Skip to content

Commit c904271

Browse files
aidenvaines-cgiaidenvaines-cgi
committed
CCM-11056 adding custom DNS
1 parent 6caaca7 commit c904271

File tree

4 files changed

+41
-0
lines changed

4 files changed

+41
-0
lines changed

infrastructure/terraform/components/api/acm_certificate.tf

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
resource "aws_acm_certificate" "main" {
2+
domain_name = local.root_domain_name
3+
validation_method = "DNS"
4+
5+
lifecycle {
6+
create_before_destroy = true
7+
}
8+
}
9+
10+
resource "aws_acm_certificate_validation" "main" {
11+
certificate_arn = aws_acm_certificate.main.arn
12+
validation_record_fqdns = [for record in aws_route53_record.acm_validation : record.fqdn]
13+
}

infrastructure/terraform/components/api/api_gateway_domain.tf

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
resource "aws_api_gateway_domain_name" "main" {
2+
regional_certificate_arn = aws_acm_certificate_validation.main.certificate_arn
3+
domain_name = local.root_domain_name
4+
security_policy = "TLS_1_2"
5+
6+
endpoint_configuration {
7+
types = ["REGIONAL"]
8+
}
9+
}

infrastructure/terraform/components/api/locals.tf

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,7 @@
11
locals {
22
aws_lambda_functions_dir_path = "../../../../lambdas"
3+
root_domain_name = "${var.environment}.${local.acct.zone_names["supplier-api"]}" # e.g. [main|dev|abxy0].supplier-api.[dev|nonprod|prod].nhsnotify.national.nhs.uk
4+
root_domain_nameservers = "${var.environment}.${local.acct.zone_nameservers["supplier-api"]}"
35

46
openapi_spec = templatefile("${path.module}/resources/spec.tmpl.json", {
57
APIG_EXECUTION_ROLE_ARN = aws_iam_role.api_gateway_execution_role.arn

infrastructure/terraform/components/api/route53_record_acm_validation.tf

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
resource "aws_route53_record" "acm_validation" {
2+
for_each = {
3+
for dvo in aws_acm_certificate.main.domain_validation_options :
4+
dvo.domain_name => {
5+
name = dvo.resource_record_name
6+
record = dvo.resource_record_value
7+
type = dvo.resource_record_type
8+
} if dvo.domain_name == local.root_domain_name
9+
}
10+
11+
allow_overwrite = true
12+
name = each.value.name
13+
records = [each.value.record]
14+
type = each.value.type
15+
zone_id = local.acct.dns_zone["id"]
16+
ttl = 60
17+
}

0 commit comments

Comments
 (0)