diff --git a/terraform/environments/portal/acm_certificate.tf b/terraform/environments/portal/acm_certificate.tf index a2a0c1ceb94..784fb77955e 100644 --- a/terraform/environments/portal/acm_certificate.tf +++ b/terraform/environments/portal/acm_certificate.tf @@ -1,6 +1,6 @@ resource "aws_acm_certificate" "legalservices_cert" { - domain_name = local.application_data.accounts[local.environment].acm_alt_domain_name + domain_name = local.application_data.accounts[local.environment].mp_domain_name subject_alternative_names = ["${local.application_data.accounts[local.environment].acm_aws_domain_name}"] validation_method = "DNS" @@ -32,7 +32,25 @@ resource "aws_route53_record" "external_lb_validation_core_network_services" { # NOTE: value.zone is null indicates the validation zone could not be found # Ensure route53_zones variable contains the given validation zone or # explicitly provide the zone details in the validation variable. - zone_id = each.value.zone_id + zone_id = each.value.zone.zone_id + + depends_on = [ + aws_acm_certificate.legalservices_cert + ] +} + +resource "aws_route53_record" "external_lb_validation_core_vpc" { + provider = aws.core-vpc + for_each = { + for key, value in local.external_lb_validation_records : key => value if value.zone.provider == "core-vpc" + } + + allow_overwrite = true + name = each.value.name + records = [each.value.record] + ttl = 60 + type = each.value.type + zone_id = each.value.zone.zone_id depends_on = [ aws_acm_certificate.legalservices_cert @@ -48,8 +66,8 @@ resource "aws_acm_certificate_validation" "external_lb_certificate_validation" { for key, value in local.validation_records_external_lb : replace(value.name, "/\\.$/", "") ] depends_on = [ - aws_route53_record.external_lb_validation_core_network_services - # aws_route53_record.external_lb_validation_core_vpc, + aws_route53_record.external_lb_validation_core_network_services, + aws_route53_record.external_lb_validation_core_vpc # aws_route53_record.external_lb_validation_self ] } diff --git a/terraform/environments/portal/application_variables.json b/terraform/environments/portal/application_variables.json index 0e8eb63e139..7df165a3bb8 100644 --- a/terraform/environments/portal/application_variables.json +++ b/terraform/environments/portal/application_variables.json @@ -34,12 +34,10 @@ "url": "s3://laa-portal-development-archive-mp", "maintenance_window_name": "diagnostics-log-archive-poc", "hosted_zone": "aws.dev.legalservices.gov.uk", - "acm_domain_name": "dev.legalservices.gov.uk", - "acm_alt_domain_name": "*.dev.legalservices.gov.uk", "acm_aws_domain_name": "*.aws.dev.legalservices.gov.uk", "fqdn": "portal.dev.legalservices.gov.uk", "landing_zone_vpc_cidr": "10.202.0.0/20", - "cloudfront_acm_domain_name":"modernisation-platform.service.justice.gov.uk" + "mp_domain_name":"modernisation-platform.service.justice.gov.uk" }, "test": { "example_var": "test-data", @@ -60,7 +58,6 @@ "url": "s3://laa-portal-production-archive-mp", "maintenance_window_name": "diagnostics-log-archive-production", "hosted_zone": "aws.prd.legalservices.gov.uk", - "acm_domain_name": "legalservices.gov.uk", "landing_zone_vpc_cidr": "10.205.0.0/20" } } diff --git a/terraform/environments/portal/cloudfront.tf b/terraform/environments/portal/cloudfront.tf index bc2af720c31..3ee98f9b5e2 100644 --- a/terraform/environments/portal/cloudfront.tf +++ b/terraform/environments/portal/cloudfront.tf @@ -15,7 +15,6 @@ locals { replace(dvo.domain_name, "/^[^.]*.[^.]*./", ""), { provider = "external" } ))) - # zone_id = data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].zone_id } } @@ -38,7 +37,7 @@ resource "random_password" "cloudfront" { } resource "aws_secretsmanager_secret" "cloudfront" { - name = "cloudfront-v1-secret-${local.application_name}-${formatdate("DDMMMYYYYhhmm", timestamp())}" + name = "cloudfront-v1-secret-${local.application_name}" description = "Simple secret created by Terraform" } @@ -357,7 +356,7 @@ resource "aws_acm_certificate_validation" "cloudfront_certificate_validation" { } resource "aws_acm_certificate" "cloudfront" { - domain_name = local.application_data.accounts[local.environment].cloudfront_acm_domain_name + domain_name = local.application_data.accounts[local.environment].mp_domain_name validation_method = "DNS" provider = aws.us-east-1 subject_alternative_names = local.environment == "production" ? null : ["mp-portal.