diff --git a/terraform/environments/portal/acm_certificate.tf b/terraform/environments/portal/acm_certificate.tf new file mode 100644 index 00000000000..c6d447dbbf7 --- /dev/null +++ b/terraform/environments/portal/acm_certificate.tf @@ -0,0 +1,51 @@ +resource "aws_acm_certificate" "legalservices_cert" { + domain_name = "${local.application_data.accounts[local.environment].acm_domain_name}" + subject_alternative_names = ["${local.application_data.accounts[local.environment].acm_alt_domain_name}"] + validation_method = "DNS" + + + tags = merge( + local.tags, + { Name = "laa-${local.application_name}-${local.environment}" } + ) + + lifecycle { + create_before_destroy = true + } +} + +resource "aws_route53_record" "external_lb_validation_core_network_services" { + provider = aws.core-network-services + for_each = { + for key, value in local.external_lb_validation_records : key => value if value.zone.provider == "core-network-services" + } + + allow_overwrite = true + name = each.value.name + records = [each.value.record] + ttl = 60 + type = each.value.type + + # NOTE: value.zone is null indicates the validation zone could not be found + # Ensure route53_zones variable contains the given validation zone or + # explicitly provide the zone details in the validation variable. + zone_id = each.value.zone.zone_id + + depends_on = [ + aws_acm_certificate.legalservices_cert + ] +} + + +resource "aws_acm_certificate_validation" "external_lb_certificate_validation" { + count = (length(local.validation_records_external_lb) == 0 || local.external_validation_records_created) ? 1 : 0 + certificate_arn = aws_acm_certificate.legalservices_cert.arn + validation_record_fqdns = [ + for key, value in local.validation_records_external_lb : replace(value.name, "/\\.$/", "") + ] + depends_on = [ + aws_route53_record.external_lb_validation_core_network_services + # aws_route53_record.external_lb_validation_core_vpc, + # aws_route53_record.external_lb_validation_self + ] +} diff --git a/terraform/environments/portal/application_variables.json b/terraform/environments/portal/application_variables.json index d2b615a8e51..519619e6296 100644 --- a/terraform/environments/portal/application_variables.json +++ b/terraform/environments/portal/application_variables.json @@ -33,8 +33,9 @@ "lb_access_logs_existing_bucket_name": "", "url": "s3://laa-portal-development-archive-mp", "maintenance_window_name": "diagnostics-log-archive-poc", - "hosted_zone": "aws.dev.legalservices.gov.uk" - + "hosted_zone": "aws.dev.legalservices.gov.uk", + "acm_domain_name": "dev.legalservices.gov.uk", + "acm_alt_domain_name": "*.dev.legalservices.gov.uk" }, "test": { @@ -53,7 +54,8 @@ "ohs_instance_type": "m5.xlarge", "url": "s3://laa-portal-production-archive-mp", "maintenance_window_name": "diagnostics-log-archive-production", - "hosted_zone": "aws.prd.legalservices.gov.uk" + "hosted_zone": "aws.prd.legalservices.gov.uk", + "acm_domain_name": "legalservices.gov.uk" } } } diff --git a/terraform/environments/portal/data.tf b/terraform/environments/portal/data.tf index 9701d96fdd1..134f3906294 100644 --- a/terraform/environments/portal/data.tf +++ b/terraform/environments/portal/data.tf @@ -1,9 +1,32 @@ data "aws_route53_zone" "portal-dev-private" { + for_each = local.core_network_services_domains_private provider = aws.core-network-services name = "dev.legalservices.gov.uk." private_zone = true } +data "aws_route53_zone" "core_network_services" { + for_each = local.core_network_services_domains + provider = aws.core-network-services + + name = each.value.zone_name + private_zone = false +} + +data "aws_route53_zone" "core_vpc" { + for_each = local.core_vpc_domains + + provider = aws.core-vpc + name = each.value.zone_name + private_zone = false +} + +data "aws_route53_zone" "self" { + for_each = local.self_domains + + name = each.value.zone_name + private_zone = false +} diff --git a/terraform/environments/portal/locals.tf b/terraform/environments/portal/locals.tf index cb59d713641..a45a88a5022 100644 --- a/terraform/environments/portal/locals.tf +++ b/terraform/environments/portal/locals.tf @@ -15,4 +15,90 @@ locals { # Temp local variable for environments where we wish to build out the EBS to be transfered to EFS ebs_conditional = ["testing", "preproduction", "production"] + external_lb_validation_records = { + for dvo in aws_acm_certificate.legalservices_cert.domain_validation_options : dvo.domain_name => { + name = dvo.resource_record_name + record = dvo.resource_record_value + type = dvo.resource_record_type + zone = lookup( + local.route53_zones, + dvo.domain_name, + lookup( + local.route53_zones, + replace(dvo.domain_name, "/^[^.]