CCM-11586: more sensible route53 config

masl2 · masl2 · commit fdde8154867d · 2025-08-20T13:51:03.000+01:00
diff --git a/infrastructure/terraform/components/api/api_gateway_domain.tf b/infrastructure/terraform/components/api/api_gateway_domain.tf
@@ -1,4 +1,5 @@
 resource "aws_api_gateway_domain_name" "main" {
+  count                    = var.manually_configure_mtls_truststore ? 1 :  0
   regional_certificate_arn = aws_acm_certificate_validation.main.certificate_arn
   domain_name              = local.root_domain_name
   security_policy          = "TLS_1_2"
@@ -17,26 +18,28 @@ resource "aws_api_gateway_domain_name" "main" {
   }
 
   lifecycle {
-    ignore_changes = var.manually_configure_mtls_truststore ? [mutual_tls_authentication] :  []
+    ignore_changes = [
+      mutual_tls_authentication
+    ]
   }
 }
 
-# resource "aws_api_gateway_domain_name" "main_nonprod" {
-#   count                    = var.manually_configure_mtls_truststore ? 1 :  0
-#   regional_certificate_arn = aws_acm_certificate_validation.main.certificate_arn
-#   domain_name              = local.root_domain_name
-#   security_policy          = "TLS_1_2"
-
-#   endpoint_configuration {
-#     types = ["REGIONAL"]
-#   }
-
-#   depends_on = [
-#     aws_s3_bucket.truststore
-#   ]
-
-#   mutual_tls_authentication {
-#       truststore_uri     = "s3://${aws_s3_bucket.truststore.id}/${aws_s3_object.placeholder_truststore_nonprod[0].id}"
-#       truststore_version = aws_s3_object.placeholder_truststore_nonprod[0].version_id
-#   }
-# }
+resource "aws_api_gateway_domain_name" "main_nonprod" {
+  count                    = !var.manually_configure_mtls_truststore ? 1 :  0
+  regional_certificate_arn = aws_acm_certificate_validation.main.certificate_arn
+  domain_name              = local.root_domain_name
+  security_policy          = "TLS_1_2"
+
+  endpoint_configuration {
+    types = ["REGIONAL"]
+  }
+
+  depends_on = [
+    aws_s3_bucket.truststore
+  ]
+
+  mutual_tls_authentication {
+      truststore_uri     = "s3://${aws_s3_bucket.truststore.id}/${aws_s3_object.placeholder_truststore_nonprod[0].id}"
+      truststore_version = aws_s3_object.placeholder_truststore_nonprod[0].version_id
+  }
+}
diff --git a/infrastructure/terraform/components/api/route53_record.tf b/infrastructure/terraform/components/api/route53_record.tf
@@ -4,8 +4,8 @@ resource "aws_route53_record" "main" {
   zone_id = local.root_domain_id
 
   alias {
-    name    = aws_api_gateway_domain_name.main.regional_domain_name
-    zone_id = aws_api_gateway_domain_name.main.regional_zone_id
+    name    = var.manually_configure_mtls_truststore ? aws_api_gateway_domain_name.main.0.regional_domain_name : aws_api_gateway_domain_name.main_nonprod.0.regional_domain_name
+    zone_id = var.manually_configure_mtls_truststore ? aws_api_gateway_domain_name.main.0.regional_zone_id : aws_api_gateway_domain_name.main_nonprod.0.regional_zone_id
 
     evaluate_target_health = true
   }

Original file line number	Diff line number	Diff line change
`@@ -4,8 +4,8 @@ resource "aws_route53_record" "main" {`
`4`	`4`	`zone_id = local.root_domain_id`
`5`	`5`
`6`	`6`	`alias {`
`7`		`- name = aws_api_gateway_domain_name.main.regional_domain_name`
`8`		`- zone_id = aws_api_gateway_domain_name.main.regional_zone_id`
	`7`	`+ name = var.manually_configure_mtls_truststore ? aws_api_gateway_domain_name.main.0.regional_domain_name : aws_api_gateway_domain_name.main_nonprod.0.regional_domain_name`
	`8`	`+ zone_id = var.manually_configure_mtls_truststore ? aws_api_gateway_domain_name.main.0.regional_zone_id : aws_api_gateway_domain_name.main_nonprod.0.regional_zone_id`
`9`	`9`
`10`	`10`	`evaluate_target_health = true`
`11`	`11`	`}`