From f86c90ac21eeb241116f060119da7121bfafa6b4 Mon Sep 17 00:00:00 2001 From: SahidKhan89 Date: Tue, 2 Apr 2024 12:13:32 +0100 Subject: [PATCH] CC-2437: split validation --- .../ccms-ebs/ccms-certificates.tf | 59 +++++++++++++++++-- .../environments/ccms-ebs/member-locals.tf | 6 +- 2 files changed, 58 insertions(+), 7 deletions(-) diff --git a/terraform/environments/ccms-ebs/ccms-certificates.tf b/terraform/environments/ccms-ebs/ccms-certificates.tf index 5861b040200..819e60fa9c8 100644 --- a/terraform/environments/ccms-ebs/ccms-certificates.tf +++ b/terraform/environments/ccms-ebs/ccms-certificates.tf @@ -41,7 +41,7 @@ resource "aws_acm_certificate" "external-service" { } ## Validation -resource "aws_route53_record" "external_validation" { +resource "aws_route53_record" "external_validation_core_network" { depends_on = [ aws_instance.ec2_oracle_ebs, aws_instance.ec2_ebsapps, @@ -49,15 +49,41 @@ resource "aws_route53_record" "external_validation" { aws_instance.ec2_accessgate ] + provider = aws.core-network-services + + for_each = { + for dvo in local.cert_opts : dvo.domain_name == "modernisation-platform.service.justice.gov.uk" => { + name = dvo.resource_record_name + record = dvo.resource_record_value + type = dvo.resource_record_type + } + } + + allow_overwrite = true + name = each.value.name + records = [each.value.record] + ttl = 60 + type = each.value.type + zone_id = local.cert_zone_id +} + +resource "aws_route53_record" "external_validation_core_vpc" { + depends_on = [ + aws_instance.ec2_oracle_ebs, + aws.instance.ec2_ebsapps, + aws.instance.ec2_webgate, + aws.instance.ec2_accessgate + ] + + provider = aws.core-vpc + for_each = { - for dvo in local.cert_opts : dvo.domain_name => { + for dvo in local.cert_opts : dvo.domain_name != "modernisation-platform.service.justice.gov.uk" => { name = dvo.resource_record_name record = dvo.resource_record_value type = dvo.resource_record_type } } - - provider = local.cert_opts[0].domain_name == "modernisation-platform.service.justice.gov.uk" ? aws.core-network-services : aws.core-vpc allow_overwrite = true name = each.value.name @@ -67,6 +93,31 @@ resource "aws_route53_record" "external_validation" { zone_id = local.cert_zone_id } +# resource "aws_route53_record" "external_validation" { +# depends_on = [ +# aws_instance.ec2_oracle_ebs, +# aws_instance.ec2_ebsapps, +# aws_instance.ec2_webgate, +# aws_instance.ec2_accessgate +# ] + +# provider = aws.core-network-services + +# for_each = { +# for dvo in local.cert_opts : dvo.domain_name => { +# name = dvo.resource_record_name +# record = dvo.resource_record_value +# type = dvo.resource_record_type +# } +# } +# allow_overwrite = true +# name = each.value.name +# records = [each.value.record] +# ttl = 60 +# type = each.value.type +# zone_id = local.cert_zone_id +# } + resource "aws_acm_certificate_validation" "external" { count = local.is-production ? 1 : 1 diff --git a/terraform/environments/ccms-ebs/member-locals.tf b/terraform/environments/ccms-ebs/member-locals.tf index 39468aa4d0e..4ea5bf93650 100644 --- a/terraform/environments/ccms-ebs/member-locals.tf +++ b/terraform/environments/ccms-ebs/member-locals.tf @@ -25,7 +25,7 @@ locals { data.aws_subnet.public_subnets_c.id ] - cert_opts = local.environment == "production" ? aws_acm_certificate.external-service[0].domain_validation_options : aws_acm_certificate.external[0].domain_validation_options - cert_arn = local.environment == "production" ? aws_acm_certificate.external-service[0].arn : aws_acm_certificate.external[0].arn - cert_zone_id = local.environment == "production" ? data.aws_route53_zone.application-zone.zone_id : data.aws_route53_zone.network-services.zone_id + cert_opts = local.environment == "production" ? aws_acm_certificate.external-service[0].domain_validation_options : aws_acm_certificate.external[0].domain_validation_options + cert_arn = local.environment == "production" ? aws_acm_certificate.external-service[0].arn : aws_acm_certificate.external[0].arn + cert_zone_id = local.environment == "production" ? data.aws_route53_zone.application-zone.zone_id : data.aws_route53_zone.network-services.zone_id }