${data.aws_route53_zone.external.name}"] diff --git a/terraform/environments/portal/data.tf b/terraform/environments/portal/data.tf index 3152e92312a..6a32fdd91eb 100644 --- a/terraform/environments/portal/data.tf +++ b/terraform/environments/portal/data.tf @@ -1,11 +1,3 @@ -data "aws_route53_zone" "portal-dev-private" { - for_each = local.core_network_services_domains_private - provider = aws.core-network-services - - name = "dev.legalservices.gov.uk." - private_zone = true -} - data "aws_route53_zone" "portal-dev-private-aws" { for_each = local.core_network_services_domains_private provider = aws.core-network-services diff --git a/terraform/environments/portal/idm_ec2.tf b/terraform/environments/portal/idm_ec2.tf index 81bf5461f06..d105a124657 100644 --- a/terraform/environments/portal/idm_ec2.tf +++ b/terraform/environments/portal/idm_ec2.tf @@ -19,7 +19,7 @@ do mount_status=$? done -hostnamectl set-hostname ${local.application_name}-ods1-ms.aws.${local.portal_hosted_zone} +hostnamectl set-hostname ${local.application_name}-ods1-ms.${local.portal_hosted_zone} # Setting up CloudWatch Agent mkdir cloudwatch_agent diff --git a/terraform/environments/portal/locals.tf b/terraform/environments/portal/locals.tf index e9efdd80085..b3db1c662dd 100644 --- a/terraform/environments/portal/locals.tf +++ b/terraform/environments/portal/locals.tf @@ -10,7 +10,7 @@ locals { prod_workspaces_cidr = "10.200.16.0/20" redc_cidr = "172.16.0.0/20" atos_cidr = "10.0.0.0/8" - portal_hosted_zone = local.application_data.accounts[local.environment].acm_domain_name + portal_hosted_zone = local.application_data.accounts[local.environment].hosted_zone # Temp local variable for environments where we wish to build out the EBS to be transfered to EFS ebs_conditional = ["testing", "preproduction", "production"] @@ -31,7 +31,6 @@ locals { replace(dvo.domain_name, "/^[^.]*.[^.]*./", ""), { provider = "external" } ))) - zone_id = dvo.domain_name == "${local.application_data.accounts[local.environment].acm_aws_domain_name}" ? data.aws_route53_zone.portal-dev-private-aws["${local.application_data.accounts[local.environment].hosted_zone}"].zone_id : data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].zone_id } } @@ -49,10 +48,6 @@ locals { provider = "self" }) }, { - for key, value in data.aws_route53_zone.portal-dev-private : key => merge(value, { - provider = "core-network-services" - }) - }, { for key, value in data.aws_route53_zone.portal-dev-private-aws : key => merge(value, { provider = "core-network-services" }) @@ -88,14 +83,10 @@ locals { account = "core-network-services" zone_name = "modernisation-platform.service.justice.gov.uk." } - "mp-${local.application_name}.${local.vpc_name}-${local.environment}.${local.application_data.accounts[local.environment].cloudfront_acm_domain_name}" = { + "mp-${local.application_name}.${local.vpc_name}-${local.environment}.${local.application_data.accounts[local.environment].mp_domain_name}" = { account = "core-vpc" zone_name = "${local.vpc_name}-${local.environment}.modernisation-platform.service.justice.gov.uk." } - "${local.application_data.accounts[local.environment].acm_domain_name}" = { - account = "core-network-services-private" - zone_name = "${local.application_data.accounts[local.environment].acm_domain_name}" - } "${local.application_data.accounts[local.environment].hosted_zone}" = { account = "core-network-services-private" zone_name = "${local.application_data.accounts[local.environment].hosted_zone}" @@ -104,10 +95,6 @@ locals { } prod_validation = { - "${local.application_data.accounts[local.environment].acm_domain_name}" = { - account = "core-network-services" - zone_name = "${local.application_data.accounts[local.environment].acm_domain_name}" - } } validation = local.environment == "production" ? local.prod_validation : local.non_prod_validation diff --git a/terraform/environments/portal/oam_ec2.tf b/terraform/environments/portal/oam_ec2.tf index 60116c19dda..eb132378f8e 100644 --- a/terraform/environments/portal/oam_ec2.tf +++ b/terraform/environments/portal/oam_ec2.tf @@ -19,7 +19,7 @@ do mount_status=$? done -hostnamectl set-hostname ${local.application_name}-oam1-ms.aws.${local.portal_hosted_zone} +hostnamectl set-hostname ${local.application_name}-oam1-ms.${local.portal_hosted_zone} # Setting up CloudWatch Agent mkdir cloudwatch_agent diff --git a/terraform/environments/portal/ohs_ec2.tf b/terraform/environments/portal/ohs_ec2.tf index 849bb1b1f40..9fe31f31412 100644 --- a/terraform/environments/portal/ohs_ec2.tf +++ b/terraform/environments/portal/ohs_ec2.tf @@ -16,7 +16,7 @@ do mount_status=$? done -hostnamectl set-hostname ${local.application_name}-ohs1.aws.${local.portal_hosted_zone} +hostnamectl set-hostname ${local.application_name}-ohs1.${local.portal_hosted_zone} # Setting up CloudWatch Agent mkdir cloudwatch_agent diff --git a/terraform/environments/portal/oim_ec2.tf b/terraform/environments/portal/oim_ec2.tf index 813cc81ef42..3da1568b535 100644 --- a/terraform/environments/portal/oim_ec2.tf +++ b/terraform/environments/portal/oim_ec2.tf @@ -18,7 +18,7 @@ do mount_status=$? done -hostnamectl set-hostname ${local.application_name}-oim1-ms.aws.${local.portal_hosted_zone} +hostnamectl set-hostname ${local.application_name}-oim1-ms.${local.portal_hosted_zone} # Setting up CloudWatch Agent mkdir cloudwatch_agent