naming

Author: alexnuttall

infrastructure/terraform/bin/terraform.sh

@@ -4,7 +4,7 @@
 # A wrapper for running terraform projects
 # - handles remote state
 # - uses consistent .tfvars files for each environment
-export TF_LOG=DEBUG
+
 ##
 # Set Script Version
 ##

infrastructure/terraform/components/acct/module_s3bucket_access_logs.tf

@@ -1,5 +1,5 @@
 module "s3bucket_access_logs" {
-  source = "git::https://github.com/NHSDigital/nhs-notify-shared-modules.git//infrastructure/modules/s3bucket?ref=v=2.0.2"
+  source = "git::https://github.com/NHSDigital/nhs-notify-shared-modules.git//infrastructure/modules/s3bucket?ref=v=1.0.9"
 
   name = "access-logs"
 

infrastructure/terraform/components/acct/module_sandbox_kms.tf

@@ -13,4 +13,4 @@ module "kms_sandbox" {
   deletion_window = var.kms_deletion_window
   alias           = "alias/${local.csi}-sandbox"
   iam_delegation  = true
-}
+}

infrastructure/terraform/components/app/acm_certificate_files.tf

@@ -1,16 +1,18 @@
-resource "aws_acm_certificate" "cert" {
+resource "aws_acm_certificate" "files" {
   provider = aws.us-east-1
 
-  domain_name       = local.cloudfront_domain_name
+  domain_name       = local.cloudfront_files_domain_name
   validation_method = "DNS"
 
   lifecycle {
     create_before_destroy = true
   }
 }
 
-resource "aws_acm_certificate_validation" "main" {
-  provider          = aws.us-east-1
+resource "aws_acm_certificate_validation" "files" {
+  provider = aws.us-east-1
+
+  certificate_arn = aws_acm_certificate.files.arn
 
-  certificate_arn   = aws_acm_certificate.cert.arn
+  validation_record_fqdns = [for record in aws_route53_record.acm_validation_files : record.fqdn]
 }

…/app/cloudfront_distribution_download.tf …ents/app/cloudfront_distribution_main.tfinfrastructure/terraform/components/app/cloudfront_distribution_download.tf renamed to infrastructure/terraform/components/app/cloudfront_distribution_main.tf infrastructure/terraform/components/app/cloudfront_distribution_download.tf renamed to infrastructure/terraform/components/app/cloudfront_distribution_main.tf

@@ -3,7 +3,7 @@ resource "aws_cloudfront_distribution" "main" {
 
   enabled             = true
   is_ipv6_enabled     = true
-  comment             = "NHS Notify Template files CDN (${local.csi})"
+  comment             = "NHS Notify templates files CDN (${local.csi})"
   default_root_object = "index.html"
   # https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-distributionconfig.html#cfn-cloudfront-distribution-distributionconfig-priceclass
   price_class = "PriceClass_100"
@@ -16,11 +16,11 @@ resource "aws_cloudfront_distribution" "main" {
   }
 
   aliases = [
-    local.cloudfront_domain_name
+    local.cloudfront_files_domain_name
   ]
 
   viewer_certificate {
-    acm_certificate_arn = aws_acm_certificate.cert.arn
+    acm_certificate_arn = aws_acm_certificate_validation.files.certificate_arn
     # Supports 1.2 & 1.3 - https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html
     minimum_protocol_version = "TLSv1.2_2021"
     ssl_support_method       = "sni-only"
@@ -33,7 +33,7 @@ resource "aws_cloudfront_distribution" "main" {
 
   origin {
     domain_name              = module.backend_api.download_bucket_regional_domain_name
-    origin_access_control_id = aws_cloudfront_origin_access_control.main.id
+    origin_access_control_id = aws_cloudfront_origin_access_control.s3.id
     origin_id                = "S3-${local.csi}-download"
   }
 

…/app/cloudfront_origin_access_control.tf …p/cloudfront_origin_access_control_s3.tfinfrastructure/terraform/components/app/cloudfront_origin_access_control.tf renamed to infrastructure/terraform/components/app/cloudfront_origin_access_control_s3.tf infrastructure/terraform/components/app/cloudfront_origin_access_control.tf renamed to infrastructure/terraform/components/app/cloudfront_origin_access_control_s3.tf

@@ -1,6 +1,5 @@
-# Origin Access Control for S3
-resource "aws_cloudfront_origin_access_control" "main" {
-  provider                          = aws.us-east-1
+resource "aws_cloudfront_origin_access_control" "s3" {
+  provider = aws.us-east-1
 
   name                              = "${local.csi}-s3bucket-download"
   description                       = "Origin Access Control for ${module.backend_api.download_bucket_name}"

infrastructure/terraform/components/app/locals.tf

@@ -1,4 +1,4 @@
 locals {
-  cloudfront_domain_name = "files.${local.root_domain_name}"
-  root_domain_name       = "${var.environment}.${local.acct.dns_zone["name"]}"
+  cloudfront_files_domain_name = "files.${local.root_domain_name}"
+  root_domain_name             = "${var.environment}.${local.acct.dns_zone["name"]}"
 }

…nts/app/route53_record_acm_validation.tf …p/route53_record_acm_validation_files.tfinfrastructure/terraform/components/app/route53_record_acm_validation.tf renamed to infrastructure/terraform/components/app/route53_record_acm_validation_files.tf infrastructure/terraform/components/app/route53_record_acm_validation.tf renamed to infrastructure/terraform/components/app/route53_record_acm_validation_files.tf

@@ -1,6 +1,6 @@
-resource "aws_route53_record" "acm_validation" {
+resource "aws_route53_record" "acm_validation_files" {
   for_each = {
-    for dvo in aws_acm_certificate.cert.domain_validation_options :
+    for dvo in aws_acm_certificate.files.domain_validation_options :
     dvo.domain_name => {
       name   = dvo.resource_record_name
       record = dvo.resource_record_value

infrastructure/terraform/components/app/route53_record_cloudfront.tf

@@ -1,6 +1,6 @@
-resource "aws_route53_record" "cloudfront" {
+resource "aws_route53_record" "cloudfront_files" {
   zone_id = aws_route53_record.root.zone_id
-  name    = local.cloudfront_domain_name
+  name    = local.cloudfront_files_domain_name
   type    = "A"
 
   alias {

infrastructure/terraform/components/sandbox/variables.tf

@@ -85,4 +85,4 @@ variable "letter_suppliers" {
   }
 
   description = "Letter suppliers enabled in the environment"
-}
+}