Move cler.be resources from the main jdb-software operations terraform configuration to here.

2023-03-11 00:23:27 -06:00 · 2023-03-11 00:23:27 -06:00 · 173e324bf3
commit 173e324bf3
parent f907ef83cf
2 changed files with 57 additions and 0 deletions
--- a/operations/terraform/load-balancer.tf
+++ b/operations/terraform/load-balancer.tf
@ -39,3 +39,8 @@ resource "aws_lb_listener_rule" "toclerbe" {
    Name        = "${var.app_domain} HTTPS"
  }
 }
+
+resource "aws_lb_listener_certificate" "toclerbe" {
+  listener_arn    = data.terraform_remote_state.jdbsoft.outputs.aws_lb_listener_https.arn
+  certificate_arn = data.terraform_remote_state.jdbsoft.outputs.aws_acm_certificate_clerbe_arn
+}
--- a/operations/terraform/route53.tf
+++ b/operations/terraform/route53.tf
@ -0,0 +1,52 @@
+resource "aws_route53_zone" "clerbe" {
+  name    = "cler.be"
+  comment = "Short domain for JDB Software services."
+}
+
+// ===========================================================================
+// Routes and certificates defined on cler.be
+// ===========================================================================
+
+resource "aws_route53_record" "to_clerbe" {
+  name = "to.cler.be"
+  type = "A"
+  zone_id = aws_route53_zone.clerbe.id
+
+  alias {
+    evaluate_target_health  = true
+    name                    = data.terraform_remote_state.jdbsoft.outputs.aws_lb_jdbsoft.dns_name
+    zone_id                 = data.terraform_remote_state.jdbsoft.outputs.aws_lb_jdbsoft.zone_id
+  }
+}
+
+resource "aws_acm_certificate" "clerbe" {
+  domain_name               = "*.cler.be"
+  subject_alternative_names = [ "cler.be" ]
+  validation_method         = "DNS"
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_route53_record" "clerbe_cert_validation" {
+  for_each = {
+    for dvo in aws_acm_certificate.clerbe.domain_validation_options: dvo.domain_name => {
+      name    = dvo.resource_record_name
+      type    = dvo.resource_record_type
+      record  = dvo.resource_record_value
+    }
+  }
+
+  allow_overwrite = true
+  name            = each.value.name
+  records         = [ each.value.record ]
+  ttl             = 300
+  type            = each.value.type
+  zone_id         = aws_route53_zone.clerbe.zone_id
+}
+
+resource "aws_acm_certificate_validation" "clerbe" {
+  certificate_arn         = aws_acm_certificate.clerbe.arn
+  validation_record_fqdns = [for record in aws_route53_record.clerbe_cert_validation : record.fqdn]
+}