*./", ""), + lookup( + local.route53_zones, + replace(dvo.domain_name, "/^[^.]*.[^.]*./", ""), + { provider = "external" } + ))) + } + } + + + route53_zones = merge({ + for key, value in data.aws_route53_zone.core_network_services : key => merge(value, { + provider = "core-network-services" + }) + }, { + for key, value in data.aws_route53_zone.core_vpc : key => merge(value, { + provider = "core-vpc" + }) + }, { + for key, value in data.aws_route53_zone.self : key => merge(value, { + provider = "self" + }) + }, { + for key, value in data.aws_route53_zone.portal-dev-private : key => merge(value, { + provider = "core-network-services" + }) + }) + + validation_records_external_lb = { + for key, value in local.external_lb_validation_records : key => { + name = value.name + record = value.record + type = value.type + } if value.zone.provider == "external" + } + + external_validation_records_created = false + + core_network_services_domains = { + for domain, value in local.validation : domain => value if value.account == "core-network-services" + } + core_network_services_domains_private = { + for domain, value in local.validation : domain => value if value.account == "core-network-services-private" + } + core_vpc_domains = { + for domain, value in local.validation : domain => value if value.account == "core-vpc" + } + self_domains = { + for domain, value in local.validation : domain => value if value.account == "self" + } + + non_prod_validation = { + "modernisation-platform.service.justice.gov.uk" = { + account = "core-network-services" + zone_name = "modernisation-platform.service.justice.gov.uk." + } + "${local.application_name}.${var.networking[0].business-unit}-${local.environment}.${local.application_data.accounts[local.environment].acm_domain_name}" = { + account = "core-vpc" + zone_name = "${local.vpc_name}-${local.environment}.modernisation-platform.service.justice.gov.uk." + } + "${local.application_data.accounts[local.environment].acm_domain_name}" = { + account = "core-network-services-private" + zone_name = "${local.application_data.accounts[local.environment].acm_domain_name}" + } + + } + + prod_validation = { + "${local.application_data.accounts[local.environment].acm_domain_name}" = { + account = "core-network-services" + zone_name = "${local.application_data.accounts[local.environment].acm_domain_name}" + } + } + +validation = local.environment == "production" ? local.prod_validation : local.non_prod_validation + } diff --git a/terraform/environments/portal/route53.tf b/terraform/environments/portal/route53.tf index 6cf3fae4f42..d09fa376a3b 100644 --- a/terraform/environments/portal/route53.tf +++ b/terraform/environments/portal/route53.tf @@ -11,8 +11,8 @@ resource "aws_route53_record" "oam_internal" { provider = aws.core-network-services - zone_id = data.aws_route53_zone.portal-dev-private.zone_id - name = "${local.application_name}-oam-internal.aws.${data.aws_route53_zone.portal-dev-private.name}" + zone_id = data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].zone_id + name = "${local.application_name}-oam-internal.aws.${data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].name}" type = "A" alias { @@ -24,8 +24,8 @@ resource "aws_route53_record" "oam_internal" { resource "aws_route53_record" "oam_console" { provider = aws.core-network-services - zone_id = data.aws_route53_zone.portal-dev-private.zone_id - name = "${local.application_name}-oam-console.aws.${data.aws_route53_zone.portal-dev-private.name}" + zone_id = data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].zone_id + name = "${local.application_name}-oam-console.aws.${data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].name}" type = "A" alias { @@ -37,8 +37,8 @@ resource "aws_route53_record" "oam_console" { resource "aws_route53_record" "oam_admin" { provider = aws.core-network-services - zone_id = data.aws_route53_zone.portal-dev-private.zone_id - name = "${local.application_name}-oam-admin.aws.${data.aws_route53_zone.portal-dev-private.name}" + zone_id = data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].zone_id + name = "${local.application_name}-oam-admin.aws.${data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].name}" type = "A" ttl = 60 records = [aws_instance.oam_instance_1.private_ip] @@ -46,8 +46,8 @@ resource "aws_route53_record" "oam_admin" { resource "aws_route53_record" "oam1_nonprod" { provider = aws.core-network-services - zone_id = data.aws_route53_zone.portal-dev-private.zone_id - name = "${local.application_name}-oam1-ms.aws.${data.aws_route53_zone.portal-dev-private.name}" # Correspond to portal-oam1-ms.aws.