Skip to content

Commit 8e4cf24

Browse files
LeoDiazLLeoDiazL
authored
CDN Cert dependency fix (#7)
* Adding cert dep * Dep name fix * Adding more deps * changing local * fixing type * Cleanup * removing dep * Adding lifecycle block * fix * adding index * Fix 2 * fix 3 * fic 5 * Fixing conditional * Incremental fix for dep
1 parent 206678b commit 8e4cf24

File tree

1 file changed

+13
-5
lines changed

1 file changed

+13
-5
lines changed

terraform_code/main.tf

Lines changed: 13 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -114,7 +114,7 @@ resource "aws_s3_bucket_policy" "aws_spa_website_bucket_policy" {
114114

115115
### CDN Without DNS
116116
resource "aws_cloudfront_distribution" "cdn_static_site_default_cert" {
117-
count = var.aws_spa_cdn_enabled ? ( local.selected_arn == "" ? 1 : 0 ) : 0
117+
count = var.aws_spa_cdn_enabled ? ( local.cert_available ? 0 : 1 ) : 0
118118
enabled = true
119119
is_ipv6_enabled = true
120120
default_root_object = var.aws_spa_root_object
@@ -158,7 +158,7 @@ resource "aws_cloudfront_distribution" "cdn_static_site_default_cert" {
158158

159159
### CDN with custom DNS
160160
resource "aws_cloudfront_distribution" "cdn_static_site" {
161-
count = var.aws_spa_cdn_enabled ? ( local.selected_arn != "" ? 1 : 0 ) : 0
161+
count = var.aws_spa_cdn_enabled ? ( local.cert_available ? 1 : 0 ) : 0
162162
enabled = true
163163
is_ipv6_enabled = true
164164
default_root_object = var.aws_spa_root_object
@@ -202,6 +202,14 @@ resource "aws_cloudfront_distribution" "cdn_static_site" {
202202
ssl_support_method = "sni-only"
203203
minimum_protocol_version = "TLSv1.2_2021"
204204
}
205+
lifecycle {
206+
create_before_destroy = true
207+
}
208+
depends_on = [
209+
aws_acm_certificate.sub_domain,
210+
aws_acm_certificate.root_domain,
211+
data.aws_acm_certificate.issued
212+
]
205213
}
206214

207215
### CDN Access control
@@ -275,7 +283,7 @@ locals {
275283
# CERTIFICATE STUFF
276284

277285
data "aws_acm_certificate" "issued" {
278-
for_each = local.cert_available ? {
286+
for_each = local.cert_available && local.fqdn_provided ? {
279287
"domain" : var.aws_r53_domain_name,
280288
"wildcard" : "*.${var.aws_r53_domain_name}"
281289
"sub": "${var.aws_r53_sub_domain_name}.${var.aws_r53_domain_name}"
@@ -335,7 +343,7 @@ resource "aws_acm_certificate_validation" "sub_domain" {
335343
### Some locals for parsing details
336344
locals {
337345
selected_arn = (
338-
var.aws_r53_enable_cert ?
346+
var.aws_r53_enable_cert && local.fqdn_provided ?
339347
(var.aws_r53_cert_arn != "" ? var.aws_r53_cert_arn :
340348
(!var.aws_r53_create_root_cert ?
341349
(!var.aws_r53_create_sub_cert ?
@@ -346,7 +354,7 @@ locals {
346354
) : ""
347355
)
348356
cert_available = (
349-
var.aws_r53_enable_cert ?
357+
var.aws_r53_enable_cert && local.fqdn_provided ?
350358
(var.aws_r53_cert_arn != "" ? true :
351359
(!var.aws_r53_create_root_cert ?
352360
(!var.aws_r53_create_sub_cert ?

0 commit comments

Comments
 (0)