From 173e324bf36cd09ad47176918c129d2d6d35f89d Mon Sep 17 00:00:00 2001
From: Jonathan Bernard <jonathan@jdbernard.com>
Date: Sat, 11 Mar 2023 00:23:27 -0600
Subject: [PATCH] Move cler.be resources from the main jdb-software operations
 terraform configuration to here.

---
 operations/terraform/load-balancer.tf |  5 +++
 operations/terraform/route53.tf       | 52 +++++++++++++++++++++++++++
 2 files changed, 57 insertions(+)
 create mode 100644 operations/terraform/route53.tf

diff --git a/operations/terraform/load-balancer.tf b/operations/terraform/load-balancer.tf
index f8d65b5..f5b0d33 100644
--- a/operations/terraform/load-balancer.tf
+++ b/operations/terraform/load-balancer.tf
@@ -39,3 +39,8 @@ resource "aws_lb_listener_rule" "toclerbe" {
     Name        = "${var.app_domain} HTTPS"
   }
 }
+
+resource "aws_lb_listener_certificate" "toclerbe" {
+  listener_arn    = data.terraform_remote_state.jdbsoft.outputs.aws_lb_listener_https.arn
+  certificate_arn = data.terraform_remote_state.jdbsoft.outputs.aws_acm_certificate_clerbe_arn
+}
diff --git a/operations/terraform/route53.tf b/operations/terraform/route53.tf
new file mode 100644
index 0000000..1d3bf78
--- /dev/null
+++ b/operations/terraform/route53.tf
@@ -0,0 +1,52 @@
+resource "aws_route53_zone" "clerbe" {
+  name    = "cler.be"
+  comment = "Short domain for JDB Software services."
+}
+
+// ===========================================================================
+// Routes and certificates defined on cler.be
+// ===========================================================================
+
+resource "aws_route53_record" "to_clerbe" {
+  name = "to.cler.be"
+  type = "A"
+  zone_id = aws_route53_zone.clerbe.id
+
+  alias {
+    evaluate_target_health  = true
+    name                    = data.terraform_remote_state.jdbsoft.outputs.aws_lb_jdbsoft.dns_name
+    zone_id                 = data.terraform_remote_state.jdbsoft.outputs.aws_lb_jdbsoft.zone_id
+  }
+}
+
+resource "aws_acm_certificate" "clerbe" {
+  domain_name               = "*.cler.be"
+  subject_alternative_names = [ "cler.be" ]
+  validation_method         = "DNS"
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_route53_record" "clerbe_cert_validation" {
+  for_each = {
+    for dvo in aws_acm_certificate.clerbe.domain_validation_options: dvo.domain_name => {
+      name    = dvo.resource_record_name
+      type    = dvo.resource_record_type
+      record  = dvo.resource_record_value
+    }
+  }
+
+  allow_overwrite = true
+  name            = each.value.name
+  records         = [ each.value.record ]
+  ttl             = 300
+  type            = each.value.type
+  zone_id         = aws_route53_zone.clerbe.zone_id
+}
+
+resource "aws_acm_certificate_validation" "clerbe" {
+  certificate_arn         = aws_acm_certificate.clerbe.arn
+  validation_record_fqdns = [for record in aws_route53_record.clerbe_cert_validation : record.fqdn]
+}