[env].legalservices.gov.uk + zone_id = data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].zone_id + name = "${local.application_name}-oam1-ms.aws.${data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].name}" # Correspond to portal-oam1-ms.aws.[env].legalservices.gov.uk type = "A" ttl = 60 records = [aws_instance.oam_instance_1.private_ip] @@ -56,8 +56,8 @@ resource "aws_route53_record" "oam1_nonprod" { resource "aws_route53_record" "oam2_prod" { count = contains(["development", "testing"], local.environment) ? 0 : 1 provider = aws.core-network-services - zone_id = data.aws_route53_zone.portal-dev-private.zone_id - name = "${local.application_name}-oam2-ms.aws.${data.aws_route53_zone.portal-dev-private.name}" # Correspond to portal-oam2-ms.aws.[env].legalservices.gov.uk + zone_id = data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].zone_id + name = "${local.application_name}-oam2-ms.aws.${data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].name}" # Correspond to portal-oam2-ms.aws.[env].legalservices.gov.uk type = "A" ttl = 60 records = [aws_instance.oam_instance_2[0].private_ip] @@ -81,8 +81,8 @@ resource "aws_route53_record" "oam2_prod" { resource "aws_route53_record" "oim_internal" { provider = aws.core-network-services - zone_id = data.aws_route53_zone.portal-dev-private.zone_id - name = "${local.application_name}-oim-internal.aws.${data.aws_route53_zone.portal-dev-private.name}" + zone_id = data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].zone_id + name = "${local.application_name}-oim-internal.aws.${data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].name}" type = "A" alias { @@ -94,8 +94,8 @@ resource "aws_route53_record" "oim_internal" { resource "aws_route53_record" "oim_console" { provider = aws.core-network-services - zone_id = data.aws_route53_zone.portal-dev-private.zone_id - name = "${local.application_name}-oim-console.aws.${data.aws_route53_zone.portal-dev-private.name}" + zone_id = data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].zone_id + name = "${local.application_name}-oim-console.aws.${data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].name}" type = "A" alias { @@ -107,8 +107,8 @@ resource "aws_route53_record" "oim_console" { resource "aws_route53_record" "oim_admin" { provider = aws.core-network-services - zone_id = data.aws_route53_zone.portal-dev-private.zone_id - name = "${local.application_name}-oim-admin.aws.${data.aws_route53_zone.portal-dev-private.name}" + zone_id = data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].zone_id + name = "${local.application_name}-oim-admin.aws.${data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].name}" type = "A" ttl = 60 records = [aws_instance.oim_instance_1.private_ip] @@ -116,8 +116,8 @@ resource "aws_route53_record" "oim_admin" { resource "aws_route53_record" "oim1_nonprod" { provider = aws.core-network-services - zone_id = data.aws_route53_zone.portal-dev-private.zone_id - name = "${local.application_name}-oim1-ms.aws.${data.aws_route53_zone.portal-dev-private.name}" # Correspond to portal-oim1-ms.aws.[env].legalservices.gov.uk + zone_id = data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].zone_id + name = "${local.application_name}-oim1-ms.aws.${data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].name}" # Correspond to portal-oim1-ms.aws.[env].legalservices.gov.uk type = "A" ttl = 60 records = [aws_instance.oim_instance_1.private_ip] @@ -126,8 +126,8 @@ resource "aws_route53_record" "oim1_nonprod" { resource "aws_route53_record" "oim2_prod" { count = contains(["development", "testing"], local.environment) ? 0 : 1 provider = aws.core-network-services - zone_id = data.aws_route53_zone.portal-dev-private.zone_id - name = "${local.application_name}-oim2-ms.aws.${data.aws_route53_zone.portal-dev-private.name}" # Correspond to portal-oim2-ms.aws.[env].legalservices.gov.uk + zone_id = data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].zone_id + name = "${local.application_name}-oim2-ms.aws.${data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].name}" # Correspond to portal-oim2-ms.aws.[env].legalservices.gov.uk type = "A" ttl = 60 records = [aws_instance.oim_instance_2[0].private_ip] @@ -135,8 +135,8 @@ resource "aws_route53_record" "oim2_prod" { resource "aws_route53_record" "bip1_nonprod" { provider = aws.core-network-services - zone_id = data.aws_route53_zone.portal-dev-private.zone_id - name = "${local.application_name}-bip1-ms.aws.${data.aws_route53_zone.portal-dev-private.name}" # Correspond to portal-bip1-ms.aws.[env].legalservices.gov.uk + zone_id = data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].zone_id + name = "${local.application_name}-bip1-ms.aws.