-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.tf
103 lines (90 loc) · 2.54 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
provider "aws" {
version = "~> 4.0"
region = "us-east-1"
}
resource "aws_route53_record" "domain" {
zone_id = var.zone_id
name = var.custom_domain
type = "A"
alias {
name = aws_cloudfront_distribution.s3_distribution.domain_name
zone_id = aws_cloudfront_distribution.s3_distribution.hosted_zone_id
evaluate_target_health = true
}
}
resource "aws_acm_certificate_validation" "cert" {
for_each = {
}
certificate_arn = aws_acm_certificate.domain.arn
validation_record_fqdns = [aws_route53_record.validation[each.key].fqdn]
}
resource "aws_acm_certificate" "domain" {
domain_name = var.custom_domain
validation_method = "DNS"
tags = merge(var.tags)
lifecycle {
create_before_destroy = true
}
}
resource "aws_route53_record" "validation" {
for_each = {
for dvo in aws_acm_certificate.domain.domain_validation_options : dvo.domain_name => {
name = dvo.resource_record_name
type = dvo.resource_record_type
record = dvo.resource_record_value
}
}
allow_overwrite = true
name = each.value.name
records = [each.value.record]
zone_id = var.zone_id
ttl = 60
type = each.value.type
}
resource "aws_cloudfront_distribution" "s3_distribution" {
origin {
domain_name = var.intercom_help_domain
origin_id = var.origin_id
custom_origin_config {
http_port = "80"
https_port = "443"
origin_protocol_policy = "https-only"
origin_ssl_protocols = ["TLSv1.2"]
}
}
restrictions {
geo_restriction {
restriction_type = "none"
}
}
aliases = [var.custom_domain]
price_class = "PriceClass_All"
enabled = true
is_ipv6_enabled = true
comment = "Intercom Custom Domain"
http_version = "http2"
default_cache_behavior {
allowed_methods = ["GET", "HEAD"]
cached_methods = ["GET", "HEAD"]
target_origin_id = var.origin_id
forwarded_values {
headers = ["*"]
query_string = true
cookies {
forward = "all"
}
}
min_ttl = 0
default_ttl = 3600
max_ttl = 86400
compress = true
viewer_protocol_policy = "redirect-to-https"
}
tags = merge(var.tags)
web_acl_id = var.web_acl_id
viewer_certificate {
acm_certificate_arn = aws_acm_certificate.domain.arn
ssl_support_method = "sni-only"
minimum_protocol_version = "TLSv1.2_2019"
}
}