This repository has been archived by the owner on Oct 3, 2023. It is now read-only.
forked from covidgreen/covid-green-infra
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdns.tf
126 lines (108 loc) · 3.74 KB
/
dns.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
# #########################################
# Route53 zone
# #########################################
data "aws_route53_zone" "primary" {
count = local.enable_dns_count
provider = aws.dns
name = var.route53_zone
private_zone = false
}
# #########################################
# Certificate
# #########################################
resource "aws_acm_certificate" "wildcard_cert" {
count = local.enable_certificates_count
domain_name = var.wildcard_domain
validation_method = "DNS"
lifecycle {
create_before_destroy = true
}
}
resource "aws_route53_record" "wildcard_cert_validation" {
count = local.enable_certificates_count
provider = aws.dns
name = aws_acm_certificate.wildcard_cert[0].domain_validation_options.0.resource_record_name
type = aws_acm_certificate.wildcard_cert[0].domain_validation_options.0.resource_record_type
zone_id = data.aws_route53_zone.primary[0].id
records = [aws_acm_certificate.wildcard_cert[0].domain_validation_options.0.resource_record_value]
ttl = 60
allow_overwrite = true
lifecycle {
create_before_destroy = true
}
}
resource "aws_acm_certificate_validation" "wildcard_cert" {
count = local.enable_certificates_count
certificate_arn = aws_acm_certificate.wildcard_cert[0].arn
validation_record_fqdns = [aws_route53_record.wildcard_cert_validation[0].fqdn]
lifecycle {
create_before_destroy = true
}
}
resource "aws_acm_certificate" "wildcard_cert_us" {
count = local.enable_certificates_count
provider = aws.us_east_1
domain_name = var.wildcard_domain
validation_method = "DNS"
lifecycle {
create_before_destroy = true
}
}
resource "aws_route53_record" "wildcard_cert_validation_us" {
count = local.enable_certificates_count
provider = aws.dns
name = aws_acm_certificate.wildcard_cert_us[0].domain_validation_options.0.resource_record_name
type = aws_acm_certificate.wildcard_cert_us[0].domain_validation_options.0.resource_record_type
zone_id = data.aws_route53_zone.primary[0].id
records = [aws_acm_certificate.wildcard_cert_us[0].domain_validation_options.0.resource_record_value]
ttl = 60
allow_overwrite = true
lifecycle {
create_before_destroy = true
}
}
resource "aws_acm_certificate_validation" "wildcard_cert_us" {
count = local.enable_certificates_count
provider = aws.us_east_1
certificate_arn = aws_acm_certificate.wildcard_cert_us[0].arn
validation_record_fqdns = [aws_route53_record.wildcard_cert_validation_us[0].fqdn]
lifecycle {
create_before_destroy = true
}
}
# #########################################
# DNS Records
# #########################################
resource "aws_route53_record" "api" {
count = local.enable_dns_count
provider = aws.dns
zone_id = data.aws_route53_zone.primary[0].id
name = var.api_dns
type = "A"
alias {
name = aws_api_gateway_domain_name.main[0].cloudfront_domain_name
zone_id = aws_api_gateway_domain_name.main[0].cloudfront_zone_id
evaluate_target_health = true
}
lifecycle {
create_before_destroy = true
}
depends_on = [
aws_api_gateway_domain_name.main
]
}
resource "aws_route53_record" "push" {
count = local.enable_dns_count
provider = aws.dns
zone_id = data.aws_route53_zone.primary[0].id
name = var.push_dns
type = "A"
alias {
name = aws_lb.push.dns_name
zone_id = aws_lb.push.zone_id
evaluate_target_health = true
}
lifecycle {
create_before_destroy = true
}
}