Add support for user defined aliases in CDN (#22)

LeoDiazL · mcascone · web-flow · commit e153d2a507ef · 2025-04-17T18:02:53.000-03:00
* Add support for user defined aliases in CDN
* Update README.md

Co-authored-by: Max Cascone &lt;max@bitovi.com&gt;
diff --git a/README.md b/README.md
@@ -44,6 +44,7 @@ Setting `aws_r53_create_sub_cert` to `true` will create a certificate **just for
 
 > :warning: Be very careful here! **Created certificates are fully managed by Terraform**. Therefor **they will be destroyed upon stack destruction**.
 
+> :warning: See note about CDN with aliases if using certificates.
 ## Example usage
 
 Create `.github/workflow/deploy.yaml` with the following to build on push.
@@ -192,6 +193,7 @@ The following inputs can be used as `step.with` keys
 | `aws_site_error_document` | String | Error document set to S3 website config. Defaults to none. Set value to enable it. |
 | `aws_site_bucket_name` | String | AWS S3 bucket name to use for the public files. Defaults to `${org}-${repo}-{branch}-sp`. If using a R53 domain and not a CDN, bucket name will be the FQDN one. See note. |
 | `aws_site_cdn_enabled` | Boolean | Enable or disables the use of CDN. Defaults to `false`. |
+| `aws_site_cdn_aliases` | String | Extra CNAMEs (alternate domain names), if any, for this distribution. Defaults to defined domain if none passed. (See note). |
 | `aws_site_cdn_custom_error_codes` | JSON | Custom error codes to define in CDN. Like `[{\"error_caching_min_ttl\":\"0\",\"error_code\":\"403\",\"response_code\":\"200\",\"response_page_path\":\"/index.html\"}]`. See [this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution.html#custom-error-response-arguments). |
 <hr/>
 <br/>
@@ -229,6 +231,16 @@ Because of this reason, the length of the FQDN *MUST* be below 64 characters. Wi
 
 In the case you are using domains and not using a CDN, no cert will be available, and length of the FQDN *MUST* be below 64 characters. Will be adjusted if it exceeds that limit. 
 
+## Certificates with CDN
+
+In the case you are using a custom domain name and need to support two alternate domain names, you can use the `aws_site_cdn_aliases`. 
+If using a certificate, keep in mind that you'll need to specify one that covers the domains being defined.  
+
+For example, if the CDN will support `site.bitovi.com` and `site.bitovi.tools`, the same certificate must cover both *bitovi.com* and *bitovi.tools* domains. (You can use sub-domains too). In that case, you'll need to specify the certificate by defining the `aws_r53_cert_arn`.
+If that's the case, `aws_site_cdn_aliases` should be set to: `site.bitovi.com,site.bitovi.tools` (Comma separated, no spaces).
+
+If they alternate domain names are child of the same domain, you can use a root cert for both. 
+
 ## Contributing
 We would love for you to contribute to [bitovi/github-actions-deploy-static-site-to-aws](https://github.com/bitovi/github-actions-deploy-static-site-to-aws).
 Would you like to see additional features?  [Create an issue](https://github.com/bitovi/github-actions-deploy-static-site-to-aws/issues/new) or a [Pull Requests](https://github.com/bitovi/github-actions-deploy-static-site-to-aws/pulls). We love discussing solutions!
diff --git a/action.yaml b/action.yaml
@@ -67,6 +67,9 @@ inputs:
   aws_site_cdn_enabled:
     description: 'Enable or disables the use of CDN. Defaults to `false`.'
     required: false
+  aws_site_cdn_aliases:
+    description: 'Extra CNAMEs (alternate domain names), if any, for this distribution. Will default to defined domain if none passed.'
+    required: false
   aws_site_cdn_custom_error_codes:
     description: 'Customize error codes, Definition done with JSON variables'
     required: false
@@ -131,6 +134,7 @@ runs:
         AWS_SITE_ERROR_DOCUMENT: ${{ inputs.aws_site_error_document }}
         AWS_SITE_BUCKET_NAME: ${{ inputs.aws_site_bucket_name }}
         AWS_SITE_CDN_ENABLED: ${{ inputs.aws_site_cdn_enabled }}
+        AWS_SITE_CDN_ALIASES: ${{ inputs.aws_site_cdn_aliases }}
         AWS_SITE_CDN_CUSTOM_ERROR_CODES: ${{ inputs.aws_site_cdn_custom_error_codes }}
         # AWS Route53 Domains abd Certificates
         AWS_R53_DOMAIN_NAME: ${{ inputs.aws_r53_domain_name }}
diff --git a/scripts/generate_deploy.sh b/scripts/generate_deploy.sh
@@ -95,6 +95,7 @@ aws_default_region=$(generate_var aws_default_region $AWS_DEFAULT_REGION)
 aws_site_source_folder="aws_site_source_folder = \"${SOURCE_FILES}\""
 aws_site_bucket_name=$(generate_var aws_site_bucket_name $AWS_SITE_BUCKET_NAME)
 aws_site_cdn_enabled=$(generate_var aws_site_cdn_enabled $AWS_SITE_CDN_ENABLED)
+aws_site_cdn_aliases=$(generate_var aws_site_cdn_aliases $AWS_SITE_CDN_ALIASES)
 aws_site_cdn_custom_error_codes=$(generate_var aws_site_cdn_custom_error_codes $AWS_SITE_CDN_CUSTOM_ERROR_CODES)
 aws_site_root_object=$(generate_var aws_site_root_object $AWS_SITE_ROOT_OBJECT)
 aws_site_error_document=$(generate_var aws_site_error_document $AWS_SITE_ERROR_DOCUMENT)
@@ -116,6 +117,7 @@ $aws_tf_state_bucket
 $aws_site_source_folder
 $aws_site_bucket_name
 $aws_site_cdn_enabled
+$aws_site_cdn_aliases
 $aws_site_cdn_custom_error_codes
 $aws_site_root_object
 $aws_site_error_document
diff --git a/terraform_code/main.tf b/terraform_code/main.tf
@@ -240,7 +240,7 @@ resource "aws_cloudfront_distribution" "cdn_static_site" {
     }
   }
   
