Skip to content

Commit

Permalink
CC-2437: split validation
Browse files Browse the repository at this point in the history
  • Loading branch information
@SahidKhan89
SahidKhan89 committed Apr 2, 2024
1 parent 8fcca72 commit f86c90a
Show file tree
Hide file tree
Showing 2 changed files with 58 additions and 7 deletions.
59 changes: 55 additions & 4 deletions terraform/environments/ccms-ebs/ccms-certificates.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,23 +41,49 @@ resource "aws_acm_certificate" "external-service" {
}

## Validation
resource "aws_route53_record" "external_validation" {
resource "aws_route53_record" "external_validation_core_network" {
depends_on = [
aws_instance.ec2_oracle_ebs,
aws_instance.ec2_ebsapps,
aws_instance.ec2_webgate,
aws_instance.ec2_accessgate
]

provider = aws.core-network-services

for_each = {
for dvo in local.cert_opts : dvo.domain_name == "modernisation-platform.service.justice.gov.uk" => {
name = dvo.resource_record_name
record = dvo.resource_record_value
type = dvo.resource_record_type
}
}

allow_overwrite = true
name = each.value.name
records = [each.value.record]
ttl = 60
type = each.value.type
zone_id = local.cert_zone_id
}

resource "aws_route53_record" "external_validation_core_vpc" {
depends_on = [
aws_instance.ec2_oracle_ebs,
aws.instance.ec2_ebsapps,
aws.instance.ec2_webgate,
aws.instance.ec2_accessgate
]

provider = aws.core-vpc

for_each = {
for dvo in local.cert_opts : dvo.domain_name => {
for dvo in local.cert_opts : dvo.domain_name != "modernisation-platform.service.justice.gov.uk" => {
name = dvo.resource_record_name
record = dvo.resource_record_value
type = dvo.resource_record_type
}
}

provider = local.cert_opts[0].domain_name == "modernisation-platform.service.justice.gov.uk" ? aws.core-network-services : aws.core-vpc

allow_overwrite = true
name = each.value.name
Expand All @@ -67,6 +93,31 @@ resource "aws_route53_record" "external_validation" {
zone_id = local.cert_zone_id
}

# resource "aws_route53_record" "external_validation" {
# depends_on = [
# aws_instance.ec2_oracle_ebs,
# aws_instance.ec2_ebsapps,
# aws_instance.ec2_webgate,
# aws_instance.ec2_accessgate
# ]

# provider = aws.core-network-services

# for_each = {
# for dvo in local.cert_opts : dvo.domain_name => {
# name = dvo.resource_record_name
# record = dvo.resource_record_value
# type = dvo.resource_record_type
# }
# }
# allow_overwrite = true
# name = each.value.name
# records = [each.value.record]
# ttl = 60
# type = each.value.type
# zone_id = local.cert_zone_id
# }

resource "aws_acm_certificate_validation" "external" {
count = local.is-production ? 1 : 1

Expand Down
6 changes: 3 additions & 3 deletions terraform/environments/ccms-ebs/member-locals.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ locals {
data.aws_subnet.public_subnets_c.id
]

cert_opts = local.environment == "production" ? aws_acm_certificate.external-service[0].domain_validation_options : aws_acm_certificate.external[0].domain_validation_options
cert_arn = local.environment == "production" ? aws_acm_certificate.external-service[0].arn : aws_acm_certificate.external[0].arn
cert_zone_id = local.environment == "production" ? data.aws_route53_zone.application-zone.zone_id : data.aws_route53_zone.network-services.zone_id
cert_opts = local.environment == "production" ? aws_acm_certificate.external-service[0].domain_validation_options : aws_acm_certificate.external[0].domain_validation_options
cert_arn = local.environment == "production" ? aws_acm_certificate.external-service[0].arn : aws_acm_certificate.external[0].arn
cert_zone_id = local.environment == "production" ? data.aws_route53_zone.application-zone.zone_id : data.aws_route53_zone.network-services.zone_id
}

0 comments on commit f86c90a

Please sign in to comment.