${data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].name}" # Correspond to portal-bip1-ms.aws.[env].legalservices.gov.uk type = "A" ttl = 60 records = [aws_instance.oim_instance_1.private_ip] @@ -145,8 +145,8 @@ resource "aws_route53_record" "bip1_nonprod" { resource "aws_route53_record" "bip2_prod" { count = contains(["development", "testing"], local.environment) ? 0 : 1 provider = aws.core-network-services - zone_id = data.aws_route53_zone.portal-dev-private.zone_id - name = "${local.application_name}-bip2-ms.aws.${data.aws_route53_zone.portal-dev-private.name}" # Correspond to portal-bip2-ms.aws.[env].legalservices.gov.uk + zone_id = data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].zone_id + name = "${local.application_name}-bip2-ms.aws.${data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].name}" # Correspond to portal-bip2-ms.aws.[env].legalservices.gov.uk type = "A" ttl = 60 records = [aws_instance.oim_instance_2[0].private_ip] @@ -154,8 +154,8 @@ resource "aws_route53_record" "bip2_prod" { resource "aws_route53_record" "soa1_nonprod" { provider = aws.core-network-services - zone_id = data.aws_route53_zone.portal-dev-private.zone_id - name = "${local.application_name}-soa1-ms.aws.${data.aws_route53_zone.portal-dev-private.name}" # Correspond to portal-soa1-ms.aws.[env].legalservices.gov.uk + zone_id = data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].zone_id + name = "${local.application_name}-soa1-ms.aws.${data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].name}" # Correspond to portal-soa1-ms.aws.[env].legalservices.gov.uk type = "A" ttl = 60 records = [aws_instance.oim_instance_1.private_ip] @@ -164,8 +164,8 @@ resource "aws_route53_record" "soa1_nonprod" { resource "aws_route53_record" "soa2_prod" { count = contains(["development", "testing"], local.environment) ? 0 : 1 provider = aws.core-network-services - zone_id = data.aws_route53_zone.portal-dev-private.zone_id - name = "${local.application_name}-soa2-ms.aws.${data.aws_route53_zone.portal-dev-private.name}" # Correspond to portal-soa2-ms.aws.[env].legalservices.gov.uk + zone_id = data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].zone_id + name = "${local.application_name}-soa2-ms.aws.${data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].name}" # Correspond to portal-soa2-ms.aws.[env].legalservices.gov.uk type = "A" ttl = 60 records = [aws_instance.oim_instance_2[0].private_ip] @@ -181,8 +181,21 @@ resource "aws_route53_record" "soa2_prod" { resource "aws_route53_record" "oid_internal" { provider = aws.core-network-services - zone_id = data.aws_route53_zone.portal-dev-private.zone_id - name = "${local.application_name}-oid.aws.${data.aws_route53_zone.portal-dev-private.name}" + zone_id = data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].zone_id + name = "${local.application_name}-oid.aws.${data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].name}" + type = "A" + + alias { + name = aws_elb.idm_lb.dns_name + zone_id = aws_elb.idm_lb.zone_id + evaluate_target_health = true + } +} + +resource "aws_route53_record" "oid_lb" { + provider = aws.core-network-services + zone_id = data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].zone_id + name = "mp-${local.application_name}-oid.aws.${data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].name}" type = "A" alias { @@ -205,8 +218,8 @@ resource "aws_route53_record" "oid_internal" { resource "aws_route53_record" "idm_console" { provider = aws.core-network-services - zone_id = data.aws_route53_zone.portal-dev-private.zone_id - name = "${local.application_name}-idm-console.aws.${data.aws_route53_zone.portal-dev-private.name}" + zone_id = data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].zone_id + name = "${local.application_name}-idm-console.aws.${data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].name}" type = "A" alias { @@ -218,17 +231,19 @@ resource "aws_route53_record" "idm_console" { resource "aws_route53_record" "idm_admin" { provider = aws.core-network-services - zone_id = data.aws_route53_zone.portal-dev-private.zone_id - name = "${local.application_name}-idm-admin.aws.${data.aws_route53_zone.portal-dev-private.name}" + zone_id = data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].zone_id + name = "${local.application_name}-idm-admin.aws.${data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].name}" type = "A" ttl = 60 records = [aws_instance.idm_instance_1.private_ip] } + + resource "aws_route53_record" "ods1_nonprod" { provider = aws.core-network-services - zone_id = data.aws_route53_zone.portal-dev-private.zone_id - name = "${local.application_name}-ods1-ms.aws.