Skip to content

Commit

Permalink
Merge pull request #4193 from ministryofjustice/CC-2163
Browse files Browse the repository at this point in the history 
Cc 2163
  • Loading branch information
@SahidKhan89
SahidKhan89 authored Nov 30, 2023
2 parents 4fdaedc + ac5bcf4 commit bbf91ce
Show file tree
Hide file tree
Showing 10 changed files with 1,315 additions and 56 deletions.
8 changes: 4 additions & 4 deletions terraform/environments/ccms-ebs-upgrade/application_variables.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,10 +28,10 @@
"clamav_ami_id": "ami-0965b5afb3ac7174e",
"ebsdb_ami_id": "ami-0d4b266f7ae87bbfc",
"ebsconc_ami_id": "ami-0d4b266f7ae87bbfc",
"ebsapps_ami_id-1": "ami-0d4b266f7ae87bbfc",
"ebsapps_ami_id-2": "ami-0d4b266f7ae87bbfc",
"accessgate_ami_id-1": "ami-0695726199c3e30e5",
"accessgate_ami_id-2": "ami-0695726199c3e30e5",
"ebsapps_ami_id-1": "ami-01dad07213d8573fa",
"ebsapps_ami_id-2": "ami-092cdd881efd12af8",
"accessgate_ami_id-1": "ami-0868b322f8ed469b6",
"accessgate_ami_id-2": "ami-092240a30296e0dc1",
"webgate_ami_id-1": "ami-0e398cd57c81356a7",
"webgate_ami_id-2": "ami-0e398cd57c81356a7",
"restored_db_image": "ami-0df5f31cae1c86635",
Expand Down
115 changes: 64 additions & 51 deletions terraform/environments/ccms-ebs-upgrade/certificates.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,54 +3,67 @@
# *.laa-test.modernisation-platform.service.justice.gov.uk
# *.laa-preproduction.modernisation-platform.service.justice.gov.uk

# resource "aws_acm_certificate" "laa_cert" {
# domain_name = format("%s-%s.modernisation-platform.service.justice.gov.uk", "laa", local.environment)
# validation_method = "DNS"

# subject_alternative_names = [
# format("%s.%s-%s.modernisation-platform.service.justice.gov.uk", "agatedev1-upgrade", var.networking[0].business-unit, local.environment),
# format("%s.%s-%s.modernisation-platform.service.justice.gov.uk", "agatedev2-upgrade", var.networking[0].business-unit, local.environment),
# format("%s.%s-%s.modernisation-platform.service.justice.gov.uk", "ccms-ebs-app1-upgrade", var.networking[0].business-unit, local.environment),
# format("%s.%s-%s.modernisation-platform.service.justice.gov.uk", "ccms-ebs-app2-upgrade", var.networking[0].business-unit, local.environment),
# format("%s.%s-%s.modernisation-platform.service.justice.gov.uk", "ccms-ebs-db-upgrade", var.networking[0].business-unit, local.environment),
# format("%s.%s-%s.modernisation-platform.service.justice.gov.uk", "ccms-ebs-upgrade", var.networking[0].business-unit, local.environment),
# format("%s.%s-%s.modernisation-platform.service.justice.gov.uk", "clamav-upgrade", var.networking[0].business-unit, local.environment),
# format("%s.%s-%s.modernisation-platform.service.justice.gov.uk", "portal-ag-upgrade", var.networking[0].business-unit, local.environment),
# format("%s.%s-%s.modernisation-platform.service.justice.gov.uk", "wgatedev1-upgrade", var.networking[0].business-unit, local.environment),
# format("%s.%s-%s.modernisation-platform.service.justice.gov.uk", "wgatedev2-upgrade", var.networking[0].business-unit, local.environment)
# ]

# tags = merge(local.tags,
# { Name = lower(format("%s-%s-certificate", local.application_name, local.environment)) }
# )

# lifecycle {
# create_before_destroy = true
# }
# }

# resource "aws_acm_certificate_validation" "laa_cert" {
# certificate_arn = aws_acm_certificate.laa_cert.arn
# validation_record_fqdns = [for record in aws_route53_record.laa_cert_validation : record.fqdn]
# timeouts {
# create = "10m"
# }
# }

# resource "aws_route53_record" "laa_cert_validation" {
# provider = aws.core-vpc
# for_each = {
# for dvo in aws_acm_certificate.laa_cert.domain_validation_options : dvo.domain_name => {
# name = dvo.resource_record_name
# record = dvo.resource_record_value
# type = dvo.resource_record_type
# }
# }

# allow_overwrite = true
# name = each.value.name
# records = [each.value.record]
# ttl = 60
# type = each.value.type
# zone_id = data.aws_route53_zone.external.zone_id
# }
resource "aws_acm_certificate" "external" {

validation_method = "DNS"
domain_name = format("%s-%s.modernisation-platform.service.justice.gov.uk", "laa", local.environment)
subject_alternative_names = [
format("%s.%s-%s.modernisation-platform.service.justice.gov.uk", "agatedev1-upgrade", var.networking[0].business-unit, local.environment),
format("%s.%s-%s.modernisation-platform.service.justice.gov.uk", "agatedev2-upgrade", var.networking[0].business-unit, local.environment),
format("%s.%s-%s.modernisation-platform.service.justice.gov.uk", "ccms-ebs-app1-upgrade", var.networking[0].business-unit, local.environment),
format("%s.%s-%s.modernisation-platform.service.justice.gov.uk", "ccms-ebs-app2-upgrade", var.networking[0].business-unit, local.environment),
format("%s.%s-%s.modernisation-platform.service.justice.gov.uk", "ccms-ebs-db-upgrade", var.networking[0].business-unit, local.environment),
format("%s.%s-%s.modernisation-platform.service.justice.gov.uk", "ccms-ebs-upgrade", var.networking[0].business-unit, local.environment),
# format("%s.%s-%s.modernisation-platform.service.justice.gov.uk", "clamav-upgrade", var.networking[0].business-unit, local.environment),
format("%s.%s-%s.modernisation-platform.service.justice.gov.uk", "portal-ag-upgrade", var.networking[0].business-unit, local.environment),
# format("%s.%s-%s.modernisation-platform.service.justice.gov.uk", "wgatedev1-upgrade", var.networking[0].business-unit, local.environment),
# format("%s.%s-%s.modernisation-platform.service.justice.gov.uk", "wgatedev2-upgrade", var.networking[0].business-unit, local.environment)
]

tags = merge(local.tags,
{ Environment = local.environment }
)

lifecycle {
create_before_destroy = true
}
}

## Validation
resource "aws_route53_record" "external_validation" {
depends_on = [
aws_instance.ec2_oracle_ebs,
aws_instance.ec2_ebsapps
]

provider = aws.core-vpc

for_each = {
for dvo in local.cert_opts : dvo.domain_name => {
name = dvo.resource_record_name
record = dvo.resource_record_value
type = dvo.resource_record_type
}
}
allow_overwrite = true
name = each.value.name
records = [each.value.record]
ttl = 60
type = each.value.type
zone_id = local.cert_zone_id
}

resource "aws_acm_certificate_validation" "external" {
count = local.is-production ? 1 : 1

depends_on = [
aws_route53_record.external_validation
]

certificate_arn = local.cert_arn
validation_record_fqdns = [for record in aws_route53_record.external_validation : record.fqdn]

timeouts {
create = "10m"
}
}
Loading

0 comments on commit bbf91ce

Please sign in to comment.