From 0c9fcc0747b54f85aa5d0b33e58eb4bd1cc8e748 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Luis=20D=C3=ADaz?= <ldiazn98@gmail.com>
Date: Thu, 18 Jun 2026 11:03:20 +0200
Subject: [PATCH 1/2] Update fastpath2 to use fastpath module

---
 tf/environments/prod/main.tf | 59 +++++-------------------------------
 1 file changed, 7 insertions(+), 52 deletions(-)

diff --git a/tf/environments/prod/main.tf b/tf/environments/prod/main.tf
index c0d56f7d..0b10b5bd 100644
--- a/tf/environments/prod/main.tf
+++ b/tf/environments/prod/main.tf
@@ -954,72 +954,27 @@ module "ooni_fastpath" {
 }
 
 module "ooni_fastpath2" {
-  source = "../../modules/ec2"
+  source = "../../modules/ooni_fastpath"
 
-  stage = local.environment
+  name = "fastpath2"
+  env  = local.environment
 
   vpc_id              = module.network.vpc_id
   subnet_id           = module.network.vpc_subnet_public[0].id
   private_subnet_cidr = module.network.vpc_subnet_private[*].cidr_block
+  public_subnet_cidr  = module.network.vpc_subnet_public[*].cidr_block
   dns_zone_ooni_io    = local.dns_zone_ooni_io
 
   key_name      = module.adm_iam_roles.oonidevops_key_name
   instance_type = "c6i.large"
 
-  name = "oonifastpath2"
-  ingress_rules = [{
-    from_port   = 22,
-    to_port     = 22,
-    protocol    = "tcp",
-    cidr_blocks = ["0.0.0.0/0"],
-    }, {
-    from_port   = 8472,
-    to_port     = 8472,
-    protocol    = "tcp",
-    cidr_blocks = concat(module.network.vpc_subnet_private[*].cidr_block, module.network.vpc_subnet_public[*].cidr_block),
-    }, {
-    from_port   = 8479,
-    to_port     = 8479,
-    protocol    = "tcp",
-    cidr_blocks = concat(module.network.vpc_subnet_private[*].cidr_block, module.network.vpc_subnet_public[*].cidr_block),
-    }, {
-    from_port   = 8475, # for serving jsonl files
-    to_port     = 8475,
-    protocol    = "tcp",
-    cidr_blocks = concat(module.network.vpc_subnet_private[*].cidr_block, module.network.vpc_subnet_public[*].cidr_block),
-    }, {
-    from_port   = 9100,
-    to_port     = 9100,
-    protocol    = "tcp"
-    cidr_blocks = ["${module.ooni_monitoring_proxy.aws_instance_private_ip}/32"]
-    }, {
-    from_port   = 9102, # For fastpath metrics
-    to_port     = 9102,
-    protocol    = "tcp"
-    cidr_blocks = ["${module.ooni_monitoring_proxy.aws_instance_private_ip}/32", "${module.ooni_monitoring_proxy.aws_instance_public_ip}/32"]
-  }]
-
-  egress_rules = [{
-    from_port   = 0,
-    to_port     = 0,
-    protocol    = "-1",
-    cidr_blocks = ["0.0.0.0/0"],
-    }, {
-    from_port        = 0,
-    to_port          = 0,
-    protocol         = "-1",
-    ipv6_cidr_blocks = ["::/0"],
-  }]
-
   sg_prefix = "oonifstp2"
   tg_prefix = "fp2"
 
-  disk_size = 150
+  monitoring_proxy_private_ip = module.ooni_monitoring_proxy.aws_instance_private_ip
+  monitoring_proxy_public_ip  = module.ooni_monitoring_proxy.aws_instance_public_ip
 
-  tags = merge(
-    local.tags,
-    { Name = "ooni-tier0-fastpath2" }
-  )
+  tags = local.tags
 }
 
 resource "aws_route53_record" "fastpath2_alias" {

From 0fdf02703ce02a7852ee6d3eaf4922cd9136023a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Luis=20D=C3=ADaz?= <ldiazn98@gmail.com>
Date: Thu, 18 Jun 2026 11:17:13 +0200
Subject: [PATCH 2/2] remove unnecessary fastpath domain

---
 tf/environments/prod/main.tf | 11 -----------
 1 file changed, 11 deletions(-)

diff --git a/tf/environments/prod/main.tf b/tf/environments/prod/main.tf
index 0b10b5bd..75b161f2 100644
--- a/tf/environments/prod/main.tf
+++ b/tf/environments/prod/main.tf
@@ -977,17 +977,6 @@ module "ooni_fastpath2" {
   tags = local.tags
 }
 
-resource "aws_route53_record" "fastpath2_alias" {
-  zone_id = local.dns_zone_ooni_io
-  name    = "fastpath2.${local.environment}.ooni.io"
-  type    = "CNAME"
-  ttl     = 300
-
-  records = [
-    module.ooni_fastpath2.aws_instance_public_dns
-  ]
-}
-
 module "fastpath_builder" {
   source      = "../../modules/ooni_docker_build"
   trigger_tag = ""