install_script = "/opt/swarms/api/just_run.sh"
 }
 
 output security_group_id {
@@ -128,19 +143,19 @@ module "asg_dynamic" {
   target_group_arn = module.alb.alb_target_group_arn
 }
 
-# module "asg_dynamic_new_ami" {
-#   # built with packer
-#   #count =0
-#   tags = local.tags
-#   vpc_id = local.vpc_id
-#   image_id = local.new_ami_id
-#   ec2_subnet_id = module.vpc.ec2_public_subnet_id_1
-#   for_each = toset(var.instance_types)
-#   aws_iam_instance_profile_ssm_arn = module.roles.ssm_profile_arn  
-#   source              = "./components/autoscaling_group"
-# #  security_group_id   = module.security.internal_security_group_id
-#   instance_type       = each.key
-#   name       = "swarms-ami-${each.key}"
-#   launch_template_id   = module.lt_dynamic[each.key].launch_template_id
-#   target_group_arn = module.alb.alb_target_group_arn
-# }
+module "asg_dynamic_new_ami" {
+  # built with packer
+  #count =0
+  tags = local.tags
+  vpc_id = local.vpc_id
+  image_id = local.new_ami_id
+  ec2_subnet_id = module.vpc.ec2_public_subnet_id_1
+  for_each = toset(var.instance_types)
+  aws_iam_instance_profile_ssm_arn = module.roles.ssm_profile_arn  
+  source              = "./components/autoscaling_group"
+#  security_group_id   = module.security.internal_security_group_id
+  instance_type       = each.key
+  name       = "swarms-ami-${each.key}"
+  launch_template_id   = module.lt_dynamic_ami[each.key].launch_template_id
+  target_group_arn = module.alb.alb_target_group_arn
+}

From 45f8b3886682e29875e784a49cc7a9535ace61c2 Mon Sep 17 00:00:00 2001
From: mike dupont <mike.dupont@introspector.local>
Date: Wed, 18 Dec 2024 14:22:25 -0500
Subject: [PATCH 37/39] update

---
 .../swarms-aws-agent-api/dev/us-east-1/components/Readme.md   | 4 ++++
 .../dev/us-east-1/components/launch_template/main.tf          | 1 +
 environments/swarms-aws-agent-api/dev/us-east-1/main.tf       | 4 ++--
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/Readme.md b/environments/swarms-aws-agent-api/dev/us-east-1/components/Readme.md
index 6d38230..974840d 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/Readme.md
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/Readme.md
@@ -26,3 +26,7 @@ https://github.com/cloudposse/terraform-aws-ssm-iam-role.git
 9. look at  natgw alternatives
 that costs money https://aws.amazon.com/vpc/pricing/
 10. check in copy of swagger
+
+11. swarms router
+12. fluid api
+13. agent service discovery
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/launch_template/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/launch_template/main.tf
index d73c20f..8a3a5b6 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/launch_template/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/launch_template/main.tf
@@ -64,6 +64,7 @@ resource "aws_launch_template" "ec2_launch_template" {
   export BRANCH=feature/ec2
   git stash
   git checkout --force $BRANCH
+  git pull # get the latest version
   bash -x ${var.install_script}
   EOF
     )
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf
index b2ce76f..7def66e 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf
@@ -93,9 +93,9 @@ module "lt_dynamic_ami" {
   vpc_id = local.vpc_id
   for_each = toset(var.instance_types)
   instance_type       = each.key
-  name       = "swarms-size-${each.key}"
+  name       = "swarms-ami-${each.key}"
   security_group_id = module.security.internal_security_group_id
-  ami_id = var.ami_id
+  ami_id = local.new_ami_id
   tags= local.tags
   source = "./components/launch_template"
   iam_instance_profile_name = module.roles.ssm_profile_name

From 13621be1958536b23b438b2d6f4ab0e6b98b5c20 Mon Sep 17 00:00:00 2001
From: mike dupont <mike.dupont@introspector.local>
Date: Wed, 18 Dec 2024 14:42:30 -0500
Subject: [PATCH 38/39] remove the slow asg

---
 .../dev/us-east-1/main.tf                     | 31 ++++++++++---------
 1 file changed, 16 insertions(+), 15 deletions(-)

diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf
index 7def66e..a9ebc0b 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/main.tf
@@ -127,21 +127,22 @@ output alb {
 }
 
