cleanup: destroy quic.ooni.org domain (#56)

We no longer have use for the quic.ooni.org domain. It makes sense to kill it to avoid any unexpected attack planes. --------- Co-authored-by: decfox <[email protected]>
ooni · May 15, 2024 · 7b32154 · 7b32154
1 parent 07b0807
commit 7b32154
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 8 deletions.
diff --git a/tf/environments/prod/dns_records.tf b/tf/environments/prod/dns_records.tf
@@ -302,14 +302,6 @@ resource "aws_route53_record" "prometheus-ooni-org-_CNAME_" {
   zone_id = local.dns_root_zone_ooni_org
 }
 
-resource "aws_route53_record" "quic-ooni-org-_A_" {
-  name    = "quic.ooni.org"
-  records = ["167.99.36.132"]
-  ttl     = "1799"
-  type    = "A"
-  zone_id = local.dns_root_zone_ooni_org
-}
-
 resource "aws_route53_record" "run-ooni-org-_CNAME_" {
   name    = "run.ooni.org"
   records = ["cname.vercel-dns.com"]

diff --git a/tf/modules/cloudhsm/main.tf b/tf/modules/cloudhsm/main.tf
@@ -79,4 +79,9 @@ resource "aws_instance" "codesign_box" {
                 EOF
 
   tags = merge(var.tags, { Name = "codesign-box" })
+
+  // NOTE: remove the ignore_changes rule to deploy 
+  lifecycle {
+    ignore_changes = all
+  }
 }