operations: WIP moving API to run as an ECS task.

operations/terraform/deployed_env/cloudfront.tf

@@ -26,10 +26,6 @@ output "oai_access_policy" {
  value = data.aws_iam_policy_document.bucket_access_policy
 }
 
-locals {
-  env_domain_name = "pm${var.environment == "prod" ? "" : "-${var.environment}"}.jdb-labs.com"
-}
-
 resource "aws_cloudfront_origin_access_identity" "origin_access_identity" {
   comment = "OAI for Personal Measure {$var.environment} environment."
 }
@@ -56,7 +52,7 @@ resource "aws_cloudfront_distribution" "s3_distribution" {
     prefix          = "${var.environment}/logs/cloudfront"
   }
 
-  aliases = ["${local.env_domain_name}"]
+  aliases = ["${local.app_domain_name}"]
 
   default_cache_behavior {
     allowed_methods   = ["GET", "HEAD", "OPTIONS"]
@@ -96,7 +92,7 @@ resource "aws_cloudfront_distribution" "s3_distribution" {
   }
 
   viewer_certificate {
-    acm_certificate_arn = "${var.cloudfront_ssl_certificate_arn}"
+    acm_certificate_arn = "${var.domain_cert_arn}"
     ssl_support_method  = "sni-only"
   }
 }

operations/terraform/deployed_env/domain.tf

@@ -0,0 +1,65 @@
+# provider "aws" {
+#   alias   = "cert"
+#   region  = "us-east-1"
+# }
+#
+# resource "aws_acm_certificate" "cert" {
+#   provider          = aws.cert
+#   domain_name       = local.app_domain_name
+#   validation_method = "DNS"
+#
+#   subject_alternative_names = [local.api_domain_name]
+#
+#   tags = {
+#     Environment = var.environment
+#   }
+#
+#   lifecycle {
+#     create_before_destroy = true
+#   }
+# }
+#
+# resource "aws_route53_record" "cert_validation" {
+#   for_each {
+#     for dvo in aws_acm_certificate.cert.domain_validation_options : dvo.domain_name => {
+#       name    = dvo.resource_record_name
+#       type    = dvo.resource_record_type
+#       record  = dvo.resource_record_value
+#     }
+#   }
+#
+#   allow_overwrite = true
+#   name            = each.value.name
+#   records         = [ each.value.record ]
+#   ttl             = 60
+#   type            = each.value.type
+#   zone_id         = var.route53_zone.zone_id
+# }
+#
+# resource "aws_acm_certificate_validation" "cert" {
+#   provider                = aws.cert
+#   certificate_arn         = aws_acm_certificate.cert.arn
+#   validation_record_fqdns = [ for record in aws_route53_record.cert_validation : record.fqdn ]
+# }
+
+resource "aws_route53_record" "app_domain" {
+  zone_id   = var.route53_zone.zone_id
+  name      = local.app_domain_name
+  type      = "A"
+
+  alias {
+    name    = aws_cloudfront_distribution.s3_distribution.name
+    zone_id = aws_cloudfront_distribution.s3_distribution.hosted_zone_id
+    evaluate_target_health = false
+  }
+
+  depends_on  = [aws_cloudfront_distribution.cdn ]
+}
+
+resource "aws_route53_record" "api_domain" {
+  zone_id   = var.route53_zone.zone_id
+  name      = local.api_domain_name
+  type      = "A"
+
+  # TODO: alias configuration
+}

operations/terraform/deployed_env/ecs.tf

@@ -0,0 +1,2 @@
+resource "aws_ecs_task_definition" "pmapi" {
+}

operations/terraform/deployed_env/variables.tf

@@ -8,6 +8,15 @@ variable "artifact_bucket" {
   description = "The aws_s3_bucket object representing the artifact bucket where deployed artifacts, logs, etc. live."
 }
 
-variable "cloudfront_ssl_certificate_arn" {
-  description = "ARN of the managed SSL certificate to use for this environment."
+variable "domain_cert_arn" {
+  description = "ARN for the SSL certificate to use for this environment's configuration."
+}
+
+variable "route53_zone" {
+  description = "Route53 hosted zone for the deployed environments."
+}
+
+locals {
+  app_domain_name = "pm${var.environment == "prod" ? "" : "-${var.environment}"}.jdb-software.com"
+  api_domain_name = "api.pm${var.environment == "prod" ? "" : "-${var.environment}"}.jdb-software.com"
 }