 
-module "asg_dynamic" {
-  tags = local.tags
-  vpc_id = local.vpc_id
-  image_id = local.ami_id
-  ec2_subnet_id = module.vpc.ec2_public_subnet_id_1
-  for_each = toset(var.instance_types)
-  aws_iam_instance_profile_ssm_arn = module.roles.ssm_profile_arn
-  #iam_instance_profile_name = module.roles.ssm_profile_name
-  source              = "./components/autoscaling_group"
-#  security_group_id   = module.security.internal_security_group_id
-  instance_type       = each.key
-  name       = "swarms-size-${each.key}"
-  launch_template_id   = module.lt_dynamic[each.key].launch_template_id
-  target_group_arn = module.alb.alb_target_group_arn
-}
+# this is the slow one, use the ami 
+# module "asg_dynamic" {
+#   tags = local.tags
+#   vpc_id = local.vpc_id
+#   image_id = local.ami_id
+#   ec2_subnet_id = module.vpc.ec2_public_subnet_id_1
+#   for_each = toset(var.instance_types)
+#   aws_iam_instance_profile_ssm_arn = module.roles.ssm_profile_arn
+#   #iam_instance_profile_name = module.roles.ssm_profile_name
+#   source              = "./components/autoscaling_group"
+# #  security_group_id   = module.security.internal_security_group_id
+#   instance_type       = each.key
+#   name       = "swarms-size-${each.key}"
+#   launch_template_id   = module.lt_dynamic[each.key].launch_template_id
+#   target_group_arn = module.alb.alb_target_group_arn
+# }
 
 module "asg_dynamic_new_ami" {
   # built with packer

From 06a8b418ee708ba06a51866590bcee79105a995e Mon Sep 17 00:00:00 2001
From: mike dupont <mike.dupont@introspector.local>
Date: Wed, 18 Dec 2024 19:50:30 -0500
Subject: [PATCH 39/39] simple autoscale policy

---
 .../dev/us-east-1/alb/main.tf                 |  0
 .../dev/us-east-1/asg/main.tf                 |  0
 .../components/autoscaling_group/main.tf      | 62 +++++++++++++++++++
 3 files changed, 62 insertions(+)
 delete mode 100644 environments/swarms-aws-agent-api/dev/us-east-1/alb/main.tf
 delete mode 100644 environments/swarms-aws-agent-api/dev/us-east-1/asg/main.tf

diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/alb/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/alb/main.tf
deleted file mode 100644
index e69de29..0000000
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/asg/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/asg/main.tf
deleted file mode 100644
index e69de29..0000000
diff --git a/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf b/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf
index e5e31ef..cfa945d 100644
--- a/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf
+++ b/environments/swarms-aws-agent-api/dev/us-east-1/components/autoscaling_group/main.tf
@@ -65,4 +65,66 @@ module "autoscaling" {
     }
   }
 
+    # Target scaling policy schedule based on average CPU load
+  scaling_policies = {
+    avg-cpu-policy-greater-than-50 = {
+      policy_type               = "TargetTrackingScaling"
+      estimated_instance_warmup = 1200
+      target_tracking_configuration = {
+        predefined_metric_specification = {
+          predefined_metric_type = "ASGAverageCPUUtilization"
+        }
+        target_value = 50.0
+      }
+    },
+    predictive-scaling = {
+      policy_type = "PredictiveScaling"
+      predictive_scaling_configuration = {
+        mode                         = "ForecastAndScale"
+        scheduling_buffer_time       = 10
+        max_capacity_breach_behavior = "IncreaseMaxCapacity"
+        max_capacity_buffer          = 10
+        metric_specification = {
+          target_value = 32
+          predefined_scaling_metric_specification = {
+            predefined_metric_type = "ASGAverageCPUUtilization"
+            resource_label         = "testLabel"
+          }
+          predefined_load_metric_specification = {
+            predefined_metric_type = "ASGTotalCPUUtilization"
+            resource_label         = "testLabel"
+          }
+        }
+      }
+    }
+    # request-count-per-target = {
+    #   policy_type               = "TargetTrackingScaling"
+    #   estimated_instance_warmup = 120
+    #   target_tracking_configuration = {
+    #     predefined_metric_specification = {
+    #       predefined_metric_type = "ALBRequestCountPerTarget"
+    #       resource_label         = "swarms1"
+    # 	  #"${module.alb.arn_suffix}/${module.alb.target_groups["ex_asg"].arn_suffix}"
+    #     }
+    #     target_value = 800
+    #   }
+    # }
+    scale-out = {
+      name                      = "scale-out"
+      adjustment_type           = "ExactCapacity"
+      policy_type               = "StepScaling"
+      estimated_instance_warmup = 120
+      step_adjustment = [
+        {
+          scaling_adjustment          = 1
+          metric_interval_lower_bound = 0
+          metric_interval_upper_bound = 10
+        },
+        {
+          scaling_adjustment          = 2
+          metric_interval_lower_bound = 10
+        }
+      ]
+    }
+  }
 }