${data.aws_route53_zone.portal-dev-private.name}" # Correspond to portal-ods1-ms.aws.[env].legalservices.gov.uk + zone_id = data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].zone_id + name = "${local.application_name}-ods1-ms.aws.${data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].name}" # Correspond to portal-ods1-ms.aws.[env].legalservices.gov.uk type = "A" ttl = 60 records = [aws_instance.idm_instance_1.private_ip] @@ -237,8 +252,8 @@ resource "aws_route53_record" "ods1_nonprod" { resource "aws_route53_record" "ods2_prod" { count = contains(["development", "testing"], local.environment) ? 0 : 1 provider = aws.core-network-services - zone_id = data.aws_route53_zone.portal-dev-private.zone_id - name = "${local.application_name}-ods2-ms.aws.${data.aws_route53_zone.portal-dev-private.name}" # Correspond to portal-ods2-ms.aws.[env].legalservices.gov.uk + zone_id = data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].zone_id + name = "${local.application_name}-ods2-ms.aws.${data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].name}" # Correspond to portal-ods2-ms.aws.[env].legalservices.gov.uk type = "A" ttl = 60 records = [aws_instance.idm_instance_2[0].private_ip] @@ -256,8 +271,8 @@ resource "aws_route53_record" "ods2_prod" { resource "aws_route53_record" "ohs_internal" { provider = aws.core-network-services - zone_id = data.aws_route53_zone.portal-dev-private.zone_id - name = "${local.application_name}-ohs-internal.aws.${data.aws_route53_zone.portal-dev-private.name}" + zone_id = data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].zone_id + name = "${local.application_name}-ohs-internal.aws.${data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].name}" type = "A" alias { @@ -269,8 +284,8 @@ resource "aws_route53_record" "ohs_internal" { resource "aws_route53_record" "ohs1_nonprod" { provider = aws.core-network-services - zone_id = data.aws_route53_zone.portal-dev-private.zone_id - name = "${local.application_name}-ohs1.aws.${data.aws_route53_zone.portal-dev-private.name}" # Correspond to portal-ohs1.aws.[env].legalservices.gov.uk + zone_id = data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].zone_id + name = "${local.application_name}-ohs1.aws.${data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].name}" # Correspond to portal-ohs1.aws.[env].legalservices.gov.uk type = "A" ttl = 60 records = [aws_instance.ohs_instance_1.private_ip] @@ -279,8 +294,8 @@ resource "aws_route53_record" "ohs1_nonprod" { resource "aws_route53_record" "ohs2_prod" { count = contains(["development", "testing"], local.environment) ? 0 : 1 provider = aws.core-network-services - zone_id = data.aws_route53_zone.portal-dev-private.zone_id - name = "${local.application_name}-ohs2.aws.${data.aws_route53_zone.portal-dev-private.name}" # Correspond to portal-ohs2.aws.[env].legalservices.gov.uk + zone_id = data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].zone_id + name = "${local.application_name}-ohs2.aws.${data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].name}" # Correspond to portal-ohs2.aws.[env].legalservices.gov.uk type = "A" ttl = 60 records = [aws_instance.ohs_instance_2[0].private_ip] @@ -296,8 +311,8 @@ resource "aws_route53_record" "ohs2_prod" { resource "aws_route53_record" "iadb" { provider = aws.core-network-services - zone_id = data.aws_route53_zone.portal-dev-private.zone_id - name = "db-portal-iadb.aws.${data.aws_route53_zone.portal-dev-private.name}" # db-portal-iadb.aws.[env].legalservices.gov.uk + zone_id = data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].zone_id + name = "db-portal-iadb.aws.${data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].name}" # db-portal-iadb.aws.[env].legalservices.gov.uk type = "CNAME" ttl = 300 records = [aws_db_instance.appdb2.address] @@ -305,8 +320,8 @@ resource "aws_route53_record" "iadb" { resource "aws_route53_record" "igdb" { provider = aws.core-network-services - zone_id = data.aws_route53_zone.portal-dev-private.zone_id - name = "db-portal-igdb.aws.${data.aws_route53_zone.portal-dev-private.name}" # db-portal-igdb.aws.dev.legalservices.gov.uk + zone_id = data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].zone_id + name = "db-portal-igdb.aws.${data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].name}" # db-portal-igdb.aws.dev.legalservices.gov.uk type = "CNAME" ttl = 300 records = [aws_db_instance.appdb1.address] @@ -327,4 +342,5 @@ resource "aws_route53_record" "ohs_external" { zone_id = aws_lb.external.zone_id evaluate_target_health = true } -} \ No newline at end of file +} +