Adds langfuse ec2 and api key to code

infra/ecs_alb/main.tf

@@ -202,13 +202,23 @@ resource "aws_iam_role_policy" "s3_policy" {
 
   policy = jsonencode({
     Version = "2012-10-17"
-    Statement = [{
-      Effect = "Allow"
-      Action = [
-        "s3:GetObject"
-      ]
-      Resource = "arn:aws:s3:::upflux-doc-analyzer/*"
-    }]
+    Statement = [
+      {
+        Effect = "Allow"
+        Action = [
+          "s3:GetObject",
+          "s3:PutObject"
+        ]
+        Resource = "arn:aws:s3:::upflux-doc-analyzer/*"
+      },
+      {
+        Effect = "Allow"
+        Action = [
+          "s3:DeleteObject"
+        ]
+        Resource = "arn:aws:s3:::upflux-doc-analyzer/temp_textract/*"
+      }
+    ]
   })
 }
 
@@ -229,6 +239,23 @@ resource "aws_iam_role_policy" "textract_policy" {
     }]
   })
 }
+
+resource "aws_iam_role_policy" "secrets_manager_policy" {
+  name = "${var.app_name}-secrets-manager-policy"
+  role = aws_iam_role.ecs_task_role.id
+
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [{
+      Effect = "Allow"
+      Action = [
+        "secretsmanager:GetSecretValue"
+      ]
+      Resource = "*"
+    }]
+  })
+}
+
 # ECS Task Definition
 resource "aws_ecs_task_definition" "app" {
   family                   = var.app_name
@@ -242,6 +269,13 @@ resource "aws_ecs_task_definition" "app" {
     name  = var.app_name
     image = "${data.aws_caller_identity.current.account_id}.dkr.ecr.${var.aws_region}.amazonaws.com/${var.ecr_repository_name}:${var.image_tag}"
     
+    environment = [
+      {
+        name  = "LANGFUSE_HOST"
+        value = var.langfuse_host
+      }
+    ]
+
     portMappings = [{
       containerPort = 8000
       hostPort      = 8000