Creating base certificates for shockrah and project-athens.xyz

2023-01-09 21:12:19 -08:00 · 2023-01-09 21:12:19 -08:00 · 8481a5f123
commit 8481a5f123
parent 99bc6be5c9
1 changed files with 59 additions and 0 deletions
--- a/infra/cert.tf
+++ b/infra/cert.tf
@ -0,0 +1,59 @@
+# Here is the TLS cert that we create for the alpha cluster
+
+# NOTE: for now we're going to use .blog.shockrah.xyz
+# while we test things out, once everything is up then
+# we can switch the cert over to use a wildcard
+
+# Base cerificate for shockrah_xyz
+##################################
+resource "aws_acm_certificate" "shockrah_xyz" {
+  # TODO: replace this with wildcard once we're ready
+  domain_name   = "blog.shockrah.xyz"
+  validation_method = "DNS"
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+# Base certificate for project athens
+#####################################
+resource "aws_acm_certificate" "project_athens_xyz" {
+  domain_name       = "*.project-athens.xyz"
+  validation_method = "DNS"
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+# DNS RECORDS
+#############
+resource "aws_route53_record" "shockrah_xyz_cert" {
+  zone_id   = aws_route53_zone.shockrah-xyz.id
+  name      = tolist(aws_acm_certificate.shockrah_xyz.domain_validation_options)[0].resource_record_name
+  type      = tolist(aws_acm_certificate.shockrah_xyz.domain_validation_options)[0].resource_record_type
+  records   = [ tolist(aws_acm_certificate.shockrah_xyz.domain_validation_options)[0].resource_record_value ]
+  ttl       = 300
+} 
+
+resource "aws_route53_record" "project_athens_xyz_cert" {
+  zone_id   = aws_route53_zone.project-athens.id
+  name      = tolist(aws_acm_certificate.project_athens_xyz.domain_validation_options)[0].resource_record_name
+  type      = tolist(aws_acm_certificate.project_athens_xyz.domain_validation_options)[0].resource_record_type
+  records   = [ tolist(aws_acm_certificate.project_athens_xyz.domain_validation_options)[0].resource_record_value ]
+  ttl       = 300
+} 
+
+# Validation configuration blocks used by terraform 
+###################################################
+
+resource "aws_acm_certificate_validation" "shockrah_xyz" {
+  certificate_arn = aws_acm_certificate.shockrah_xyz.arn
+  validation_record_fqdns = [ aws_route53_record.shockrah_xyz_cert.fqdn ]
+}
+
+resource "aws_acm_certificate_validation" "project_athens_xyz" {
+  certificate_arn = aws_acm_certificate.project_athens_xyz.arn
+  validation_record_fqdns = [ aws_route53_record.project_athens_xyz_cert.fqdn ]
+}