-  aliases = [ var.aws_r53_root_domain_deploy ? "${var.aws_r53_domain_name}" : "${var.aws_r53_sub_domain_name}.${var.aws_r53_domain_name}" ]
+  aliases =  var.aws_site_cdn_aliases != "" ? local.parsed_aliases : [ var.aws_r53_root_domain_deploy ? "${var.aws_r53_domain_name}" : "${var.aws_r53_sub_domain_name}.${var.aws_r53_domain_name}" ]
 
   viewer_certificate {
     acm_certificate_arn      = local.selected_arn
@@ -257,6 +257,11 @@ resource "aws_cloudfront_distribution" "cdn_static_site" {
   ]
 }
 
+locals {
+  parsed_aliases = [for n in split(",", var.aws_site_cdn_aliases) : (n)] 
+}
+
+
 ### CDN Access control
 resource "aws_cloudfront_origin_access_control" "default" {
   count                             = var.aws_site_cdn_enabled ? 1 : 0
diff --git a/terraform_code/variables.tf b/terraform_code/variables.tf
@@ -49,6 +49,12 @@ variable "aws_site_cdn_enabled" {
   default     = false
 }
 
+variable "aws_site_cdn_aliases" {
+  description = "Aliases or CNAMES for CDN"
+  type        = string
+  default     = ""
+}
+
 variable "aws_site_cdn_custom_error_codes" {
   description = "Custom error codes for site"
   type        = string

Original file line number	Diff line number	Diff line change
`@@ -240,7 +240,7 @@ resource "aws_cloudfront_distribution" "cdn_static_site" {`
`240`	`240`	`}`
`241`	`241`	`}`
`242`	`242`
`243`		`- aliases = [ var.aws_r53_root_domain_deploy ? "${var.aws_r53_domain_name}" : "${var.aws_r53_sub_domain_name}.${var.aws_r53_domain_name}" ]`
	`243`	`+ aliases = var.aws_site_cdn_aliases != "" ? local.parsed_aliases : [ var.aws_r53_root_domain_deploy ? "${var.aws_r53_domain_name}" : "${var.aws_r53_sub_domain_name}.${var.aws_r53_domain_name}" ]`
`244`	`244`
`245`	`245`	`viewer_certificate {`
`246`	`246`	`acm_certificate_arn = local.selected_arn`
`@@ -257,6 +257,11 @@ resource "aws_cloudfront_distribution" "cdn_static_site" {`
`257`	`257`	`]`
`258`	`258`	`}`
`259`	`259`
	`260`	`+locals {`
	`261`	`+ parsed_aliases = [for n in split(",", var.aws_site_cdn_aliases) : (n)]`
	`262`	`+}`
	`263`	`+`
	`264`	`+`
`260`	`265`	`### CDN Access control`
`261`	`266`	`resource "aws_cloudfront_origin_access_control" "default" {`
`262`	`267`	`count = var.aws_site_cdn_enabled ? 1 : 0`