fix

Author: devksingh4

terraform/envs/qa/main.tf

@@ -91,6 +91,7 @@ module "frontend" {
   CoreCertificateArn = var.CoreCertificateArn
   CorePublicDomain   = var.CorePublicDomain
   IcalPublicDomain   = var.IcalPublicDomain
+  LinkryPublicDomain = var.LinkryPublicDomain
   LinkryKvArn        = aws_cloudfront_key_value_store.linkry_kv.arn
   LinkryKvId         = aws_cloudfront_key_value_store.linkry_kv.id
 }
@@ -119,6 +120,18 @@ resource "aws_route53_record" "ical" {
   }
 }
 
+resource "aws_route53_record" "linkry" {
+  for_each = toset(["A", "AAAA"])
+  zone_id  = "Z04502822NVIA85WM2SML"
+  type     = each.key
+  name     = var.LinkryPublicDomain
+  alias {
+    name                   = module.frontend.linkry_cloudfront_domain_name
+    zone_id                = "Z2FDTNDATAQYW2"
+    evaluate_target_health = false
+  }
+}
+
 // This section last: moved records into modules
 moved {
   from = aws_dynamodb_table.app_audit_log

terraform/modules/frontend/main.tf

@@ -282,6 +282,46 @@ resource "aws_s3_bucket_policy" "frontend_bucket_policy" {
 
 }
 
+resource "aws_cloudfront_distribution" "linkry_cloudfront_distribution" {
+  http_version = "http2and3"
+  origin {
+    origin_id   = "DummyOrigin"
+    domain_name = "example.com"
+    custom_origin_config {
+      http_port              = 80
+      https_port             = 443
+      origin_protocol_policy = "https-only"
+      origin_ssl_protocols   = ["TLSv1", "TLSv1.1", "TLSv1.2"]
+    }
+  }
+  aliases         = [var.LinkryPublicDomain]
+  enabled         = true
+  is_ipv6_enabled = true
+  default_cache_behavior {
+    compress               = true
+    target_origin_id       = "DummyOrigin"
+    viewer_protocol_policy = "redirect-to-https"
+    allowed_methods        = ["GET", "HEAD"]
+    cached_methods         = ["GET", "HEAD"]
+
+    function_association {
+      event_type   = "viewer-request"
+      function_arn = aws_cloudfront_function.linkry_redirect.arn
+    }
+  }
+  viewer_certificate {
+    acm_certificate_arn      = var.CoreCertificateArn
+    minimum_protocol_version = "TLSv1.2_2021"
+    ssl_support_method       = "sni-only"
+  }
+  restrictions {
+    geo_restriction {
+      restriction_type = "none"
+    }
+  }
+  price_class = "PriceClass_100"
+}
+
 output "main_cloudfront_distribution_id" {
   value = aws_cloudfront_distribution.app_cloudfront_distribution.id
 }
@@ -297,3 +337,11 @@ output "ical_cloudfront_distribution_id" {
 output "ical_cloudfront_domain_name" {
   value = aws_cloudfront_distribution.ical_cloudfront_distribution.domain_name
 }
+
+output "linkry_cloudfront_distribution_id" {
+  value = aws_cloudfront_distribution.linkry_cloudfront_distribution.id
+}
+
+output "linkry_cloudfront_domain_name" {
+  value = aws_cloudfront_distribution.linkry_cloudfront_distribution.domain_name
+}

terraform/modules/frontend/variables.tf

@@ -18,6 +18,11 @@ variable "IcalPublicDomain" {
   description = "Ical Public Host"
 }
 
+variable "LinkryPublicDomain" {
+  type        = string
+  description = "Ical Public Host"
+}
+
 
 variable "CoreCertificateArn" {
   type        = string

terraform/modules/lambdas/main.tf

@@ -30,15 +30,9 @@ resource "aws_iam_role" "api_role" {
       {
         Action = "sts:AssumeRole"
         Effect = "Allow"
-        Sid    = ""
         Principal = {
           Service = "lambda.amazonaws.com"
         }
-        Condition = {
-          StringEquals = {
-            "aws:SourceArn" = "arn:aws:lambda:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:function:${local.core_api_lambda_name}"
-          }
-        }
       },
     ]
   })