diff --git a/infra/cert.tf b/infra/cert.tf new file mode 100644 index 0000000..e1c6327 --- /dev/null +++ b/infra/cert.tf @@ -0,0 +1,59 @@ +# Here is the TLS cert that we create for the alpha cluster + +# NOTE: for now we're going to use .blog.shockrah.xyz +# while we test things out, once everything is up then +# we can switch the cert over to use a wildcard + +# Base cerificate for shockrah_xyz +################################## +resource "aws_acm_certificate" "shockrah_xyz" { + # TODO: replace this with wildcard once we're ready + domain_name = "blog.shockrah.xyz" + validation_method = "DNS" + + lifecycle { + create_before_destroy = true + } +} + +# Base certificate for project athens +##################################### +resource "aws_acm_certificate" "project_athens_xyz" { + domain_name = "*.project-athens.xyz" + validation_method = "DNS" + + lifecycle { + create_before_destroy = true + } +} + +# DNS RECORDS +############# +resource "aws_route53_record" "shockrah_xyz_cert" { + zone_id = aws_route53_zone.shockrah-xyz.id + name = tolist(aws_acm_certificate.shockrah_xyz.domain_validation_options)[0].resource_record_name + type = tolist(aws_acm_certificate.shockrah_xyz.domain_validation_options)[0].resource_record_type + records = [ tolist(aws_acm_certificate.shockrah_xyz.domain_validation_options)[0].resource_record_value ] + ttl = 300 +} + +resource "aws_route53_record" "project_athens_xyz_cert" { + zone_id = aws_route53_zone.project-athens.id + name = tolist(aws_acm_certificate.project_athens_xyz.domain_validation_options)[0].resource_record_name + type = tolist(aws_acm_certificate.project_athens_xyz.domain_validation_options)[0].resource_record_type + records = [ tolist(aws_acm_certificate.project_athens_xyz.domain_validation_options)[0].resource_record_value ] + ttl = 300 +} + +# Validation configuration blocks used by terraform +################################################### + +resource "aws_acm_certificate_validation" "shockrah_xyz" { + certificate_arn = aws_acm_certificate.shockrah_xyz.arn + validation_record_fqdns = [ aws_route53_record.shockrah_xyz_cert.fqdn ] +} + +resource "aws_acm_certificate_validation" "project_athens_xyz" { + certificate_arn = aws_acm_certificate.project_athens_xyz.arn + validation_record_fqdns = [ aws_route53_record.project_athens_xyz_cert.fqdn ] +} \ No newline at end of file