CCM-11056 adding custom DNS (#77)

* CCM-11056 adding custom DNS

* CCM-11056 adding custom DNS

* CCM-11056 adding custom DNS

* CCM-11056 adding custom DNS

* CCM-11056 map API and custom domain

* CCM-11056 map API and custom domain

Author: aidenvaines-cgi

.tool-versions

@@ -1,7 +1,7 @@
 act 0.2.64
 gitleaks 8.24.0
 jq 1.6
-nodejs 22.11.0
+nodejs 22.15.0
 pre-commit 3.6.0
 python 3.13.2
 terraform 1.9.2

infrastructure/terraform/components/api/acm_certificate.tf

@@ -0,0 +1,13 @@
+resource "aws_acm_certificate" "main" {
+  domain_name       = local.root_domain_name
+  validation_method = "DNS"
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_acm_certificate_validation" "main" {
+  certificate_arn = aws_acm_certificate.main.arn
+  validation_record_fqdns = [for record in aws_route53_record.acm_validation : record.fqdn]
+}

infrastructure/terraform/components/api/api_gateway_base_path_mapping.tf

@@ -0,0 +1,5 @@
+resource "aws_api_gateway_base_path_mapping" "main" {
+  api_id      = aws_api_gateway_rest_api.main.id
+  stage_name  = aws_api_gateway_stage.main.stage_name
+  domain_name = aws_api_gateway_domain_name.main.domain_name
+}

infrastructure/terraform/components/api/api_gateway_domain.tf

@@ -0,0 +1,9 @@
+resource "aws_api_gateway_domain_name" "main" {
+  regional_certificate_arn = aws_acm_certificate_validation.main.certificate_arn
+  domain_name              = local.root_domain_name
+  security_policy          = "TLS_1_2"
+
+  endpoint_configuration {
+    types = ["REGIONAL"]
+  }
+}

infrastructure/terraform/components/api/locals.tf

@@ -1,5 +1,8 @@
 locals {
   aws_lambda_functions_dir_path = "../../../../lambdas"
+  root_domain_name              = "${var.environment}.${local.acct.route53_zone_names["supplier-api"]}" # e.g. [main|dev|abxy0].supplier-api.[dev|nonprod|prod].nhsnotify.national.nhs.uk
+  root_domain_id                = local.acct.route53_zone_ids["supplier-api"]
+  root_domain_nameservers       = local.acct.route53_zone_nameservers["supplier-api"]
 
   openapi_spec = templatefile("${path.module}/resources/spec.tmpl.json", {
     APIG_EXECUTION_ROLE_ARN = aws_iam_role.api_gateway_execution_role.arn

infrastructure/terraform/components/api/route53_record.tf

@@ -0,0 +1,12 @@
+resource "aws_route53_record" "main" {
+  name    = aws_api_gateway_domain_name.main.domain_name
+  type    = "A"
+  zone_id = local.root_domain_id
+
+  alias {
+    name    = aws_api_gateway_domain_name.main.regional_domain_name
+    zone_id = aws_api_gateway_domain_name.main.regional_zone_id
+
+    evaluate_target_health = true
+  }
+}

infrastructure/terraform/components/api/route53_record_acm_validation.tf

@@ -0,0 +1,17 @@
+resource "aws_route53_record" "acm_validation" {
+  for_each = {
+    for dvo in aws_acm_certificate.main.domain_validation_options :
+    dvo.domain_name => {
+      name   = dvo.resource_record_name
+      record = dvo.resource_record_value
+      type   = dvo.resource_record_type
+    } if dvo.domain_name == local.root_domain_name
+  }
+
+  allow_overwrite = true
+  name            = each.value.name
+  records         = [each.value.record]
+  type            = each.value.type
+  zone_id         = local.root_domain_id
+  ttl             = 60
+}