From 9d580d7c2f4b082719430e283402b167ebca096e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Arturo=20Filast=C3=B2?= <arturo@filasto.net>
Date: Tue, 1 Oct 2024 13:10:20 +0200
Subject: [PATCH] Add comment on what's done in prod

---
 tf/environments/prod/main.tf        | 4 +++-
 tf/modules/ooniapi_frontend/main.tf | 2 ++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/tf/environments/prod/main.tf b/tf/environments/prod/main.tf
index aa718f0..c7d61c0 100644
--- a/tf/environments/prod/main.tf
+++ b/tf/environments/prod/main.tf
@@ -598,7 +598,9 @@ module "ooniapi_frontend" {
     "6.th.ooni.org" : local.dns_root_zone_ooni_org,
   }
 
-  oonith_domains = ["5.th.ooni.org", "6.th.ooni.org"]
+  oonith_domains = [
+    "*.th.ooni.org",
+  ]
 
   stage            = local.environment
   dns_zone_ooni_io = local.dns_zone_ooni_io
diff --git a/tf/modules/ooniapi_frontend/main.tf b/tf/modules/ooniapi_frontend/main.tf
index 8b12073..5c13e6c 100644
--- a/tf/modules/ooniapi_frontend/main.tf
+++ b/tf/modules/ooniapi_frontend/main.tf
@@ -35,6 +35,8 @@ resource "aws_alb_listener" "ooniapi_listener_https" {
   protocol          = "HTTPS"
   ssl_policy        = "ELBSecurityPolicy-2016-08"
   certificate_arn   = module.ooniapi_acm_certificate.certificate_arn
+  # In prod this has been manually applied
+  #certificate_arn   = "arn:aws:acm:eu-central-1:471112720364:certificate/8aad2e93-ea3a-48eb-be88-7fd2b1fff0cb"
 
   default_action {
     target_group_arn = var.oonibackend_proxy_target_group_arn