@@ -4,6 +4,10 @@ All the DNS records of the domains owned by the Rust Infrastructure team are
44hosted on [ AWS Route 53] , and can be tweaked by members of the team. This
55document contains instructions for them on how to make changes.
66
7+ * [ Changing DNS records of a domain managed with Terraform] ( #changing-dns-records-of-a-domain-managed-with-terraform )
8+ * [ Managing DNS for a new domain with Terraform] ( #managing-dns-for-a-new-domain-with-terraform )
9+ * [ Adding subdomain redirects] ( #adding-subdomain-redirects )
10+
711## Changing DNS records of a domain managed with Terraform
812
913> ** Warning:** not all domain names are yet managed with Terraform. In the
@@ -89,7 +93,63 @@ terraform init
8993terraform apply
9094```
9195
96+ ## Adding subdomain redirects
97+
98+ Our Terraform configuration supports creating redirects from an arbitrary
99+ number of subdomains we control to an URL. Redirects are created with these
100+ pieces of infrastructure:
101+
102+ * A S3 bucket for each set of redirects, named ` rust-http-redirect-<HASH> ` . The
103+ bucket has website hosting enabled, configured to redirect all the incoming
104+ requests to the chosen URL. This allows implementing redirects without an
105+ underlying server.
106+
107+ * An ACM certificate (plus the DNS records to validate it) for each set of
108+ redirects, with all the sources as alternate names. This is used to enable
109+ HTTPS redirects.
110+
111+ * A CloudFront distribution for each set of redirects to support HTTPS
112+ requests, using the previously generated ACM certificate and forwarding
113+ requests to the S3 bucket.
114+
115+ * Route53 records for each redirect in the related zones: CNAMEs
116+ for subdomains, and ALIASes for apex domains.
117+
118+ All the redirects are defined in [ ` terraform/redirects.tf ` ] [ redirects-file ] ,
119+ with a module for each destination URL. Either create a new module if you need
120+ to redirect to a new URL, or add a new subdomain to an existing module. See an
121+ example module here (take care of replacing the placeholders):
122+
123+ ``` terraform
124+ module "redirect_<IDENTIFIER>" {
125+ source = "./modules/subdomain-redirect"
126+ providers = {
127+ aws = "aws"
128+ aws.east1 = "aws.east1"
129+ }
130+
131+ to = "<DESTINATION-URL>"
132+ from = {
133+ "<SUBDOMAIN-1>" = module.dns.zone_<DOMAIN-1-IDENTIFIER>,
134+ "<SUBDOMAIN-2>" = module.dns.zone_<DOMAIN-2-IDENTIFIER>,
135+ }
136+ }
137+ ```
138+
139+ Once you made all the changes you can apply the configuration with:
140+
141+ ```
142+ terraform init
143+ terraform apply
144+ ```
145+
146+ Note that each change is going to take around 15 minutes to deploy, as
147+ CloudFront distribution changes are really slow to propagate. Also, it's normal
148+ to see a bunch of resources being recreated when a domain is added or removed
149+ from an existing redirect, as the ACM certificate will need to be regenerated.
150+
92151[ AWS Route 53 ] : https://aws.amazon.com/route53/
93152[ hosted-zones ] : https://console.aws.amazon.com/route53/home#hosted-zones:
94153[ dns-dir ] : https://github.com/rust-lang/simpleinfra/tree/master/terraform/services/dns/
95154[ outputs-file ] : https://github.com/rust-lang/simpleinfra/blob/master/terraform/services/dns/outputs.tf
155+ [ redirects-file ] : https://github.com/rust-lang/simpleinfra/blob/master/terraform/redirects.tf
0 commit comments